# ledger.setupterms.com — SUSPICIOUS

> Domain ledger.setupterms.com impersonates Ledger to steal crypto via 0/95 VirusTotal detections. Avoid and report immediately.

## Summary
PhishDestroy identifies the domain ledger.setupterms.com as an active brand impersonation threat targeting Ledger users. This malicious domain employs convincing spoofing techniques to deceive visitors into divulging sensitive wallet credentials or installing drainer malware. No known drainer kit is associated with this domain at this time, but the impersonation tactic aligns with common cryptocurrency phishing campaigns designed to siphon digital assets.  This domain resolves to IP 216.198.79.65 and exhibits a low detection profile with 0 out of 95 VirusTotal engines flagging it as malicious. Administered through NICENIC INTERNATIONAL GROUP CO., LIMITED, the domain is newly positioned within the threat landscape. Current indicators suggest recent registration with minimal historical footprint, and no presence on Google Safe Browsing (GSB) lists, though proactive monitoring remains essential.  As of this advisory, the threat level remains under investigation but is classified as active due to confirmed impersonation tactics. Immediate actions include blocking the domain at network egress points and updating endpoint detection rules using the IP indicator. While current risk is localized, users interacting with this domain face immediate credential theft risks. Continued surveillance for infrastructure shifts or drainer deployment is advised.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 216.198.79.65

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- PhishDestroy: https://phishdestroy.io/domain/ledger.setupterms.com/
- LLM endpoint: https://phishdestroy.io/domain/ledger.setupterms.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger.setupterms.com/
Last updated: 2026-03-26