# ledger-app.click — MALICIOUS

> PhishDestroy identifies ledger-app.click as a crypto wallet brand impersonation phishing domain with 7 of 95 VirusTotal detections.

## Summary
PhishDestroy identifies the domain ledger-app.click as an active brand impersonation campaign targeting Ledger wallet users. This domain mimics the official Ledger application interface to deceive victims into entering recovery phrases or private keys under the guise of software updates or account verification. The infrastructure hosts a crypto drainer kit designed to harvest seed phrases and cryptocurrency from compromised wallets upon interaction, consistent with known wallet-brand phishing kits circulating in early 2026.  

This domain resolves to IP address 172.67.129.231 and was registered through Global Domain Group LLC on January 19, 2026, indicating a recent campaign likely launched to capitalize on post-holiday crypto user activity. VirusTotal reports a detection score of 7 out of 95 security vendors, suggesting limited but growing awareness in threat intelligence feeds. The domain operates with a valid SSL certificate issued by Google Trust Services, increasing its perceived legitimacy and bypassing browser warnings. While not yet widely blacklisted, its recent registration and low detection rate suggest an emerging threat with potential to scale rapidly.  

As of the latest assessment, ledger-app.click remains active and unblocked by major browsers and security platforms. In response, users should immediately block the domain at network and endpoint levels and avoid all links referencing it. The elevated risk stems from the combination of Ledger brand credibility, recent registration, and low initial detection, enabling prolonged exposure. Remaining risk includes potential expansion into malvertising, email spam, or social media lures leveraging the same infrastructure. Continuous monitoring and proactive blocking are recommended to prevent wallet compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2026-01-19 17:08:29
- Registrar: Global Domain Group LLC
- IP: 172.67.129.231

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d50dbb30-ed77-4eb4-8475-7622ef8f24b1
- PhishDestroy: https://phishdestroy.io/domain/ledger-app.click/
- LLM endpoint: https://phishdestroy.io/domain/ledger-app.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-app.click/
Last updated: 2026-03-22