# 847312-ledger.com — MALICIOUS

> 847312-ledger.com impersonates Ledger in a phishing attempt. Domain now offline. Stay vigilant, verify URLs before sharing sensitive info.

## Summary
PhishDestroy identifies 847312-ledger.com as a medium-risk phishing domain impersonating the Ledger brand. The site attempted to deceive users by mimicking Ledger's identity while featuring a page titled "Recovery - Sign In | Coinbase," likely to confuse victims into submitting sensitive credentials. The domain was registered recently on March 12, 2026, raising suspicion about its legitimacy.

Technical analysis reveals the domain was registered through Name.com, Inc. and appeared on two separate security blocklists. VirusTotal flagged the domain with detections from 9 out of 95 security vendors, further supporting its malicious intent. The combination of brand impersonation and phishing content indicates a targeted effort to exploit cryptocurrency users.

Currently, 847312-ledger.com is offline and no longer accessible, reducing immediate risk. PhishDestroy recommends users remain cautious by verifying domain authenticity before entering any credentials, especially for financial or crypto-related services. Organizations should continue monitoring for similar brand impersonation attempts and update security filters accordingly.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Ledger
- Page title: Recovery - Sign In | Coinbase

## Domain Intelligence
- Registered: 2026-03-12 13:07:01
- Registrar: Name.com, Inc.
- Country: US
- Nameservers: ["ns1.vercel-dns.com", "ns2.vercel-dns.com"]
- SSL Issuer: R12

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce592-593a-74bd-a192-e0e6c23b5036.png
- PhishDestroy: https://phishdestroy.io/domain/847312-ledger.com/
- LLM endpoint: https://phishdestroy.io/domain/847312-ledger.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/847312-ledger.com/
Last updated: 2026-03-19