appe-ledgar.com Open in urlscan Pro
8.209.81.37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app-liadger.tech/
Effective URL:
https://appe-ledgar.com/
Submission: On June 04 via manual (June 4th 2023, 6:10:38 pm UTC) from DE — Scanned from DE

Summary HTTP 4 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 8.209.81.37, located in Frankfurt am Main, Germany and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is appe-ledgar.com.
TLS certificate: Issued by R3 on May 30th 2023. Valid for: 3 months.

This is the only time appe-ledgar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ledger (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	185.105.110.5 185.105.110.5	210079 (EUROBYTE ...) (EUROBYTE Eurobyte LLC)
4	8.209.81.37 8.209.81.37	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
4	2

1 185.105.110.5 (Russian Federation) 1 redirects

ASN210079 (EUROBYTE Eurobyte LLC, RU)
PTR: isp102.mchost.ru

app-liadger.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 8.209.81.37 (Frankfurt am Main, Germany)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

appe-ledgar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	appe-ledgar.com appe-ledgar.com	201 KB
1	app-liadger.tech 1 redirects app-liadger.tech	205 B
4	2

	Domain	Requested by
4	appe-ledgar.com	appe-ledgar.com
1	app-liadger.tech	1 redirects
4	2

This site contains links to these domains. Also see Links.

Domain
ledgeer-login.com

Subject Issuer	Validity	Valid
appe-ledgar.com R3	`2023-05-30` - `2023-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://appe-ledgar.com/
Frame ID: F6E4C4DE8B5A701EC1D2F9F9A92429E3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ledger Live Web

Page URL History Show full URLs

http://app-liadger.tech/ HTTP 301
https://appe-ledgar.com/ Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

246 kB
Transfer

3746 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://ledgeer-login.com/images/onboardvideo.mp4

Search URL Search Domain Scan URL

URL: https://ledgeer-login.com/images/step2.qt

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app-liadger.tech/ HTTP 301
https://appe-ledgar.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response appe-ledgar.com/ Redirect Chain http://app-liadger.tech/ https://appe-ledgar.com/	221 KB 164 KB	598ms 58ms	Document text/html	8.209.81.37 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://appe-ledgar.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 8.209.81.37 Frankfurt am Main, Germany, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.20.2 / Resource Hash `8348db042c60679449e75ff57793ef1bc2d7c4b875ed3dad30299d3210eb2a29` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Sun, 04 Jun 2023 18:10:33 GMT Server nginx/1.20.2 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Connection keep-alive Content-Type text/html Date Sun, 04 Jun 2023 18:10:33 GMT Location https://appe-ledgar.com Server nginx/1.14.1 Transfer-Encoding chunked
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `088d1bf639f9a9e3f2ca38cf1ea4c88002c79d6f3e4706868aa3d9f27208109f` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	729 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d183a396704dce3ca0bdebee7969912b0018b0cb6c2ae121e2f945267194e1d1` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	9 KB 9 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5` Request headers Referer Origin https://appe-ledgar.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	37 KB 37 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34` Request headers Referer Origin https://appe-ledgar.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Response headers Content-Type font/woff2
GET H/1.1	206 Partial Content	onboardvideo.mp4 appe-ledgar.com/img/	128 KB 0	39ms 39ms	Media video/mp4	8.209.81.37 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://appe-ledgar.com/img/onboardvideo.mp4 Requested by Host: appe-ledgar.com URL: https://appe-ledgar.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 8.209.81.37 Frankfurt am Main, Germany, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.20.2 / Resource Hash Request headers Referer https://appe-ledgar.com/ Accept-Encoding identity;q=1, ;q=0 accept-language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Range bytes=0- Response headers Date Sun, 04 Jun 2023 18:10:33 GMT Last-Modified Tue, 30 May 2023 11:00:29 GMT Server nginx/1.20.2 ETag "359285-5fce71c884a32" Content-Type video/mp4 Content-Range bytes 0-3510916/3510917 Connection keep-alive Accept-Ranges bytes Content-Length 3510917
GET H/1.1	206 Partial Content	onboardvideo.mp4 appe-ledgar.com/img/	37 KB 37 KB	381ms 67ms	Media video/mp4	8.209.81.37 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://appe-ledgar.com/img/onboardvideo.mp4 Requested by Host: appe-ledgar.com URL: https://appe-ledgar.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 8.209.81.37 Frankfurt am Main, Germany, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.20.2 / Resource Hash `c39d4cb55bfcc647dff0043e19abba4af117c63428b0928afd101bb17d64b0fe` Request headers Referer https://appe-ledgar.com/ Accept-Encoding identity;q=1, ;q=0 accept-language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Range bytes=3473408- Response headers Date Sun, 04 Jun 2023 18:10:34 GMT Last-Modified Tue, 30 May 2023 11:00:29 GMT Server nginx/1.20.2 ETag "359285-5fce71c884a32" Content-Type video/mp4 Content-Range bytes 3473408-3510916/3510917 Connection keep-alive Accept-Ranges bytes Content-Length 37509
GET H/1.1	206 Partial Content	onboardvideo.mp4 appe-ledgar.com/img/	3 MB 0	46ms 46ms	Media video/mp4	8.209.81.37 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://appe-ledgar.com/img/onboardvideo.mp4 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 8.209.81.37 Frankfurt am Main, Germany, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.20.2 / Resource Hash Request headers Referer https://appe-ledgar.com/ Accept-Encoding identity;q=1, ;q=0 accept-language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36 Range bytes=98304- Response headers Date Sun, 04 Jun 2023 18:10:34 GMT Last-Modified Tue, 30 May 2023 11:00:29 GMT Server nginx/1.20.2 ETag "359285-5fce71c884a32" Content-Type video/mp4 Content-Range bytes 98304-3510916/3510917 Connection keep-alive Accept-Ranges bytes Content-Length 3412613

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ledger (Crypto Exchange)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| openlink

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-liadger.tech
appe-ledgar.com
185.105.110.5
8.209.81.37
088d1bf639f9a9e3f2ca38cf1ea4c88002c79d6f3e4706868aa3d9f27208109f
13c19ec8ecbdb0854e61b191ea4f6a9820760381bf6ce39d4e18193a4b808ca5
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34
8348db042c60679449e75ff57793ef1bc2d7c4b875ed3dad30299d3210eb2a29
c39d4cb55bfcc647dff0043e19abba4af117c63428b0928afd101bb17d64b0fe
d183a396704dce3ca0bdebee7969912b0018b0cb6c2ae121e2f945267194e1d1

appe-ledgar.com Open in urlscan Pro 8.209.81.37 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

246 kBTransfer

3746 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

appe-ledgar.com Open in urlscan Pro
8.209.81.37 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

246 kB
Transfer

3746 kB
Size

0
Cookies

4 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!