grok82c[.]icu
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of grok82c[.]icu
The domain grok82c[.]icu appears to host a page designed to resemble a major search engine homepage. The screenshot shows a familiar search-style layout with branding elements associated with Google, while the page title is also set to "Google." Based on the visible content and linked resources, the site does not appear to present original organizational information, business details, or a clear legitimate service identity of its own.
The domain name itself is a short, low-context string that does not obviously match the branding shown on the page. In addition, the page references another external domain, grok-official.cfd, which may indicate redirection, campaign tracking, or related infrastructure. Taken together, the available evidence suggests this site may be part of a look-alike or traffic-routing setup rather than an independently branded public website.
No operator identity is disclosed in the provided scan data, and the domain is extremely new. That combination can make it harder to verify ownership or intent based on publicly visible signals alone.
Safety Assessment for grok82c[.]icu
Several risk indicators are present at the time of this scan. The domain was flagged by 4 out of 92 security engines, with detections broadly describing phishing, suspicious activity, spam, or malicious behavior. While blacklist databases checked here did not list the domain, multi-engine detections of this kind are still a meaningful warning sign, especially when combined with the page's imitation of a well-known search brand.
The visual presentation closely resembles Google's homepage, but the domain is grok82c[.]icu rather than an official Google-owned domain. That mismatch may indicate a look-alike page intended to create trust or capture clicks. The domain is also only 2 days old and has no established popularity ranking, which can increase uncertainty because newly created domains are commonly used in short-lived campaigns.
The malware scan did not identify malicious files on the sampled content, and no threats were detected in the scanned external links by that specific check. However, clean file results do not outweigh the combination of brand imitation, very recent registration, and multiple security-engine detections. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid TLS certificate issued by a mainstream certificate authority, and it is served through Cloudflare infrastructure with nameservers on Cloudflare as well. The resolved IP address is 104.21.47.118, and the reported web server is "gws." A valid certificate helps encrypt traffic in transit, but it does not by itself verify that the site's content or purpose is trustworthy.
From a domain-security perspective, DNSSEC appears to be unsigned, so DNS responses may not benefit from that additional integrity layer. The domain is only 2 days old, uses a low-cost-looking .icu registration, and is hosted behind a common reverse-proxy/CDN setup that can obscure origin details. No malicious files or flagged iframes were found in the provided scan, but the combination of fresh registration, brand-like presentation, and external linkage to another newly branded domain may be a technical concern.
Share your experience with this website. Was it safe? Did you encounter any issues?