# auth-ledger.com — MALICIOUS

> auth-ledger.com is a fraudulent site mimicking Ledger. Avoid interaction; the domain is offline but remains a threat. Stay vigilant and verify URLs.

## Summary
PhishDestroy has identified auth-ledger.com as a medium-risk phishing domain impersonating the Ledger brand. This deceptive site was crafted to mimic Ledger’s official platform, potentially to steal sensitive user information such as login credentials or cryptocurrency wallet details. Users should be cautious as attackers leverage brand trust to lure victims into divulging confidential data.

The domain auth-ledger.com was registered on November 2, 2025, through Dominet (HK) Limited and resolved to the IP address 80.66.87.123. It appeared on multiple security blocklists and was flagged by several security vendors on VirusTotal, indicating its malicious intent. Despite its current offline status, the domain’s previous activity underscores the ongoing risk posed by brand impersonation phishing campaigns targeting cryptocurrency users.

Users are strongly advised to only access Ledger services through the official website and avoid clicking on links from unsolicited emails or messages claiming to be from Ledger. Always verify domain names carefully and use trusted security software to detect phishing attempts. If users suspect they have interacted with auth-ledger.com, they should immediately update their credentials and monitor their accounts for suspicious activity.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2025-11-02 00:00:00
- Expires: 2026-11-02 00:00:00
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 80.66.87.123
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS216127 INTERNATIONAL HOSTING COMPANY LIMITED
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 6 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Gridinsoft", "Seclookup", "SOCRadar", "ThreatHive"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b5fd7-0205-775e-8002-d70c128845f8.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/2e26ad40-a658-4cb0-882a-355760d24dfe
- PhishDestroy: https://phishdestroy.io/domain/auth-ledger.com/
- LLM endpoint: https://phishdestroy.io/domain/auth-ledger.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth-ledger.com/
Last updated: 2026-03-19