EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats
94 Risk Score

High Risk

Threat Level: BAJO • Impersonating: Ln.run
  • • Threat: Potential for malicious redirects through shortened links
  • • Target: General internet users
  • • Method: Shortening URLs can mask the true destination
  • • Exfil: N/A - this is the expected function of the site
  • • Indicators: URL shortening service
  • • Risk: LOW - Standard risk associated with URL shortening services

⚠ Risk Factors

  • Brand impersonation of Ln.run on non-official domain
  • Contains 3 credential harvesting form(s)
  • Credential harvesting indicators detected
  • OTP/2FA stealing indicators detected

Visual Capture

No screenshot available

Detection Info

https://vn.run/@pagehelp05
Detected Brand
Ln.run
Country
International
Confidence
100%
HTTP Status
200
Report ID
a0df006e-aa2…
Analyzed
2026-01-04 18:51
Final URL (after redirects)
https://ln.run/blog/best-ad-networks-for-monetized-short-links/?utm_source=vn.run@pagehelp05&utm_medium=referral&utm_campaign=lnnf

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1451362B68804D1BB011780C6FE666F9CF6D0024BDB251F96E0A8C25DB2C6FE5993FD64
CONTENT ssdeep
768:iZB+4Bf81cVqcWGv6uad44c46q44V6qa2aCMavENQR1K2b9QxmzDmpqyPfJPuXap:u244c4R44EBhtnLwCiux0C

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cd5c75b5a1a54c0d
VISUAL aHash
000000ffffffffff
VISUAL dHash
021061435a475e5f
VISUAL wHash
00000080ffffbfff
VISUAL colorHash
070000001c0
VISUAL cropResistant
70610f5b5f465e5f,a68080a8e8e88080,0202001010607101

Code Analysis

Risk Score 94/100
Threat Level BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Potential for malicious redirects through shortened links
• Target: General internet users
• Method: Shortening URLs can mask the true destination
• Exfil: N/A - this is the expected function of the site
• Indicators: URL shortening service
• Risk: LOW - Standard risk associated with URL shortening services

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • base64_strings

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

No screenshot
Ln.run
https://come.ac/Ne2mH/
Jan 07, 2026
 Screenshot
Unknown
https://ln.run/njgL3
Jan 06, 2026
No screenshot
Ln.run
https://vn.run/@pagehelp22
Jan 04, 2026

Scan History for vn.run

Found 2 other scans for this domain