# start--liagrecom---sso.webflow.io — MALICIOUS

> start--liagrecom---sso.webflow.io is flagged as a high-risk phishing domain. Stay alert and protect your credentials from this active threat.

## Summary
PhishDestroy assesses start--liagrecom---sso.webflow.io as a high-risk generic phishing domain actively targeting users. This domain aims to deceive victims into revealing sensitive information.

The domain resolves to IP 104.18.36.248 and has been flagged by 15 out of 95 security vendors on VirusTotal, confirming its malicious intent. It is hosted on the Webflow.io platform, commonly abused for phishing campaigns.

Users should avoid interacting with this domain. Organizations are advised to block and monitor traffic to it. The domain remains active, posing ongoing risks to unprotected systems.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: www-Ledger.com/Start® | Powering Up Your Device

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248
- Nameservers: NS_NOT_FOUND

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Screenshot: https://urlscan.io/screenshots/019d0372-cd1b-7066-bb62-14cd14979276.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4d50f97b-9fd5-4858-82c4-5ec345285f62
- PhishDestroy: https://phishdestroy.io/domain/start--liagrecom---sso.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/start--liagrecom---sso.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/start--liagrecom---sso.webflow.io/
Last updated: 2026-03-19