# getledgeriq.com — SUSPICIOUS

> PhishDestroy flags getledgeriq.com as an active crypto-drainer impersonating Ledger login pages. SSL on 185.199.110.153—verify all links before clicking.

## Summary
PhishDestroy identifies getledgeriq.com as an active crypto-drainer campaign currently under investigation. The domain masquerades as a legitimate Ledger login portal to trick users into surrendering wallet credentials and authorizing malicious token transfers. Security telemetry confirms the presence of a drainer kit hosted on this infrastructure, which is actively harvesting seed phrases and private keys from victims who enter their recovery phrases on the fake portal.


Technical indicators place this campaign at high risk. The domain resolves to IPv4 address 185.199.110.153 and is served over HTTPS with a Let's Encrypt certificate. It was registered through NAMECHEAP INC on March 18 2026—less than 24 hours prior to this alert—indicating immediate, high-volume deployment. VirusTotal currently shows 0/95 detections, confirming it has evaded most signature-based defenses. The domain has not yet been added to Google Safe Browsing and remains absent from major threat-intel blocklists, amplifying its reach and dwell time.


Status remains ACTIVE with no takedown initiated to date. PhishDestroy continues real-time monitoring and has added the domain, IP, and SSL fingerprint to the internal blocklist. Remaining risk is HIGH due to zero detections, fresh registration, and zero blocklist coverage. Users are advised to verify any Ledger-related link against PhishDestroy’s public portal and to NEVER enter seed phrases on third-party sites.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-18 23:31:08
- Registrar: NAMECHEAP INC
- IP: 185.199.110.153

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/746a2916-0d61-494a-8178-b46570bb2879
- PhishDestroy: https://phishdestroy.io/domain/getledgeriq.com/
- LLM endpoint: https://phishdestroy.io/domain/getledgeriq.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/getledgeriq.com/
Last updated: 2026-03-22