# ledgerrwaaltt.webflow.io — MALICIOUS

> ledgerrwaaltt.webflow.io is a high-risk phishing domain. Protect your data and avoid interactions. Stay vigilant and report suspicious activity immediately.

## Summary
PhishDestroy has identified ledgerrwaaltt.webflow.io as an active phishing domain posing a high risk to users. This generic phishing threat aims to deceive victims into divulging sensitive information, potentially leading to financial loss or identity theft. Users are urged to exercise caution around communications or links associated with this domain.

The domain ledgerrwaaltt.webflow.io resolves to IP address 104.18.36.248. According to VirusTotal analysis, 18 out of 95 security vendors flag this domain as malicious, confirming its hostile intent. The use of the Webflow hosting platform suggests a phishing campaign leveraging accessible web design services to create convincing fraudulent sites.

Currently, ledgerrwaaltt.webflow.io remains active and continues to represent a significant threat. PhishDestroy recommends that users avoid visiting this domain and organizations implement blocking rules. Increased awareness and prompt reporting of suspicious activity related to this domain will help reduce victimization from these phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Target brand: Ledger
- Page title: Unlocking Security: A Comprehensive Guide to Ledger Wallet.

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: MarkMonitor, Inc.
- Country: US
- IP: 104.18.36.248
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Ermes", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/YT8sfB1N/844dcc6970f5.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/ledgerrwaaltt.webflow.io
- Wayback Machine: https://web.archive.org/web/https://ledgerrwaaltt.webflow.io
- PhishDestroy: https://phishdestroy.io/domain/ledgerrwaaltt.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/ledgerrwaaltt.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledgerrwaaltt.webflow.io/
Last updated: 2026-03-19