# ledger--livestart.webflow.io — MALICIOUS

> High-risk phishing domain ledger--livestart.webflow.io targets users with fraudulent schemes. Stay alert and avoid interaction with this site.

## Summary
PhishDestroy identifies ledger--livestart.webflow.io as an active, high-risk generic phishing domain. This threat poses significant danger by attempting to deceive users into revealing sensitive information or credentials through fraudulent means.

Supporting evidence includes the domain resolving to IP address 104.18.36.248, associated with content delivery networks often abused by phishing actors for hosting deceptive pages. VirusTotal analysis flags this domain by 15 out of 95 security vendors, indicating a consensus on its malicious nature. The structure of the domain name, incorporating "ledger" and hosted on a subdomain of webflow.io, suggests an attempt to impersonate legitimate financial or cryptocurrency services to lure victims.

Users should avoid visiting or interacting with ledger--livestart.webflow.io. PhishDestroy recommends employing updated endpoint protection, browser security features, and user education to mitigate risk. The domain remains active, and vigilance is essential to prevent falling victim to its phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Ledger
- Page title: Ledger.com/Start® - Official Site® | Getting started

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc31f-2355-749c-a3de-69e4514bb5c2.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledger--livestart.webflow.io
- Wayback Machine: https://web.archive.org/web/https://ledger--livestart.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/ledger--livestart.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/ledger--livestart.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger--livestart.webflow.io/
Last updated: 2026-03-19