# web3backupsledger.com — SUSPICIOUS > PhishDestroy identifies web3backupsledger.com as a crypto drainer impersonating Ledger. This domain scored 0/95 on VirusTotal and was registered just days ago. ## Summary PhishDestroy identifies web3backupsledger.com as a fraudulent crypto drainer site masquerading as Ledger, a leading hardware wallet brand. The domain was registered on August 07, 2025, and has not yet been flagged by VirusTotal, showing 0 detections out of 95 scanners. The site resolves to IP 208.98.35.111, uses a Let's Encrypt SSL certificate, and was registered through TuringSign Inc. d/b/a Cosmotown, a registrar known for anonymizing registrant details. This domain poses a critical threat to users seeking backup solutions for their Ledger devices. Cybercriminals are likely using the name to trick users into entering their seed phrases or connecting wallets, enabling direct theft of cryptocurrency assets. Given the new registration and low detection rates, the site is actively evading standard security measures. The combination of brand impersonation, recent creation, and absence of blocklist flags makes it a high-risk domain for unsuspecting users. Users who visited web3backupsledger.com should immediately disconnect any connected wallets, revoke any granted permissions, and transfer remaining funds to a secure wallet not exposed to this domain. Run a full antivirus scan, check browser extensions for unauthorized access, and verify any future Ledger-related links only through official channels. Report this domain to PhishDestroy and Ledger’s support team to aid in broader takedown efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Ledger ## Domain Intelligence - Registered: 2025-08-07 11:46:09 - Registrar: TuringSign Inc. d/b/a Cosmotown - IP: 208.98.35.111 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/9f797cf8-23bc-4105-a49f-579b140dbc31 - PhishDestroy: https://phishdestroy.io/domain/web3backupsledger.com/ - LLM endpoint: https://phishdestroy.io/domain/web3backupsledger.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/web3backupsledger.com/ Last updated: 2026-03-22