Security Scan Report: bee-apps.s3.us-east-2.amazonaws.com

Redirected to:
https://ledger-recovery-seeds.com/
Submitted: Jan 5, 2026, 12:48:20 PMCompleted: Jan 5, 2026, 12:49:35 PMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 1 country across 3 domains to perform 24 HTTP transactions. The main domain is ledger-recovery-seeds.com and was registered NaN years ago.

Submitted URL: https://bee-apps.s3.us-east-2.amazonaws.com/signrecover.html

Effective URL: https://ledger-recovery-seeds.com/Redirected

The Cisco Umbrella rank of the primary domain is #21 of the top 1 million websitesTop 100 Site

AI Security Verdict

High Risk

Confidence: 92%

10
Risk Score

High‑risk phishing site impersonating Ledger; do not trust or provide any information.

Risk Factors
Brand impersonation of Ledger on an unusual, newly‑registered domain
Critical domain age (<7 days) increases suspicion
Lack of legitimate content (only Cloudflare challenge) suggests hidden malicious intent
Domain age information unavailable

Details

Primary Scan Blocked — Fallback Capture Shown

The primary scanner could not load this page (possible bot protection). The screenshot and page details shown were captured by a fallback browser that loaded the page successfully.

Page Title

Just a moment...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(65%)

Domain Information

Domain 'bee-apps.s3.us-east-2.amazonaws.com' uses the commercial generic top-level domain (.com), featuring subdomain 'bee-apps.s3.us-east-2'. Count 9 characters in 'amazonaws' split between 4 vowels and five consonants. Word splitting yields 3 words: amazon, aw, s. Median word length comes out to 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://bee-apps.s3.us-east-2.amazonaws.com/signrecover.html

Page Load Overview

4.40s
Total Load Time
11
HTTP Requests
3
Domains
0 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en-US
Text Length:368 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software65% confidence
Type: static
Method: ml+structural

All Detected Categories

technology software
65%
documentation technical
40%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
3104.21.38.91United States
AS13335CLOUDFLARENET
23.5.132.181United States
252.219.177.130United StatesUnknown
2104.18.94.41United States
AS13335CLOUDFLARENET
2104.18.95.41United States
AS13335CLOUDFLARENET
115--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C7824A379546101B72374FE77129F6544120F288E70292AEF9B3AF5887C9A1F1A633EC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:ha+T89yIPl2boVmJkEqnwEB7FCHWPbT+f/VA7I4r3JXg3exhaXWTFyPXTf:4+4cq4brJkxnwPkI49wuxhaXWib

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:18250:bypCiU3QIYgkQMEOi1ikWQMbKQBDQNBkAzQig4JhSQRZBSQiEsKEXY5ACCwwAUqXBk+CRqpTA10UpBp1iEJQSACaGQRBiqcE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:c7c3c3ffffffffe7
Perceptual Hash:b2303288c7cdcfcd
Difference Hash:080c04000000000c
Wavelet Hash:fcc0c0fc3c3c3c00
Color Hash:#bf40aa

Other Hashes

Crop Resistant:080c04000000000c

Scan History

Scan history not available

Unable to load historical scan data