# nerkl.xyz — SUSPICIOUS

> nerkl.xyz operates as a crypto drainer phishing site with 0/95 VirusTotal detections. Avoid all transactions or data input to protect assets.

## Summary
PhishDestroy identifies nerkl.xyz as an active crypto drainer domain engineered to steal cryptocurrency assets from unsuspecting users. This malicious site mimics legitimate services to trick visitors into connecting wallets or entering private keys, enabling direct fund extraction. Technical analysis reveals the domain resolves to IP 172.67.147.132 and leverages a Google Trust Services SSL certificate to appear legitimate while facilitating fraudulent transactions. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on December 08, 2025, a recent creation designed to evade early detection systems.  This domain exhibits multiple red flags consistent with crypto drainer operations. VirusTotal currently shows 0/95 detections, indicating no antivirus or security tool has flagged it yet despite its malicious intent. The registration through a privacy-focused registrar and recent domain creation further suggest this is a fly-by-night operation aimed at exploiting users before takedowns can occur. Crypto drainers like this one typically embed malicious JavaScript that intercepts wallet connections or phishes for seed phrases, making any interaction with the site extremely hazardous to cryptocurrency holdings.  Users who visited nerkl.xyz should immediately revoke any wallet connections made on the site and transfer remaining funds to a new wallet. If seed phrases or private keys were entered, assume the wallet is compromised and migrate all assets to a fresh wallet with a new recovery phrase. Use blockchain explorers to check for unauthorized transactions and report the domain to your wallet provider and relevant crypto authorities. Do not interact with any pop-ups or prompts on the site, as these may contain additional malware or data-stealing scripts. Always verify URLs through official channels before entering sensitive information.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-08 17:58:33
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.147.132

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/nerkl.xyz
- PhishDestroy: https://phishdestroy.io/domain/nerkl.xyz/
- LLM endpoint: https://phishdestroy.io/domain/nerkl.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nerkl.xyz/
Last updated: 2026-04-07