MalwareTips
DANGEROUS

Crypto scam / wallet-drainer

grok37k.icu is a look-alike (homoglyph) of a well-known domain. Signals match fake investment platforms and wallet drainers. Never connect a wallet, paste a seed phrase, or deposit crypto here.

Security Review

Is grok37k.icu legit or a scam?

Our verdict:Dangerous· 11/100

Phishing site impersonating Grok AI, registered 6 days ago, flagged by Forcepoint ThreatSeeker as phishing with homoglyph redirect.

Top reasons
Forcepoint ThreatSeeker explicitly flagged as phishing — a tier-1 detector.Domain registered only 6 days ago, typical of short-lived phishing campaigns.Homoglyph redirect pattern (.icu TLD mimicking legitimate domains) is a classic phishing obfuscation tactic.
grok37k.icuScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 18
Category tags
phishingfraud#Phishing#Crypto Fraud78% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
6 days old
Registered Jun 2, 2026
MT Intelligence
Dangerous
Critical likelihood · 78% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust18/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain grok37k.icu was registered only 6 days ago and exhibits multiple hallmarks of a phishing operation. Forcepoint ThreatSeeker explicitly flagged it as phishing, and Fortinet marked it as spam — both tier-1 detectors. The domain uses a homoglyph redirect (the .icu TLD mimics legitimate domains), a classic phishing tactic to trick users into entering credentials. The site is not indexed in global traffic rankings, has no legitimate business presence, and carries a zero reputation score. The combination of brand impersonation (Grok), ultra-recent registration, explicit phishing detection, and redirect obfuscation points to a credential-harvesting or malware-distribution campaign.
Full dossier
Analysis complete

Page Content

The domain name 'grok37k.icu' impersonates Grok, the AI assistant. The .icu TLD is a homoglyph redirect pattern — users may mistype or be tricked into visiting this domain instead of a legitimate Grok property. No legitimate business or service information is present.

Infrastructure

Hosting IP 80.96.113.157 has a clean abuse score (0/100) and no reported abuse history, suggesting the attacker is using a fresh or bulletproof hosting provider. SSL certificate is valid (Let's Encrypt, 88 days to expiry), which is common for phishing sites — attackers use free SSL to appear legitimate. The certificate was issued recently, consistent with the domain's 6-day age.

Domain History

Registered 6 days ago via NICENIC INTERNATIONAL GROUP CO., LIMITED. The ultra-recent registration is a strong phishing indicator — legitimate services do not appear overnight. WHOIS privacy is disabled, but the registrant details are likely fabricated or shell information.

Web Reputation

Forcepoint ThreatSeeker flagged the domain as phishing. Fortinet marked it as spam. Gridinsoft flagged it as suspicious. Browser blocklists remain clean (likely because the domain is too new to have been widely reported), but the antivirus consensus is clear. The domain is not indexed in global traffic rankings and carries zero reputation score.

Risk Factors
7
  • Forcepoint ThreatSeeker explicitly flagged as phishing — a tier-1 detector.
  • Domain registered only 6 days ago, typical of short-lived phishing campaigns.
  • Homoglyph redirect pattern (.icu TLD mimicking legitimate domains) is a classic phishing obfuscation tactic.
  • Brand impersonation: 'grok37k' mimics Grok AI assistant to harvest credentials or distribute malware.
  • Zero reputation score and no global traffic ranking indicate no legitimate user base.
  • Valid SSL certificate (Let's Encrypt) used to appear legitimate — common phishing tactic.
  • Fortinet and Gridinsoft also flagged the domain as spam or suspicious.
Positive Signals
1
  • Hosting IP has clean abuse score (0/100) and no abuse reports — though this reflects only the IP's history, not the domain's intent.
AI Recommendation
Do not visit this site or enter any credentials. If you received a link to grok37k.icu, it is a phishing attempt — report it to the legitimate Grok service and your email provider.
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of grok37k.icu
LIVE RENDER
grok37k.icu

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for grok37k.icu, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
6 days
Registered Jun 2026
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Research summary
Narrative write-up from our AI analyst

No independent review aggregators provided data for this domain.

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

1Malicious2Suspicious56Harmless92Engines
0
of 92
Forcepoint ThreatSeeker
Malicious· phishing
Fortinet
Suspicious· spam
Gridinsoft
Suspicious· suspicious

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Domain History
Age6 days old
RegistrarNICENIC INTERNATIONAL GROUP CO., LIMITED
RegisteredJun 2, 2026
ExpiresJun 2, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YR2
ExpiresSep 4, 2026 (88d)
Self-signedNo
Hosting & Technology
HostingAlexHost SRL
Server locationMD

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
Suspected
Punycode
No
  • 1301http://grok37k.icu/
  • 2200https://grok37k.icu/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPAlexHost SRL
Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Crypto Fraud
Crypto Fraud
Low-level signals
25/100
  • AI analyst tagged this as crypto fraud / wallet-drainer.
Phishing
Low-level signals
10/100
  • AI analyst tagged this as phishing.

Crypto scam / wallet-drainer indicators

The page shows patterns common to crypto-investment scams, fake airdrops, and wallet drainers.

  • Do not interact with grok37k.icu

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Never paste your seed phrase anywhere

    Legitimate wallets, exchanges and support staff will never ask for your 12/24-word recovery phrase. Typing it into any website — even one that looks real — gives attackers full access to your funds.

  • If you already connected a wallet

    Revoke token approvals immediately using revoke.cash or Etherscan's Token Approvals tool. Move remaining funds to a fresh wallet (new seed phrase). Assume the original wallet is compromised.

  • Report the wallet and URL

    File a report at IC3 (FBI Internet Crime Complaint Center) or your country's cybercrime portal. Recovery is unlikely, but reports help law enforcement map the network.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags grok37k.icu as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — grok37k.icu scored 11/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. grok37k.icu presents a valid TLSv1.3 certificate issued by Let's Encrypt · YR2, expiring in 88 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • grok37k.icu is 6 days old, registered on 6/2/2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged grok37k.icu as malicious or suspicious (1 outright malicious). Even one detection is a meaningful signal.
  • No. grok37k.icu is not currently listed on the major browser blocklist feeds that modern browsers use.
  • grok37k.icu resolves to an IP operated by AlexHost SRL in MD (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

0
Trust / 100
Final Verdict·grok37k.icu
DANGEROUS

A phishing site impersonating Grok (the AI assistant) registered just 6 days ago. Forcepoint ThreatSeeker flags it as phishing, and the domain uses a homoglyph redirect pattern typical of credential-harvesting attacks.

Do not visit this site or enter any credentials. If you received a link to grok37k.icu, it is a phishing attempt — report it to the legitimate Grok service and your email provider.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
bill.fast-shipping.it
2h ago
Read the review
Dangeroustrust1
lolsurpriseball.com
2h ago
Read the review
Dangeroustrust24
trzrx.com
2h ago
Read the review
Dangeroustrust32
kelvora.cfd
2h ago
Read the review
Dangeroustrust1
polymarket-swiss.ch
2h ago
Read the review
Dangeroustrust1
nn1775.com
2h ago
Read the review
Dangeroustrust1
scorpioncc.space
2h ago
Read the review
Dangeroustrust33
mpkt.to
2h ago
Read the review
Dangeroustrust1
app.zaewex.com
2h ago
Read the review
Dangeroustrust1
governances-firelightfoundation.xyz
2h ago
Read the review
Dangeroustrust42
loiflix.xyz
3h ago
Read the review
Dangeroustrust36
anistream.one
3h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.