# reset-ledgerlive.com — SUSPICIOUS

> reset-ledgerlive.com is a Ledger brand impersonation domain actively pushing crypto drainer malware, flagged by 4/95 VirusTotal vendors.

## Summary
PhishDestroy identifies reset-ledgerlive.com as an active brand impersonation domain masquerading as the legitimate Ledger Live cryptocurrency wallet platform. This malicious site is designed to deceive users into downloading a crypto drainer kit under the guise of a software update or security tool. The infrastructure and naming convention suggest a targeted campaign aimed at Ledger users seeking to steal cryptocurrency assets.  

Exact technical indicators for reset-ledgerlive.com include a VirusTotal detection rate of 4 out of 95 security vendors, a domain creation date of March 10, 2026, and resolution to IP address 188.114.96.3. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and secured with a Let's Encrypt SSL certificate. Google Safe Browsing (GSB) has not yet flagged this domain, though it remains absent from most blocklists at present.  

This domain is currently active and poses an elevated risk to unwary users, particularly those seeking Ledger wallet services. Immediate actions include blocking the domain at DNS and network levels, disabling access via corporate proxies, and distributing IOCs to SIEM systems for detection. While the current threat is localized, the risk of expansion warrants heightened vigilance until the infrastructure is dismantled or neutralized.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2026-03-10 12:35:24
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c153451e-4fee-42c5-a6ef-a83df0314225
- PhishDestroy: https://phishdestroy.io/domain/reset-ledgerlive.com/
- LLM endpoint: https://phishdestroy.io/domain/reset-ledgerlive.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/reset-ledgerlive.com/
Last updated: 2026-03-23