# subb.web3xledger.com — SUSPICIOUS

> subb.web3xledger.com is a crypto drainer impersonating Ledger. It mimics the official brand with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies subb.web3xledger.com as an active brand impersonation site posing a high risk to cryptocurrency users. This domain specifically mimics Ledger, a trusted hardware wallet brand, to deceive visitors into connecting wallets or entering sensitive information. The threat aligns with crypto drainer behavior—malicious scripts designed to siphon digital assets from connected wallets without user consent. Given the active status and impersonation tactics, users should treat this domain as hostile and avoid all interactions.  

This domain was flagged with a brand impersonation threat type and is currently under investigation. Technical indicators include registration through Sav.com, LLC, resolution to IP address 92.113.23.230, and a valid Let's Encrypt SSL certificate. The domain was created on January 20, 2026, indicating a very recent deployment. VirusTotal currently shows 0/95 security engines detecting malicious activity, suggesting it remains under the radar of most automated scanners. As of now, no known inclusion on blocklists or trust score degradation has been recorded, but the lack of detections is common for newly launched malicious domains. The combination of recent creation, active impersonation, and low detection rates signals elevated risk.  

To mitigate exposure to crypto drainers like subb.web3xledger.com, users must verify URLs against trusted platforms such as PhishDestroy before clicking or entering any data. Never connect a wallet or enter seed phrases on unfamiliar sites claiming to represent Ledger or other crypto brands. Use hardware wallets for transaction signing and revoke any unauthorized wallet connections via blockchain explorers or wallet settings. Always access Ledger services directly through official channels (ledger.com) and enable two-factor authentication. Report suspicious domains to PhishDestroy to help protect the broader community from evolving web3 threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Ledger

## Domain Intelligence
- Registered: 2026-01-20 01:11:33
- Registrar: Sav.com, LLC
- IP: 92.113.23.230

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0379d1b0-1053-4a6f-b305-646b7b7ee957
- PhishDestroy: https://phishdestroy.io/domain/subb.web3xledger.com/
- LLM endpoint: https://phishdestroy.io/domain/subb.web3xledger.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/subb.web3xledger.com/
Last updated: 2026-03-23