# ledger-com.com — MALICIOUS

> ledger-com.com is a high-risk Ledger impersonation site pushing a crypto drainer. VirusTotal flags 10/95 vendors.

## Summary
PhishDestroy identifies ledger-com.com as an active crypto drainer impersonating the Ledger wallet brand. This domain mimics the official Ledger Chinese-language interface to deceive users into downloading malicious wallet software or entering seed phrases. The threat is categorized as a 'crypto drainer' due to its intent to steal cryptocurrency assets by tricking users into interacting with a fake wallet interface or malware distribution system.  

This domain was flagged by 10 out of 95 security vendors on VirusTotal, indicating moderate detection but persistent malicious activity. It was registered through Dynadot Inc on December 10, 2025, making it a very recently established threat actor resource. The domain resolves to IP address 156.250.67.230 and uses a valid SSL certificate issued by Let's Encrypt, which may help it evade browser-based warnings. While the domain does not yet appear on Google Safe Browsing (GSB) blocklists, it has been reported widely enough to be included in multiple threat intelligence feeds. The age of the domain (just over one month) and its high-risk classification suggest it is part of a coordinated phishing campaign targeting Ledger users.  

As of the latest scan, ledger-com.com remains active and fully operational, serving a fraudulent Ledger wallet page in Chinese. This domain is part of an ongoing campaign, and its continued availability suggests the threat actors are actively evolving their infrastructure. Users are strongly advised to avoid visiting this domain. If you suspect exposure, disconnect devices from the internet, revoke permissions for any connected crypto apps, and use PhishDestroy’s verification tool to confirm the legitimacy of Ledger-related websites. Due to the presence of a crypto drainer and the active nature of the domain, the risk level remains high. Users should treat all non-official Ledger domains with extreme caution and only use verified sources such as the official ledger.com domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Target brand: Ledger
- Page title: ledger官网 - Ledger钱包官网下载|Ledger冷钱包中文版购买入口

## Domain Intelligence
- Registered: 2025-12-10 16:28:07
- Registrar: Dynadot Inc
- IP: 156.250.67.230

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledger-com.com
- PhishDestroy: https://phishdestroy.io/domain/ledger-com.com/
- LLM endpoint: https://phishdestroy.io/domain/ledger-com.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger-com.com/
Last updated: 2026-04-14