# help---cloud--ledger.webflow.io — MALICIOUS

> help---cloud--ledger.webflow.io is an active high-risk phishing domain. Stay alert and avoid interaction with this site to protect your data.

## Summary
PhishDestroy has identified help---cloud--ledger.webflow.io as a high-risk generic phishing domain actively targeting unsuspecting users. The site appears designed to deceive visitors by masquerading as a legitimate cloud ledger service, a tactic commonly used to steal sensitive information such as login credentials or financial data.

The domain resolves to the IP address 104.18.36.248 and is hosted on the Webflow.io platform. According to VirusTotal scans, 18 out of 95 security engines have flagged this domain as malicious, supporting the phishing classification. This mixed detection rate highlights the necessity for caution when encountering suspicious URLs with similar patterns or naming conventions.

Currently, help---cloud--ledger.webflow.io remains active and continues to pose a significant threat. Users and organizations are advised to block access to this domain on their networks and to educate employees about recognizing phishing attempts. Continuous monitoring and reporting to threat intelligence platforms are recommended to mitigate risks associated with this malicious infrastructure.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Target brand: Ledger
- Page title: Ledger® Live*Download - Secure (Webflow) | us

## Domain Intelligence
- Registered: 2026-03-05 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content
- Meta description: Steps to Download Ledger Live: Visit the Official Ledger Website: Navigate to the official Ledger website using your preferred web browser. Locate the Ledger Live Download …

### Page Text
Ledger® Live*Download - Secure (Webflow) | us

### External Scripts
- https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=668905c802fdd121eace5d05
- https://cdn.prod.website-files.com/668905c802fdd121eace5d05/js/webflow.4e8135d87.js

### External Links
- https://antressmirestos.com/50861f8a-b42e-446e-9569-fca41f812668

## Evidence
- Screenshot: https://i.ibb.co/c9Zc2zX/f455c8bc2573.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/help---cloud--ledger.webflow.io
- Wayback Machine: https://web.archive.org/web/https://help---cloud--ledger.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/help---cloud--ledger.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/help---cloud--ledger.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/help---cloud--ledger.webflow.io/
Last updated: 2026-03-16