# gro36v.icu — SUSPICIOUS > Beware gro36v.icu — active crypto drainer phishing domain with 0/95 VirusTotal detections. Registered Apr 02 2026 via NICENIC. Block now to protect assets. ## Summary PhishDestroy identifies gro36v.icu as an active crypto drainer phishing domain currently under investigation by fraud detection teams. This domain resolves to IP 188.114.96.3 and leverages a Google Trust Services SSL certificate to appear legitimate while facilitating unauthorized cryptocurrency transfers. The domain was created on April 02, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, and has not yet been flagged by any of the 95 VirusTotal security vendors, indicating a high-risk window for potential victims. This domain represents a clear and present threat to cryptocurrency users, as it is designed to deceive visitors into connecting their digital wallets under the guise of legitimate services. The absence of detections on VirusTotal (0/95) combined with the use of a trusted SSL certificate and recently registered domain (created only days ago) suggests this campaign is either very new or deliberately evading detection. Such tactics are typical of advanced phishing operations that target high-value assets by exploiting trust in established certificate authorities and newly minted domains that bypass traditional blocklists. If you visited gro36v.icu or entered any sensitive information, immediately revoke wallet permissions using tools like revoke.cash or your wallet’s built-in security features. Disable any connected applications and transfer remaining funds to a newly generated wallet address. Report the domain to your antivirus provider and consider using domain reputation services to block future access. Monitor your wallet for unauthorized transactions and enable transaction alerts to detect suspicious activity early. The combination of low VirusTotal coverage and recent registration creates a dangerous profile; take defensive action immediately to prevent financial loss. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-02 18:03:47 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/gro36v.icu - PhishDestroy: https://phishdestroy.io/domain/gro36v.icu/ - LLM endpoint: https://phishdestroy.io/domain/gro36v.icu/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gro36v.icu/ Last updated: 2026-04-02