# autth-start-leddger.webflow.io — MALICIOUS

> PhishDestroy warns that autth-start-leddger.webflow.io is a live fake-login phishing page mimicking Ledger.

## Summary
PhishDestroy identifies autth-start-leddger.webflow.io as an active fake-login phishing domain (generic_phishing) impersonating Ledger hardware-wallet authentication pages. The site is hosted on a Webflow subdomain and appears designed to harvest seed phrases or wallet credentials. No custom drainer kit artifacts were observed in initial sandbox runs, suggesting the threat actors may be re-using generic phishing templates.

Technical indicators for this domain include a VirusTotal detection ratio of 17/95 security vendors, resolution to IP 172.64.151.8 via Cloudflare, and a Google Trust Services SSL certificate. WHOIS data shows the domain was created recently and is still active. Google Safe Browsing has not yet blacklisted the URL, and public blocklists currently flag it in 3 third-party threat-intelligence feeds.

The domain remains in an elevated-risk state with an active campaign. PhishDestroy has flagged the URL and added it to real-time detection rules; however, users should remain cautious as the adversaries may shift infrastructure quickly. Remaining risk is elevated due to the threat’s current visibility and the use of reputable hosting and SSL services to evade detection.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 172.64.151.8

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e4c722a9-f2ad-45ad-93cb-bb2288a3546c
- PhishDestroy: https://phishdestroy.io/domain/autth-start-leddger.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/autth-start-leddger.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/autth-start-leddger.webflow.io/
Last updated: 2026-03-28