# nft-openseaclaims.web.app — SUSPICIOUS > PhishDestroy identifies nft-openseaclaims.web.app as a brand impersonation domain leveraging OpenSea's identity. VirusTotal flags 3/95 security vendors. ## Summary PhishDestroy has identified the domain nft-openseaclaims.web.app as an active brand impersonation threat targeting OpenSea users. This malicious site masquerades as the legitimate OpenSea platform to deceive visitors into connecting cryptocurrency wallets under the guise of claiming NFTs or resolving account issues. The domain employs social engineering tactics to trick users into authorizing wallet connections or entering sensitive credentials, which are then exploited to drain digital assets. Security teams should treat this domain as a high-risk crypto drainer due to its active status and impersonation of a major NFT marketplace. This domain was flagged by 3 out of 95 security vendors on VirusTotal, indicating limited but notable detection coverage. Registered through Google LLC, the domain resolves to IP address 199.36.158.100 and utilizes a Google Trust Services SSL certificate, which may lend an air of legitimacy to unsuspecting users. The use of the 'web.app' subdomain under Google's domain further complicates detection, as it may bypass initial scrutiny in security filters designed to block lookalike domains. The combination of a legitimate registrar, trusted SSL issuer, and active impersonation strategy significantly elevates the risk profile of this threat. Users who have visited nft-openseaclaims.web.app should immediately disconnect their wallets from any connected dApps or websites and revoke any unauthorized permissions granted to suspicious domains. Scan connected devices for malware or unauthorized wallet extensions and consider transferring remaining assets to a newly generated wallet. Report the domain to OpenSea's official support channels and update security awareness training to highlight the tactics used by this and similar brand impersonation threats. Organizations are advised to block this domain at the network perimeter and monitor for any signs of credential theft or unauthorized transactions linked to this campaign. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: OpenSea ## Domain Intelligence - Registrar: Google LLC - IP: 199.36.158.100 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/nft-openseaclaims.web.app - PhishDestroy: https://phishdestroy.io/domain/nft-openseaclaims.web.app/ - LLM endpoint: https://phishdestroy.io/domain/nft-openseaclaims.web.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nft-openseaclaims.web.app/ Last updated: 2026-04-07