# ledger-online.com — MALICIOUS > PhishDestroy identifies ledger-online.com as a fraudulent Ledger wallet clone stealing crypto. This domain, created January 14, 2026, fools users with a Let's. ## Summary PhishDestroy identifies ledger-online.com as an elevated-risk domain engaged in brand impersonation of Ledger, a leading cryptocurrency wallet provider. This malicious site specifically targets Ledger users by mimicking the official 'Ledger Live' or online wallet interface to harvest sensitive credentials and cryptocurrency funds. The threat is immediate and financially motivated, designed to trick victims into disclosing seed phrases, private keys, or login credentials under the false pretense of account verification or balance checks. This domain was flagged by 15 out of 95 VirusTotal security vendors and appears on the OISD blocklist, indicating confirmed malicious activity. It resolves to IP address 188.114.96.3 and was registered through Hello Internet Corp on January 14, 2026. The site uses a valid Let's Encrypt SSL certificate, which may further deceive users into believing it is legitimate. Despite its newness, the domain has already gained attention from security researchers and blocklists due to its aggressive impersonation tactics. The risk is elevated due to the combination of recent creation, active malicious hosting, and the high stakes of cryptocurrency theft. To mitigate exposure to this threat, users should immediately block ledger-online.com on all devices and networks. Never enter Ledger login credentials, seed phrases, or private keys into any site other than the official ledger.com domain. Verify URLs carefully—official Ledger domains include ledger.com and ledger-live.com. If you have visited this site, disconnect from the internet, run a malware scan, and revoke any session tokens or credentials entered. Report the domain to your antivirus vendor and relevant blocklists such as OISD to protect others. Exercise extreme caution with any unsolicited emails or ads referencing Ledger, especially those promoting 'online wallets' or 'account recovery' portals. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registered: 2026-01-14 18:10:20 - Registrar: Hello Internet Corp - IP: 188.114.96.3 ## Detection Status - VirusTotal: 15 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ledger-online.com - PhishDestroy: https://phishdestroy.io/domain/ledger-online.com/ - LLM endpoint: https://phishdestroy.io/domain/ledger-online.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-online.com/ Last updated: 2026-04-08