# tradherwallet.webflow.io — MALICIOUS > Avoid tradherwallet.webflow.io—an active crypto drainer flagged by multiple security vendors. Protect your assets and stay vigilant. ## Summary PhishDestroy identifies tradherwallet.webflow.io as a medium-risk domain engaged in crypto drainer activities. This classification indicates a significant threat to users’ cryptocurrency wallets, as the domain is designed to illicitly drain digital assets by deceiving victims into revealing sensitive information or private keys. Supporting evidence for this risk includes the domain’s resolution to IP address 104.18.36.248, which is associated with Webflow hosting, a platform sometimes abused by threat actors for rapid deployment of phishing sites. Additionally, VirusTotal flags this domain by 8 out of 95 security vendors, confirming that multiple independent sources have detected malicious behavior linked to this address. The domain’s active status further elevates the urgency for users and security teams to remain cautious. To mitigate risks, users should avoid interacting with tradherwallet.webflow.io and refrain from entering any cryptocurrency credentials or personal data on this site. Organizations should implement domain blocking and monitor network traffic for access attempts to this domain. PhishDestroy continues to track the domain’s activity and recommends updating threat intelligence feeds to include this crypto drainer. Immediate action is advised to protect digital assets from compromise. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 200) - Page title: Trezor *^* Hardware Wallet ## Domain Intelligence - Registered: 2026-03-05 13:07:01 - Registrar: MarkMonitor, Inc. - Country: US - IP: 104.18.36.248 - IP Country: US - IP City: San Francisco - IP Org: AS13335 Cloudflare, Inc. - Nameservers: NS_NOT_FOUND - SSL Issuer: Google Trust Services / WE1 ## Detection Status - VirusTotal: 18 vendors flagged Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"] - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["PhishDestroy"] ## Live Page Content ### Page Text Trezor *^* Hardware Wallet ### External Scripts - https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=650ac07d8c8ebd2ec838d968 - https://cdn.prod.website-files.com/650ac07d8c8ebd2ec838d968/js/webflow.24a563ff7.js ### External Links - https://posectsinsive.com/7467700e-2a03-4fc3-a636-a93360879334 ## Evidence - Screenshot: https://i.ibb.co/Cr3xhv3/fadc4a6dfc99.png - Cloudflare Radar: https://radar.cloudflare.com/domains/tradherwallet.webflow.io - Wayback Machine: https://web.archive.org/web/https://tradherwallet.webflow.io - PhishDestroy: https://phishdestroy.io/domain/tradherwallet.webflow.io/ - LLM endpoint: https://phishdestroy.io/domain/tradherwallet.webflow.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tradherwallet.webflow.io/ Last updated: 2026-03-16