# xn--ledgerlve-c5a.app — SUSPICIOUS > PhishDestroy flags xn--ledgerlve-c5a.app as a crypto drainer phishing site. Only 2 of 95 VirusTotal vendors detected it. Read the full report now. ## Summary PhishDestroy identifies xn--ledgerlve-c5a.app as an active crypto drainer phishing domain designed to steal cryptocurrency by tricking users into connecting their wallets or entering seed phrases on fake Ledger-branded pages. This fraudulent site mimics legitimate Ledger hardware wallet interfaces to deceive visitors into approving malicious transactions or revealing sensitive recovery phrases. Once compromised, victims may experience immediate loss of funds with no recourse, as blockchain transactions are irreversible and anonymized. Users who interact with this domain risk permanent financial damage and potential credential harvesting for further attacks. This domain was flagged by PhishDestroy using multi-source threat intelligence that detected its crypto drainer functionality. The site's SSL certificate is issued by Let's Encrypt, yet only 2 out of 95 VirusTotal security vendors currently flag it as malicious. The domain was registered on March 11, 2024, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 213.226.125.138. These technical indicators, combined with the domain's recent creation date and low detection rate, elevate its threat level despite the relatively unknown registrar. PhishDestroy assesses this site as an elevated risk due to its active drainer campaign targeting cryptocurrency users. If you visited xn--ledgerlve-c5a.app or entered any information, immediately disconnect your wallet and revoke any permissions granted to suspicious sites. Use your wallet's official app or website to check recent transaction history and remove unauthorized connections. Never share seed phrases or private keys with any website, and always verify URLs through official Ledger channels before entering sensitive information. Run a malware scan on your device to detect any residual threats. Report this domain to your antivirus provider and PhishDestroy using the unique seed 7915a4 for tracking. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-11 20:36:23 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 213.226.125.138 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/849e2c2d-95a9-451a-a617-48d2d801470d - PhishDestroy: https://phishdestroy.io/domain/xn--ledgerlve-c5a.app/ - LLM endpoint: https://phishdestroy.io/domain/xn--ledgerlve-c5a.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/xn--ledgerlve-c5a.app/ Last updated: 2026-03-22