ledger-clear-signing.com

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 147.45.126.50, located in Russian Federation and belongs to GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB. The main domain is ledger-clear-signing.com.
TLS certificate: Issued by R11 on November 17th 2024. Valid for: 3 months.

This is the only time ledger-clear-signing.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ledger (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
3	147.45.126.50 147.45.126.50	215540 (GCS-AS GL...) (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP)
1 2	2606:4700::68... 2606:4700::6812:14c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	3

3 147.45.126.50 (Russian Federation)

ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB)
PTR: 43774.ip-ptr.tech

ledger-clear-signing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:14c4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.ledger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ledger-wp-website-s3-prd.ledger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ledger-clear-signing.com ledger-clear-signing.com	878 KB
2	ledger.com 1 redirects www.ledger.com — Cisco Umbrella Rank: 51810 ledger-wp-website-s3-prd.ledger.com — Cisco Umbrella Rank: 601869	7 KB
4	2

	Domain	Requested by
3	ledger-clear-signing.com	ledger-clear-signing.com
1	ledger-wp-website-s3-prd.ledger.com	ledger-clear-signing.com
1	www.ledger.com	1 redirects
4	3

This site contains links to these domains. Also see Links.

Domain
developers.ledger.com
www.ledger.com
shop.ledger.com

Subject Issuer	Validity	Valid
ledger-clear-signing.com R11	`2024-11-17` - `2025-02-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ledger-clear-signing.com/
Frame ID: E063441CA8AC4FAC7DE6297FB5F70B83
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

884 kB
Transfer

1170 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://developers.ledger.com/

Search URL Search Domain Scan URL

URL: https://www.ledger.com/

Search URL Search Domain Scan URL

URL: https://shop.ledger.com/pages/terms-and-conditions
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.ledger.com/privacy-policy
Title: Ledger's privacy policy

Search URL Search Domain Scan URL

URL: https://shop.ledger.com/pages/cookie-policy
Title: Cookie statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.ledger.com/wp-content/uploads/2023/03/Recover-X-coincover.png HTTP 301
https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png

