# growclaudeai.com — SUSPICIOUS

> growclaudeai.com is serving as a fake Claude AI tool to steal crypto. VT score 2/95. Check the full report.

## Summary
PhishDestroy identifies growclaudeai.com as an active phishing domain masquerading as the legitimate Claude AI platform to harvest cryptocurrency wallets and credentials. Security telemetry confirms this domain is leveraging a generic drainer kit designed to mimic AI tool interfaces, prompting users to connect wallets and enter seed phrases under the guise of software activation or premium feature access.  This domain was flagged by 2 independent security blocklists and is currently blocked by MetaMask and SEAL. Technical indicators include resolution to IP 104.21.76.188, a Let's Encrypt SSL certificate, registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and a domain creation date of March 26, 2026. VirusTotal analysis shows 2 out of 95 security vendors identifying malicious content, while Google Safe Browsing (GSB) has not yet flagged this domain.  As of today, growclaudeai.com remains active and poses an elevated risk due to its impersonation tactics and recent registration. Users are strongly advised to avoid interacting with this domain and to verify the authenticity of AI tool websites via official channels. The domain's short operational window suggests heightened urgency for defensive action, though risk mitigation depends on timely updates across blocklists and security platforms. Organizations should monitor lateral movement from endpoints reaching this domain and consider proactive DNS filtering to prevent access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 18:08:13
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.76.188

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/d64197ab-85ed-4ab4-bbb7-6acd771994ef
- PhishDestroy: https://phishdestroy.io/domain/growclaudeai.com/
- LLM endpoint: https://phishdestroy.io/domain/growclaudeai.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/growclaudeai.com/
Last updated: 2026-03-27