# gro90p-fxempire.com — SUSPICIOUS > gro90p-fxempire.com flagged as crypto drainer phishing site, 0/95 VirusTotal detections. Avoid crypto transactions on this domain. ## Summary PhishDestroy identifies gro90p-fxempire.com as a high-risk crypto drainer domain currently active in phishing campaigns targeting cryptocurrency users. This domain mimics legitimate financial platforms to trick victims into connecting wallets and signing malicious transactions that drain digital assets. Security researchers have observed similar domains exploiting brand impersonation tactics, leveraging urgency and financial incentives to bypass user skepticism. The domain’s infrastructure is designed to facilitate unauthorized cryptocurrency transfers once victims engage with embedded drainer scripts, making it a critical threat to digital asset holders. This domain was flagged with 0 out of 95 VirusTotal detections, indicating it has evaded initial automated detection systems despite its malicious intent. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 28, 2026, the domain resolves to IP address 188.114.97.3 and holds a valid Let’s Encrypt SSL certificate, which may lend false credibility to unsuspecting users. The combination of a newly registered domain, low detection rates, and active infrastructure suggests this may be part of a larger, evolving phishing campaign targeting crypto investors. Users who visited gro90p-fxempire.com should immediately disconnect any connected cryptocurrency wallets and revoke any permissions granted to unknown domains or applications. Scan devices for malware using reputable antivirus tools and monitor wallet transactions for unauthorized activity. Report the domain to your security team or relevant cybercrime authorities to aid in takedown efforts. Avoid interacting with any prompts or transactions on this site, as it is actively engaged in crypto drainer operations. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-28 04:45:58 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/gro90p-fxempire.com - PhishDestroy: https://phishdestroy.io/domain/gro90p-fxempire.com/ - LLM endpoint: https://phishdestroy.io/domain/gro90p-fxempire.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/gro90p-fxempire.com/ Last updated: 2026-04-02