# nerimex.com — MALICIOUS

> Discover why nerimex.com was flagged for phishing. Learn about its risk factors and current offline status before interacting with this domain.

## Summary
PhishDestroy identifies nerimex.com as a medium-risk generic phishing domain intended to deceive users by mimicking legitimate services or brands. Classified under generic phishing, this domain aimed to collect sensitive information such as login credentials or personal data. Its creation date of March 01, 2026, suggests it is a relatively new entity within the threat landscape.

Technically, nerimex.com was registered through Global Domain Group LLC and resolved to the IP address 188.114.97.3. This IP has been previously associated with suspicious activity, often linked to transient or disposable hosting environments favored by cybercriminals for phishing campaigns. The domain infrastructure showed no evidence of advanced evasion techniques but exhibited standard phishing tactics like rapid registration and simple DNS mapping to obscure traffic origins.

Currently, nerimex.com is taken offline, effectively mitigating immediate risks posed to users. The domain’s removal from active DNS resolution prevents it from conducting further phishing attacks. However, monitoring is recommended since such domains may reappear or be replaced with similar names. PhishDestroy advises caution and vigilance when encountering related or newly registered domains in the same IP range or registration cluster.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: MEXC
- Page title: Nerimex: Elon Musk’s Official Crypto Casino Powered by Blockchain

## Domain Intelligence
- Registered: 2026-03-04 17:07:02
- Registrar: Global Domain Group LLC
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["dan.ns.cloudflare.com", "meg.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["BitDefender", "CRDF", "CyRadar", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Netcraft", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/jP65QMGp/9b12afa49462.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/nerimex.com
- Wayback Machine: https://web.archive.org/web/https://nerimex.com
- PhishDestroy: https://phishdestroy.io/domain/nerimex.com/
- LLM endpoint: https://phishdestroy.io/domain/nerimex.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nerimex.com/
Last updated: 2026-03-19