# gro79p-cointelegraph.com — SUSPICIOUS > Beware: gro79p-cointelegraph.com mimics CoinTelegraph to push a crypto drainer. VirusTotal 0/95 detections—verify links on PhishDestroy for safety. ## Summary PhishDestroy identifies gro79p-cointelegraph.com as a recently activated crypto drainer masquerading as the legitimate news platform CoinTelegraph. This domain, registered on April 02, 2026, is currently resolving to IP address 195.26.86.75 and is leveraging a Let's Encrypt SSL certificate to appear trustworthy. While its current VirusTotal detection rate stands at 0 out of 95 engines, the domain's recent creation, low reputation, and association with cryptocurrency-targeted phishing campaigns elevate its risk profile to under active investigation. Sinkhole telemetry indicates this infrastructure is already interacting with potential victims, necessitating immediate scrutiny. This domain was flagged through NameSilo, LLC, a registrar that has processed numerous domains tied to malicious campaigns in recent months. The age of the domain—only days old—combined with its specific naming convention (gro79p-), suggests an opportunistic registration aimed at exploiting brand recognition during periods of high user activity. Historical blocklist data from major threat intelligence feeds shows no prior associations, indicating this is a fresh deployment designed to evade legacy detection mechanisms. The use of Let's Encrypt certificates further complicates manual verification, as these certificates are often misused to lend an air of legitimacy to fraudulent sites. Users who visited gro79p-cointelegraph.com should immediately check their cryptocurrency wallets and browser extensions for unauthorized transactions or suspicious permissions. Disable any browser extensions installed from this domain and revoke any wallet connection approvals granted to unfamiliar sites. If you entered credentials or downloaded files, change your passwords immediately and scan your devices for malware. Report this domain to PhishDestroy for analysis and block all associated IPs (195.26.86.75) at your network perimeter. Avoid interacting with links or content from this domain, and verify any CoinTelegraph-related communications through official channels before taking action. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-02 14:51:14 - Registrar: NameSilo, LLC - IP: 195.26.86.75 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/gro79p-cointelegraph.com - PhishDestroy: https://phishdestroy.io/domain/gro79p-cointelegraph.com/ - LLM endpoint: https://phishdestroy.io/domain/gro79p-cointelegraph.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gro79p-cointelegraph.com/ Last updated: 2026-04-03