# wwwgrowthweb.systems — SUSPICIOUS > PhishDestroy flags wwwgrowthweb.systems as an active crypto drainer phishing site first seen 2025-10-12. Scan shows 0/95 VirusTotal detections. ## Summary PhishDestroy identifies wwwgrowthweb.systems as an active generic phishing domain deployed for crypto drainer campaigns. The domain name implies deceptive growth-themed lures targeting cryptocurrency users under the guise of profit-generating services. No specific brand was impersonated in the known payload, indicating a broader opportunistic rather than highly targeted operation. The threat type is classified as a drainer kit equipped with wallet address interception or clipboard hijacking functionality, designed to siphon funds during crypto transfers. Threat actors likely utilize phishing pages, social media spam, or SEO poisoning to drive traffic to the domain with promises of bonus tokens or exclusive investment opportunities. The infrastructure suggests a fledgling campaign, possibly leveraging automation for rapid domain churn to evade detection mechanisms. This domain was flagged by PhishDestroy with the following technical indicators: VirusTotal score 0/95 detections as of the latest scan, registered through Dynadot Inc, resolves to IP 54.215.31.113, secured with a Let's Encrypt SSL certificate, and created on 2025-10-12. The domain has not yet been added to Google Safe Browsing and remains unlisted on major threat intelligence blocklists. The infrastructure appears freshly provisioned, with no historical associations detected across reputation databases. The passive DNS and SSL certificate metadata show no reuse patterns, indicating a likely disposable campaign setup. The low detection rate on VT suggests adversaries are leveraging relatively clean infrastructure and trusted certificate authorities to enhance credibility. The campaign is currently active, with PhishDestroy’s automated pipelines flagging the domain via behavioral analysis and domain age heuristics within hours of creation. Immediate actions include domain takedown requests to the registrar and IP abuse notifications to the hosting provider. Users are advised to avoid visiting wwwgrowthweb.systems and never connect wallets or share private keys on any site linked to this domain. The remaining risk is assessed as medium due to the fresh infrastructure and untapped reputation, but low due to lack of blocklist coverage and early stage deployment. Continuous monitoring is in place, and updates will be issued if new IOCs or payloads are discovered. Users can verify current safety status of this domain using PhishDestroy’s lookup tool. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-10-12 18:03:38 - Registrar: Dynadot Inc - IP: 54.215.31.113 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/wwwgrowthweb.systems - PhishDestroy: https://phishdestroy.io/domain/wwwgrowthweb.systems/ - LLM endpoint: https://phishdestroy.io/domain/wwwgrowthweb.systems/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/wwwgrowthweb.systems/ Last updated: 2026-04-11