# backupweb3.com — SUSPICIOUS

> PhishDestroy flags backupweb3.com as a fraudulent Web3 backup site hosting a live phishing kit since March 24, 2026.

## Summary
PhishDestroy identifies backupweb3.com as an active Web3 phishing domain impersonating a legitimate cloud-backup service for decentralized wallets. The campaign is currently classified as under_investigation with a live site hosted on a freshly registered domain that has not yet been blocklisted, indicating an early-stage operation likely targeting cryptocurrency holders unaware of the impersonation.  This domain was flagged by PhishDestroy on March 24, 2026, and resolves to IP 216.198.79.1 via Ultahost, Inc. with a Let’s Encrypt SSL certificate. VirusTotal shows 0/95 detections as of seed 3a76f2, and the domain has not yet appeared on any major blocklists or threat intelligence feeds. Domain age is less than 24 hours, and the hosting provider and IP allocation suggest opportunistic, low-cost infrastructure typical of mass phishing campaigns. The SSL certificate, while valid, is only a weak indicator of legitimacy and is commonly abused to lend false credibility to impersonation sites.  Users should avoid visiting backupweb3.com and immediately revoke any credentials entered on the site. Block the domain at DNS and firewall levels, inspect local hosts files for redirections, and report the domain to Ultahost’s abuse team using the abuse contact info@ulahost.com. Monitor wallet addresses for unauthorized transactions and consider using hardware wallets with transaction confirmation screens to prevent silent exfiltration. Always verify backup services directly through official channels and use wallet-native backup tools rather than third-party web interfaces.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 22:17:04
- Registrar: Ultahost, Inc.
- IP: 216.198.79.1

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fd1c5f32-0c0c-4649-a879-f345343af52b
- PhishDestroy: https://phishdestroy.io/domain/backupweb3.com/
- LLM endpoint: https://phishdestroy.io/domain/backupweb3.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/backupweb3.com/
Last updated: 2026-03-28