# help--ledger-start.webflow.io — MALICIOUS > PhishDestroy identifies help--ledger-start.webflow.io as an active crypto drainer (18/95 VT detections). Avoid this impersonated Ledger support page. ## Summary PhishDestroy identifies help--ledger-start.webflow.io as an active crypto drainer posing as a Ledger support page. This fraudulent domain uses Webflow hosting and Google Trust Services SSL to deceive users into connecting wallets under the guise of resolving technical issues. Upon interaction, the site executes unauthorized crypto transfers via clipboard manipulation or hidden smart contract approvals, draining assets silently to attacker-controlled addresses. The domain's malicious intent is further evidenced by its 18 detections out of 95 VirusTotal security vendors, indicating widespread recognition of its threat profile. The domain resolves to IP 104.18.36.248 and operates under Webflow’s infrastructure, a common tactic for threat actors seeking to blend malicious content with legitimate hosting platforms. PhishDestroy’s analysis confirms this is not isolated activity, as the seed cece8c correlates this domain with a broader campaign targeting cryptocurrency users through impersonation tactics. This domain was flagged with an elevated risk level due to its active deployment as a crypto drainer, a type of malware that specifically targets cryptocurrency wallet holders by tricking them into signing malicious transactions. The threat is amplified by the domain’s use of HTTPS, which grants it a false veneer of legitimacy, making it harder for users to detect the scam. With 18/95 VirusTotal detections, this domain has already been identified by nearly one-fifth of security vendors, yet it remains accessible and operational. The combination of Webflow’s hosting service and Google Trust Services SSL certificate demonstrates the sophistication of modern phishing campaigns, which increasingly leverage reputable infrastructures to evade detection. Users interacting with this domain risk immediate financial loss, as the crypto drainer mechanism is designed to exploit wallet connections and initiate unauthorized transfers without further user input. If you visited help--ledger-start.webflow.io, take immediate steps to secure your assets and data. Disconnect any connected wallets immediately using your wallet’s interface, and revoke any suspicious smart contract approvals via tools like revoke.cash or your wallet’s built-in safety features. Scan your device with updated antivirus software to detect any residual malware, and consider transferring remaining funds to a clean wallet. Report the domain to your wallet provider, Ledger’s official support channels, and PhishDestroy’s reporting system to help mitigate further damage. Avoid interacting with any suspicious links claiming to offer Ledger support or crypto assistance, as these are common vectors for crypto drainers. Stay vigilant for further updates from PhishDestroy, which will continue monitoring this domain and others in its network. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.36.248 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/62a4ecde-4b1f-4ace-a4e9-1ee4ee8aa36e - PhishDestroy: https://phishdestroy.io/domain/help--ledger-start.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/help--ledger-start.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/help--ledger-start.webflow.io/ Last updated: 2026-03-23