# ledgerlive.updateterms.com — MALICIOUS > ledgerlive.updateterms.com impersonates Ledger, a leading cryptocurrency wallet brand. This site is a confirmed cryptocurrency wallet drainer with a VirusTotal. ## Summary PhishDestroy identifies ledgerlive.updateterms.com as a confirmed cryptocurrency wallet drainer masquerading as Ledger’s official Live platform. This domain was flagged for brand impersonation, specifically targeting users of the Ledger cryptocurrency wallet ecosystem. The site leverages a spoofed interface to deceive victims into connecting their wallets, likely facilitating unauthorized fund transfers or credential theft. No additional drainer kit artifacts were publicly disclosed in open-source intelligence, but the domain’s behavior aligns with typical wallet-draining operations. This domain was flagged by 16 out of 95 VirusTotal security vendors, indicating elevated malicious intent. It was registered on November 17, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, using a dynamic IP address (216.198.79.65) and secured with a Let’s Encrypt SSL certificate. Google Safe Browsing (GSB) has not yet flagged the domain, and blocklist adoption remains limited but growing. The domain’s recent creation date and low blocklist coverage suggest a short operational window, though its active status poses an immediate risk to cryptocurrency users. As of the latest assessment, ledgerlive.updateterms.com remains active and poses a high-risk threat to unsuspecting users. Immediate blocking and takedown efforts are recommended, particularly for cryptocurrency wallet users and enterprise security teams monitoring wallet-related domains. While the domain exhibits limited blocklist adoption, its active status and partial detection on VirusTotal underscore the need for proactive blocking. Remaining risk is considered elevated due to the domain’s brand impersonation and the likelihood of continued phishing campaigns targeting Ledger users. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registered: 2025-11-17 15:49:22 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 216.198.79.65 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b0d96d64-e1ca-4381-85d1-6416517ce8e8 - PhishDestroy: https://phishdestroy.io/domain/ledgerlive.updateterms.com/ - LLM endpoint: https://phishdestroy.io/domain/ledgerlive.updateterms.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledgerlive.updateterms.com/ Last updated: 2026-03-21