Security Scan Report: m--start-ledgre-oauth.webflow.io

Submitted: Nov 16, 2025, 2:09:09 AMCompleted: Nov 16, 2025, 2:10:02 AMpubliccompleted
Loading additional data...

Summary

This website contacted 12 IPs in 0 countries across 3 domains to perform 6 HTTP transactions. The main domain is m--start-ledgre-oauth.webflow.io.

Submitted URL: https://m--start-ledgre-oauth.webflow.io/

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Impersonates Ledger on an unranked Webflow domain; high‑risk phishing site.

Risk Factors
Brand impersonation of Ledger
Unranked / low‑reputation domain
Likely newly registered domain
Misleading page title mimicking official site
Suspicious subdomain (webflow.io) used for brand spoofing
Domain age information unavailable

Details

Page Title

Official Site® | Ledger.com/Start® - Getting started

Scan Type

public

Language

🇺🇸

English

(67% confidence)

Category

finance banking

(65%)

Domain Information

The domain name 'm--start-ledgre-oauth.webflow.io' uses the British Indian Ocean Territory country-code top-level domain (.io); it also runs on subdomain 'm--start-ledgre-oauth'. The second-level label 'webflow' is 7 characters long holding two vowels versus five consonants. Word splitting yields two words: web, flow. The median word length lands at 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://m--start-ledgre-oauth.webflow.io/

Page Load Overview

1.86s
Total Load Time
6
HTTP Requests
3
Domains
417 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:67%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:67%
Script Type:Latin
Text Length:52 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking65% confidence
Type: static
Method: ml+structural

All Detected Categories

finance banking
65%
news media journalism
57%
government public service
38%
healthcare medical
28%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
6104.18.160.117UnknownUnknown
0104.18.161.117UnknownUnknown
013.226.247.18UnknownUnknown
0172.64.151.8UnknownUnknown
013.226.247.220UnknownUnknown
02a06:98c1:3100::6812:24f8UnknownUnknown
02606:4700:440c::ac40:9708UnknownUnknown
013.226.247.67UnknownUnknown
013.226.247.129UnknownUnknown
02606:4700::6812:a075UnknownUnknown
612--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T14E41F113D814804F56AA4BF8EE94B48DC7CA805EDFD0D84095D4D04E73A9F868875EE5

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

48:GVYlB8vVPziLgnC4iGba2o+F+urJ27BRAt4S1QWzJ8:GVYGVPziLTw/rJ2VRAt4wQyJ8

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:2220:QBCAAgEAgAAACQoIQQAAACACAUBBoBCAQQAAAFgYQCACAAAAAIQCACAACAIBAgAAAFgAwgAgCAAgAAUCAAABAFIUEAIAAABg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:01ff99f0f0f0b0ff
Perceptual Hash:eeb5916a342c691b
Difference Hash:c3c8536565616198
Wavelet Hash:00ff9190f0f0b0ff
Color Hash:#8ebf40

Scan History

Scan history not available

Unable to load historical scan data