# nexus-box.eth.limo — SUSPICIOUS

> Phishing domain nexus-box.eth.limo mimics a crypto wallet service and hosts a live scam page. Check the full report.

## Summary
PhishDestroy identifies nexus-box.eth.limo as an active cryptocurrency wallet-themed phishing portal currently hosting a live scam page. The site registers as a crypto wallet lure and remains accessible via Ethereum Name Service subdomain routing to the .limo TLD. Investigation status is active and further validation is underway.

This domain resolves to the IPv4 address 3.135.72.151 and presents a Let’s Encrypt SSL certificate issued for the exact domain string. VirusTotal currently flags the page with 0 detections out of 95 vendor engines. WHOIS data indicates recent domain creation; however, exact creation timestamp is still being verified. Historical scan results show zero listings on major public blocklists, and aggregated trust scoring engines currently report neutral confidence levels pending deeper behavioral analysis.

Users are advised to block nexus-box.eth.limo at network and DNS levels and avoid visiting the site or entering any credentials. Cryptocurrency wallet users should verify all URLs manually against official endpoints, enable hardware wallet authentication where possible, and monitor transaction histories for unauthorized transfers. Security teams should block the IP 3.135.72.151 and the domain at perimeter defenses, and report indicators to threat intelligence platforms for collective defense.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 3.135.72.151

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5b43c9c2-2d64-4ac5-b383-2a1966da46fe
- PhishDestroy: https://phishdestroy.io/domain/nexus-box.eth.limo/
- LLM endpoint: https://phishdestroy.io/domain/nexus-box.eth.limo/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nexus-box.eth.limo/
Last updated: 2026-03-25