# get-ledgr.zapier.app — SUSPICIOUS

> Beware of get-ledgr.zapier.app impersonating Ledger. This phishing site is offline but showed brand fraud risks. Avoid interaction and stay vigilant.

## Summary
PhishDestroy identifies get-ledgr.zapier.app as a brand impersonation phishing domain targeting Ledger users, currently classified with an under_investigation risk level. This domain was used to mimic the legitimate Ledger Live® Desktop platform with the goal of deceiving victims into divulging sensitive information.

Supporting intelligence indicates the domain was created recently on March 12, 2026, registered via Name.com, Inc., and resolved to IP 64.239.123.1. Although VirusTotal scans show zero detections, the domain appeared on one security blocklist, signaling suspicion. The use of a Zapier subdomain and slight misspelling of “Ledger” as “ledgr” hint at attempts to evade detection. The page title mirrored the authentic Ledger branding to enhance credibility.

At present, the domain is taken offline, limiting immediate risk. Users should remain cautious of similar constructs exploiting trusted brands. PhishDestroy recommends blocking this domain at network and endpoint levels and monitoring for related phishing attempts. The investigation continues to determine if this campaign has broader infrastructure or associated indicators of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 404)
- Target brand: Ledger
- Page title: Ledger Live®® Desktop

## Domain Intelligence
- Registered: 2026-03-12 09:07:01
- Registrar: Name.com, Inc.
- Country: US
- IP: 64.239.123.1
- IP Country: US
- IP City: Walnut
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["ns1.vercel-dns.com", "ns2.vercel-dns.com"]
- SSL Issuer: Let's Encrypt / R12

## Detection Status
- VirusTotal: 0 vendors flagged
  Vendors: []
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce645-43d1-768c-a8da-fcee7b6d91a4.png
- PhishDestroy: https://phishdestroy.io/domain/get-ledgr.zapier.app/
- LLM endpoint: https://phishdestroy.io/domain/get-ledgr.zapier.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/get-ledgr.zapier.app/
Last updated: 2026-03-19