# leddger.co.com — SUSPICIOUS > PhishDestroy identifies leddger.co.com as a fake Ledger wallet phishing site. 1 of 95 security vendors flagged this domain. Check the full report. ## Summary PhishDestroy identifies leddger.co.com as a targeted phishing domain designed to impersonate the official Ledger cryptocurrency wallet login portal, aiming to harvest user credentials and seed phrases under the guise of a ‘security update’ or account verification process. This domain leverages homograph deception by incorporating visually similar characters and misspellings (e.g., ‘ledger’ with an extra ‘d’), exploiting users’ trust in well-known brands. The site presents a near-identical replica of the authentic Ledger login interface, complete with fabricated security banners and SSL encryption (via Let’s Encrypt), to bypass browser warnings and instill false legitimacy. Technical analysis reveals the domain resolves to IP 81.91.178.50, a hosting infrastructure historically associated with cryptocurrency-related phishing campaigns, and exhibits rapid domain rotation—a hallmark of evasion tactics used by adversaries to prolong operational uptime. This domain was flagged by 1 out of 95 VirusTotal security vendors at the time of analysis, indicating limited but critical detection coverage. The domain was registered recently, with a creation date aligning with the surge in Ledger-themed phishing operations targeting the crypto community. While blocklist counts remain low due to its novelty, the presence of SSL certification and the absence of takedown actions highlight its active operational status. PhishDestroy assesses this domain as posing an elevated risk, particularly to users seeking to access Ledger services or manage digital assets, due to the high potential for credential compromise and financial loss. Users who visited leddger.co.com should immediately cease interaction with the site and assume their credentials or sensitive data may have been exposed. Revoke any entered seed phrases or passwords via the official Ledger platform, and enable two-factor authentication (2FA) on all related accounts. Scan devices for malware using reputable antivirus tools, as credential-stealing trojans are frequently distributed through such phishing lures. Report the domain to your email provider, browser security teams, and platforms like PhishDestroy to aid in proactive blocking. Avoid reusing passwords across services, and consider transferring assets to cold storage wallets until the threat is neutralized. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 81.91.178.50 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/129b9470-e13f-4033-82c1-bd6c13c4dfa8 - PhishDestroy: https://phishdestroy.io/domain/leddger.co.com/ - LLM endpoint: https://phishdestroy.io/domain/leddger.co.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/leddger.co.com/ Last updated: 2026-03-22