# gro24x.icu — SUSPICIOUS > gro24x.icu is a recently registered domain (April 2026) flagged by 4/95 security vendors for generic phishing. ## Summary PhishDestroy identifies gro24x.icu as an active generic phishing domain targeting unsuspecting users. While no specific brand or drainer kit is explicitly linked in available intelligence, the domain exhibits high-risk characteristics typical of phishing operations, including deceptive naming conventions and recent registration timelines designed to evade detection. The absence of a well-known brand association suggests opportunistic exploitation of generic trust cues to lure victims into disclosing sensitive information or executing malicious payloads. Technical analysis of gro24x.icu reveals critical indicators of compromise and fraudulent intent. The domain resolves to IP address 216.203.20.169 and is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED. Notably, VirusTotal flags this domain with a detection score of 4 out of 95 security vendors, reflecting limited but concerning recognition of its malicious nature. The domain was created on April 04, 2026, a recent registration that aligns with the operational window of opportunistic threat actors seeking to capitalize on newly established infrastructure. While Google Safe Browsing (GSB) status and blocklist participation are not specified in available data, the combination of these factors—especially the low VT score and recent creation date—demonstrates elevated risk potential. Currently, gro24x.icu remains active and poses an ongoing threat to users who may encounter it through phishing campaigns, malvertising, or typosquatting attempts. Immediate action is advised: users should avoid interacting with this domain entirely and report it to their security teams or through platforms like VirusTotal. Organizations are recommended to update firewall rules, DNS blocklists, and endpoint protection systems to include gro24x.icu and its associated IP address. Despite these measures, the domain’s recent registration and limited detection coverage suggest that some risk may persist until broader threat intelligence dissemination occurs and proactive blocking measures are universally adopted. Continuous monitoring and threat intelligence sharing remain essential to mitigate potential fallout. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-04 11:27:36 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 216.203.20.169 ## Detection Status - VirusTotal: 4 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/gro24x.icu - PhishDestroy: https://phishdestroy.io/domain/gro24x.icu/ - LLM endpoint: https://phishdestroy.io/domain/gro24x.icu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gro24x.icu/ Last updated: 2026-04-04