# gro95z.com — SUSPICIOUS

> gro95z.com identified as a crypto drainer (generic phishing) with 0/95 VirusTotal detections. Impersonates MetaMask wallet interface. Block immediately.

## Summary
PhishDestroy identifies gro95z.com as an active crypto drainer domain currently under investigation for generic phishing activities. This domain is suspected to impersonate MetaMask wallet interfaces to deceive users into connecting fraudulent wallets. The threat is classified as a high-risk drainer due to its active status and alignment with known tactics employed by threat actors targeting cryptocurrency users.

This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating a potential zero-day threat or evasion technique. gro95z.com was registered via NameSilo, LLC on March 24, 2026, and resolves to IP address 195.160.223.158. No blocklist entries or trust scores are currently available, suggesting this domain has not yet been widely categorized or blacklisted by security vendors. The Let’s Encrypt SSL certificate adds a veneer of legitimacy, further complicating detection efforts.

Users and organizations are advised to immediately block gro95z.com at the network and DNS levels to prevent access. Additionally, monitor for any connections to 195.160.223.158 and inspect endpoints for signs of unauthorized wallet connections or cryptocurrency transactions. Security teams should update firewall rules and intrusion detection systems to flag this domain and IP as malicious. Exercise caution when encountering MetaMask or similar wallet-related prompts, and verify URLs through official sources prior to any interaction.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 10:00:03
- Registrar: NameSilo, LLC
- IP: 195.160.223.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/12df6f43-d236-4fd4-8c0c-87f69ebfc78b
- PhishDestroy: https://phishdestroy.io/domain/gro95z.com/
- LLM endpoint: https://phishdestroy.io/domain/gro95z.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gro95z.com/
Last updated: 2026-03-27