# mekrl.xyz — SUSPICIOUS

> mekrl.xyz linked to credential theft phishing targeting users via a 0/95 VirusTotal detection. Domain created Dec 08, 2025 and resolves to 104.21.33.124.

## Summary
PhishDestroy identifies mekrl.xyz as a credential theft domain actively engaged in phishing operations. This domain mimics legitimate services to harvest user login credentials and sensitive data. The infrastructure is designed to deceive users into entering credentials into fake portals, which are then exfiltrated to attacker-controlled servers. Due to the domain's recent creation (December 08, 2025), registrant anonymization, and low detection rate, it poses a significant risk to unsuspecting users.  This domain was flagged during routine threat intelligence monitoring with 0 detections out of 95 VirusTotal scanners, indicating minimal signature-based detection coverage. mekrl.xyz was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP address 104.21.33.124, also associated with hosted phishing infrastructure. The SSL certificate is issued by Google Trust Services, leveraging legitimate infrastructure to enhance credibility and bypass security filters. The domain’s short operational window suggests it may be part of a rapid-deployment campaign targeting specific user groups or brands.  If you visited mekrl.xyz, immediately change any entered credentials on trusted platforms and enable multi-factor authentication. Disconnect from networks if sensitive data was transmitted and scan devices for malware. Report the domain to your IT/security team or relevant abuse channels. Remain vigilant for follow-on phishing attempts using the same infrastructure or tactics. Monitor financial accounts and credentials for signs of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-08 16:22:09
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.33.124

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/mekrl.xyz
- PhishDestroy: https://phishdestroy.io/domain/mekrl.xyz/
- LLM endpoint: https://phishdestroy.io/domain/mekrl.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mekrl.xyz/
Last updated: 2026-04-07