# prod-ledger-transaction-check.com — MALICIOUS

> prod-ledger-transaction-check.com is a high-risk phishing domain impersonating Ledger. It’s currently offline but flagged on multiple blocklists.

## Summary
PhishDestroy identifies prod-ledger-transaction-check.com as a high-risk phishing domain impersonating the Ledger brand, a popular cryptocurrency hardware wallet provider. The site was designed to mimic Ledger’s official communication channels to deceive users into divulging sensitive information or credentials. This brand impersonation tactic poses a significant threat to Ledger customers and crypto users, aiming to facilitate fraud or theft.

The domain was registered on October 12, 2025, through Dominet (HK) Limited and resolved to the IP address 80.66.87.123. It appeared on three prominent security blocklists and was flagged by 16 out of 95 security vendors on VirusTotal, indicating widespread recognition of its malicious intent. At the time of this report, the domain is offline, reducing immediate risk but requiring ongoing vigilance.

Users are strongly advised to avoid accessing prod-ledger-transaction-check.com or any links associated with it. Always verify URLs and use official Ledger communication channels for any transaction or account verification. Employ updated security software and report suspicious domains to cybersecurity authorities. Maintaining caution helps prevent falling victim to this type of brand impersonation scam.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: Ledger
- Page title: 403 Forbidden

## Domain Intelligence
- Registered: 2025-10-12 00:00:00
- Expires: 2026-10-12 00:00:00
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 80.66.87.123
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS216127 INTERNATIONAL HOSTING COMPANY LIMITED
- Nameservers: a.dnspod.com b.dnspod.com c.dnspod.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "Bfore.Ai PreCrime", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Seclookup", "SOCRadar", "Sophos", "ThreatHive", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b626c-d254-77e0-b163-3153ea9380a4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/09f7a6a1-eea2-4c8a-b1f9-74f8970d11d1
- PhishDestroy: https://phishdestroy.io/domain/prod-ledger-transaction-check.com/
- LLM endpoint: https://phishdestroy.io/domain/prod-ledger-transaction-check.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/prod-ledger-transaction-check.com/
Last updated: 2026-03-19