# ledger-memory.com — SUSPICIOUS > ledger-memory.com identified as crypto drainer; targets Ledger users; 2/95 VirusTotal detections. Block immediately and review transactions. ## Summary PhishDestroy identifies ledger-memory.com as a live crypto drainer posing as a Ledger-related domain to trick cryptocurrency holders. This site is weaponized to siphon digital assets under the guise of wallet “memory” or recovery services, exploiting user trust in hardware wallet brands. The domain’s infrastructure and naming strategy strongly suggest the use of a pre-built drainer kit designed to harvest seed phrases or private keys during fake “recovery” or “backup” prompts. ledger-memory.com exhibits several red flags confirmed in forensic analysis. VirusTotal shows only 2 out of 95 security vendors currently flagging the domain, leaving it largely undetected by automated defenses. The domain resolves to IP 188.114.96.3 and was registered on March 21, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. The SSL certificate, issued by Let’s Encrypt, does not mitigate the risk due to the domain’s malicious intent. Google Safe Browsing (GSB) has not yet blacklisted the site, and public blocklists show minimal coverage. These technical indicators collectively confirm an elevated risk profile. As of this advisory, ledger-memory.com remains active and actively serving malicious content. Immediate blocking at the DNS and firewall level is recommended, especially for users and organizations handling cryptocurrency. Security teams should inspect endpoints for signs of wallet interaction or unauthorized outbound connections to 188.114.96.3. While the current risk is elevated due to low detection coverage, proactive blocking significantly reduces exposure. Continued monitoring and updating of threat intelligence feeds are advised to prevent further exploitation of this domain. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-21 20:01:07 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a7f9f99d-62c8-4dd8-a549-45a28aeb1d1d - PhishDestroy: https://phishdestroy.io/domain/ledger-memory.com/ - LLM endpoint: https://phishdestroy.io/domain/ledger-memory.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ledger-memory.com/ Last updated: 2026-03-22