# ledger--cm-start.pages.dev — SUSPICIOUS

> ledger--cm-start.pages.dev is a crypto drainer site with 0/95 VirusTotal detections. Avoid clicking links from unsolicited messages.

## Summary
PhishDestroy identifies ledger--cm-start.pages.dev as an active crypto drainer site designed to trick users into connecting cryptocurrency wallets and authorize unauthorized transactions. This fraudulent site mimics Ledger’s official domains using a complex subdomain structure and Cloudflare Pages hosting to appear legitimate. Users who land here risk losing digital assets through silent wallet drainers embedded in the page. The site was flagged under seed 49d5ae and remains under investigation for further malicious behavior.  This domain was flagged after showing 0 detections out of 95 VirusTotal scans and resolving to IP 172.66.44.162 via Cloudflare, Inc. The domain was registered through Cloudflare’s Pages service, a common tactic to obscure hosting origins. Despite the lack of immediate antivirus detection, the presence of a crypto drainer payload and domain impersonation pattern confirms active malicious intent. SSL certificates issued by Google Trust Services do not validate site legitimacy here, as threat actors often abuse trusted issuers.  If you visited ledger--cm-start.pages.dev, disconnect your wallet immediately and revoke any unauthorized permissions via your wallet’s app or browser extension. Do not interact further with the site. Report the domain to your wallet provider and consider rotating wallet addresses if exposed. Use a hardware wallet for sensitive operations and verify URLs manually before any connection. Block the domain at your network level to prevent repeat exposure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.44.162

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0fbc4e54-8350-4c99-a7dd-d8e984fc31aa
- PhishDestroy: https://phishdestroy.io/domain/ledger--cm-start.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ledger--cm-start.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ledger--cm-start.pages.dev/
Last updated: 2026-04-12