# pay.ledgerswithlori.com — SUSPICIOUS > Investigating pay.ledgerswithlori.com reveals a crypto drainer threat; VirusTotal shows 0/95 detections. Check the full report. ## Summary PhishDestroy identifies pay.ledgerswithlori.com as an active crypto drainer site posing serious risks to cryptocurrency users. The domain mimics legitimate payment infrastructure to trick victims into approving malicious wallet transactions that drain funds. This is not a generic phishing attempt but a highly specialized attack vector targeting blockchain assets, with a unique seed identifier e224ca distinguishing this campaign from others. This domain was flagged due to multiple technical indicators: it was created on July 22, 2025, resolving to IP 100.49.110.141, and is registered through GoDaddy.com, LLC. The SSL certificate issued by GoDaddy.com, Inc. adds a false appearance of legitimacy, though VirusTotal currently reports 0 detections out of 95 security engines as of assessment time. With no presence on mainstream blocklists and undefined trust scores due to recent registration, this recently activated domain exhibits classic cryptojacking infrastructure patterns. To mitigate risks from this crypto drainer, users should immediately block the domain pay.ledgerswithlori.com and the associated IP 100.49.110.141 in firewall rules. Never approve wallet connection requests from unknown domains, especially those impersonating legitimate services like 'ledgerswithlori'. Verify all cryptocurrency payment addresses through official channels before any transaction. Report any unauthorized wallet approvals to your blockchain explorer and cryptocurrency platform immediately. Consider using hardware wallets that require physical confirmation for all transactions as an additional security layer. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-22 23:04:38 - Registrar: GoDaddy.com, LLC - IP: 100.49.110.141 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/0bc6b6ba-e6b0-4989-89fb-b06d9557693a - PhishDestroy: https://phishdestroy.io/domain/pay.ledgerswithlori.com/ - LLM endpoint: https://phishdestroy.io/domain/pay.ledgerswithlori.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pay.ledgerswithlori.com/ Last updated: 2026-03-26