# ninjameme.fun — SUSPICIOUS

> ninjameme.fun peddles Ninja memecoin as a stealth investment but is a confirmed phishing lure. Flagged by just 1 of 95 VirusTotal vendors, users should avoid.

## Summary
PhishDestroy identifies ninjameme.fun as an active memecoin-themed phishing domain designed to trick investors into surrendering credentials or funds under the guise of the "Ninja" stealth asset. The page masquerades as a legitimate memecoin opportunity titled "Ninja – The Stealthiest Memecoin," luring users with promises of high-yield anonymity-focused returns. Threat intelligence confirms the site remains live at the time of analysis, with no evidence of takedown or remediation.  This domain was flagged by only 1 of 95 VirusTotal security vendors, indicating limited vendor detection capability despite its malicious intent. It resolves to IP 92.113.23.180 and leverages a Let’s Encrypt SSL certificate for added legitimacy. Registered on September 23, 2025, through HOSTINGER operations, UAB, it has not yet appeared on major public blocklists or threat feeds—likely due to its recent emergence. Trust scores remain low, and only one security engine has classified it as malicious to date.  Given the elevated operational status and absence of broad detection coverage, PhishDestroy strongly recommends immediate network and endpoint blocking of ninjameme.fun and its underlying IP (92.113.23.180). Users should be warned against visiting the site and report any observed interactions. Security teams are advised to monitor for related domains, especially those mimicking memecoin brands or using similar naming conventions. Enhance email and web filtering rules to intercept any inbound references to "Ninja" investments or crypto-related lures sourced from this domain. This advisory supersedes prior assessments and will be updated as additional IOCs or takedown actions occur.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: Ninja – The Stealthiest Memecoin

## Domain Intelligence
- Registered: 2025-09-23 07:44:07
- Registrar: HOSTINGER operations, UAB
- IP: 92.113.23.180

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f234da72-8505-4ca3-81f9-21fb63a34b52
- PhishDestroy: https://phishdestroy.io/domain/ninjameme.fun/
- LLM endpoint: https://phishdestroy.io/domain/ninjameme.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ninjameme.fun/
Last updated: 2026-03-25