4 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ledger-clear-signing.com/	20 KB 6 KB	2244ms 106ms	Document text/html	147.45.126.50 GCS-AS GLOBAL CON...
General Check archive.org Show headers Download Go to Full URL https://ledger-clear-signing.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB), Reverse DNS 43774.ip-ptr.tech Software nginx / PleskLin Resource Hash `27ffbaac81291ffbeab22e3c03968c2090d7171380c3be7dab2ee6a0a865a5ea` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers content-encoding br content-type text/html date Sun, 17 Nov 2024 22:59:59 GMT etag W/"670d465c-51b7" last-modified Mon, 14 Oct 2024 16:27:08 GMT server nginx x-powered-by PleskLin
GET H2	200	all.css ledger-clear-signing.com/assets/	515 KB 244 KB	200ms 199ms	Stylesheet text/css	147.45.126.50 GCS-AS GLOBAL CON...
General Check archive.org Show headers Download Go to Full URL https://ledger-clear-signing.com/assets/all.css Requested by Host: ledger-clear-signing.com URL: https://ledger-clear-signing.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB), Reverse DNS 43774.ip-ptr.tech Software nginx / PleskLin Resource Hash `f85b1788c5491b8106eb14d98d71cde93d2583d3f04a709bdcb810d23f9d36c3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ledger-clear-signing.com/ Response headers content-encoding br date Sun, 17 Nov 2024 22:59:59 GMT etag W/"65dc65fe-80c7a" content-type text/css last-modified Mon, 26 Feb 2024 10:20:46 GMT server nginx x-powered-by PleskLin
GET H2	200	Recover-X-coincover.png ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/ Redirect Chain https://www.ledger.com/wp-content/uploads/2023/03/Recover-X-coincover.png https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png	6 KB 6 KB	65ms 53ms	Image image/webp	2606:4700::6812:14c4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png Requested by Host: ledger-clear-signing.com URL: https://ledger-clear-signing.com/ Protocol H2 Server 2606:4700::6812:14c4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c3fa3bed7b6ad01f1e21e09e957b87a1b7b5558c5434aa7224e6800c8af14492` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-bgj imgq:100,h2pri etag "5eeea311b3bcfb87b05a632241a30e3e" x-amz-version-id _j_wEYUGgS49fUQ9Q9QMKfp4QaOV79If cf-cache-status HIT age 33125 expires Mon, 18 Nov 2024 03:00:00 GMT cf-polished origFmt=png, origSize=14352 date Sun, 17 Nov 2024 23:00:00 GMT content-type image/webp content-disposition inline; filename="Recover-X-coincover.webp" vary Accept last-modified Mon, 04 Mar 2024 10:02:34 GMT x-amz-id-2 yaZwlg6+IP5cohFSMTrhHsIJmrVevN6HMCIjUZrO2GpsY3ufL/PQ2tLC1yalNPVsFSOTIyS8itE= x-amz-replication-status COMPLETED cache-control public, max-age=14400 x-amz-request-id E5SS9JT9A4XW1X15 cf-ray 8e43559ca8979bbc-FRA accept-ranges bytes content-length 5778 server cloudflare x-amz-server-side-encryption AES256 Redirect headers access-control-max-age 1728000 cf-cache-status HIT age 19397 access-control-allow-methods GET, PUT, POST, DELETE, PATCH, OPTIONS expires Mon, 18 Nov 2024 03:00:00 GMT date Sun, 17 Nov 2024 23:00:00 GMT content-type text/html vary Accept-Encoding access-control-allow-headers DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=14400 location https://ledger-wp-website-s3-prd.ledger.com/uploads/2023/03/Recover-X-coincover.png access-control-allow-credentials true cf-ray 8e43559c384f9bbc-FRA access-control-allow-origin * server cloudflare
GET H2	200	rcv.png ledger-clear-signing.com/assets/	627 KB 628 KB	67ms 66ms	Image image/png	147.45.126.50 GCS-AS GLOBAL CON...
General Check archive.org Show headers Download Go to Show image Full URL https://ledger-clear-signing.com/assets/rcv.png Requested by Host: ledger-clear-signing.com URL: https://ledger-clear-signing.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.45.126.50 , Russian Federation, ASN215540 (GCS-AS GLOBAL CONNECTIVITY SOLUTIONS LLP, GB), Reverse DNS 43774.ip-ptr.tech Software nginx / PleskLin Resource Hash `3897ab7614a8854eec84bd75838fa6e257b4d59f8af84c911ab8cf174b39b19a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers etag "65dc6cbc-9caf1" accept-ranges bytes content-length 641777 date Sun, 17 Nov 2024 22:59:59 GMT content-type image/png last-modified Mon, 26 Feb 2024 10:49:32 GMT server nginx x-powered-by PleskLin
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `24859811f0d8052e5979a146e00930a379b14745e480f40b20f1d9ccd79b99e0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ledger (Crypto Exchange)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ledger.com/	1970-01-21 01:04:46	Name: __cf_bm Value: dC5LBoho9mih5xloSWAlppNmNGV5oz.nj5VhkmkaY.g-1731884400-1.0.1.1-u00cD1uij9chzd_ayeP9.rUdaXzrcd3gVn76OX17ZoBlAHRfBgwOHmyxbOWYnCdVf6JJHX8sEnY1Avvk3cO.aw

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ledger-clear-signing.com
ledger-wp-website-s3-prd.ledger.com
www.ledger.com
147.45.126.50
2606:4700::6812:14c4
24859811f0d8052e5979a146e00930a379b14745e480f40b20f1d9ccd79b99e0
27ffbaac81291ffbeab22e3c03968c2090d7171380c3be7dab2ee6a0a865a5ea
3897ab7614a8854eec84bd75838fa6e257b4d59f8af84c911ab8cf174b39b19a
c3fa3bed7b6ad01f1e21e09e957b87a1b7b5558c5434aa7224e6800c8af14492
f85b1788c5491b8106eb14d98d71cde93d2583d3f04a709bdcb810d23f9d36c3

ledger-clear-signing.com Open in urlscan Pro 147.45.126.50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

4 Requests

75 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

884 kBTransfer

1170 kBSize

1 Cookies

5 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

ledger-clear-signing.com Open in urlscan Pro
147.45.126.50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

884 kB
Transfer

1170 kB
Size

1
Cookies

4 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!