# ledgerreset.com — MALICIOUS

> ledgerreset.com impersonates Ledger to steal credentials. This high-risk phishing domain is now offline. Learn more about its tactics and status.

## Summary
PhishDestroy identifies ledgerreset.com as a high-risk phishing domain engaged in brand impersonation targeting Ledger, a well-known cryptocurrency hardware wallet provider. Classified under brand impersonation threats, this domain attempted to deceive users by mimicking Ledger’s branding and services. The domain was created recently, in February 2026, suggesting a fresh campaign targeting Ledger users seeking support or account access.

Technical analysis reveals ledgerreset.com resolved to IP address 172.67.168.31 and was registered through NiceNIC International Group Co., Limited. The domain appeared on one security blocklist and was flagged by 12 out of 95 security vendors on VirusTotal, indicating a moderate detection rate among antivirus engines. These indicators, combined with the domain’s registration details and hosting infrastructure, support its use for credential phishing or other fraudulent activities leveraging Ledger’s reputation.

As of the latest intelligence, ledgerreset.com has been taken offline, effectively disrupting the attack vector. PhishDestroy continues to monitor such domains for reactivation attempts or related threats. Users are advised to exercise caution with unsolicited Ledger-related links and verify URLs directly through official Ledger channels to avoid credential compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.168.31
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["hans.ns.cloudflare.com", "poppy.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b971a-8b11-735a-a81a-10f5e7869471.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/52f00937-221c-4f3f-a46c-303ee6176252
- PhishDestroy: https://phishdestroy.io/domain/ledgerreset.com/
- LLM endpoint: https://phishdestroy.io/domain/ledgerreset.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerreset.com/
Last updated: 2026-03-19