# gro95z.net — SUSPICIOUS

> Beware: gro95z.net hosts a live crypto drainer kit masquerading as a wallet login page. Scan this exact domain on PhishDestroy for instant verification.

## Summary
PhishDestroy identifies gro95z.net as an active crypto drainer domain that lures users with fraudulent wallet authentication pages to siphon funds from Ethereum addresses; no specific brand is mimicked at this time. This domain, created on March 24, 2026, currently resolves to IP 195.160.223.158 and is provisioned with a Let's Encrypt SSL certificate to appear legitimate. Analysts note that VirusTotal returns a clean score of 0/95 detections and the domain is registered through NameSilo, LLC, suggesting it remains under the radar despite active deployment.  

Technical indicators tied to seed 7a8b02 include a zero detection score on VirusTotal, registration via NameSilo, LLC, a Let's Encrypt SSL certificate, domain creation timestamp of March 24, 2026, and resolution to IP 195.160.223.158. The domain has not yet been blocked by Google Safe Browsing and remains absent from major threat intelligence feeds, indicating a low public profile and high potential for continued abuse. Its recent creation date and pristine VT score suggest either a new campaign or an actively rotated infrastructure.  

As of the latest analysis, gro95z.net is classified as active and under investigation, with a current risk level marked as under_investigation. Immediate response actions include domain takedown requests to the hosting provider and IP de-listing efforts with abuse contacts at the ISP. While the current risk is flagged as under_investigation, users are strongly advised to avoid interacting with this domain and to verify any wallet-related links using PhishDestroy before entering credentials or signing transactions. Remaining risk includes further drainer deployment or expansion into brand impersonation if undetected.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-24 10:00:07
- Registrar: NameSilo, LLC
- IP: 195.160.223.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3a391ac3-e731-49f3-9e3f-444b3173303a
- PhishDestroy: https://phishdestroy.io/domain/gro95z.net/
- LLM endpoint: https://phishdestroy.io/domain/gro95z.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gro95z.net/
Last updated: 2026-03-27