# bitcoin-ledger-recoveryx.org — SUSPICIOUS

> Ledger brand impersonation domain bitcoin-ledger-recoveryx.org pushes a malicious wallet recovery scam.

## Summary
bitcoin-ledger-recoveryx.org is a brand-impersonation domain targeting Ledger users to harvest seed phrases and drain cryptocurrency wallets. The site masquerades as an official Ledger wallet recovery portal, attempting to trick victims into entering their 24-word recovery phrases under the guise of restoring lost access to their crypto funds. No advanced drainer kit was observed in sandbox analysis; instead the threat relies on classic social engineering to obtain plaintext recovery phrases.

Technical indicators confirm this domain as malicious: only 1 out of 95 VirusTotal security vendors detected it at the time of analysis, it was registered via Internet Domain Service BS Corp, resolves to IP 104.21.17.134, and obtained an SSL certificate from Let’s Encrypt. The domain was created on February 17, 2026, is flagged by Google Safe Browsing, and appears on 2 additional blocklists.

As of the latest scan, the domain remains active despite blocks from SEAL and MetaMask. PhishDestroy assesses the risk as elevated due to the high potential for irreversible cryptocurrency loss if users enter their seed phrases. Users should not interact with the site, block the domain locally, and report it through their browser’s phishing page reporting mechanism to browser vendors and threat intelligence platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2026-02-17 21:12:27
- Registrar: Internet Domain Service BS Corp
- IP: 104.21.17.134

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/cfdd7269-5a48-4baf-b912-cb084f873569
- PhishDestroy: https://phishdestroy.io/domain/bitcoin-ledger-recoveryx.org/
- LLM endpoint: https://phishdestroy.io/domain/bitcoin-ledger-recoveryx.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/bitcoin-ledger-recoveryx.org/
Last updated: 2026-03-29