# nexus-drop.org — SUSPICIOUS > PhishDestroy identifies nexus-drop.org as a crypto drainer impersonating Nexus protocol services. Domain flagged with 0/95 VirusTotal detections. ## Summary PhishDestroy flags nexus-drop.org as a crypto drainer impersonating Nexus protocol services, currently under active investigation. This newly registered domain (March 19, 2026) leverages a Let's Encrypt SSL certificate (valid but newly issued) and is hosted on IP 67.199.248.12, indicating potential malvertising or phishing campaigns targeting crypto users familiar with the Nexus ecosystem. The domain's structure mimics legitimate Nexus platforms, suggesting a high-fidelity imitation designed to deceive users into connecting wallets and signing malicious transactions that drain assets. This domain demonstrates minimal technical sophistication in evasion: VirusTotal currently reports 0/95 detections across all major antivirus engines, reflecting a short operational window or undetected payload delivery mechanism. Registered through Wild West Domains, LLC, the domain’s creation date is unusually recent (March 19, 2026), aligning with a short-lived campaign strategy. It resolves to a dedicated IP (67.199.248.12) with no prior association in domain blocklists, and lacks presence in Google Safe Browsing (GSB) reports. Its recent issuance and clean reputation suggest the threat actor is operating with a low profile, likely to exploit initial trust in newly registered domains. As of current assessment, nexus-drop.org remains active and unblocked by major security platforms, indicating elevated risk to unsuspecting users. PhishDestroy recommends immediate domain blocking and wallet isolation for those exposed. The low detection rate signals potential rapid evolution; continued monitoring is essential. Users are advised to avoid interacting with the domain, verify URLs via PhishDestroy’s real-time scanner, and inspect transaction approvals before signing. Risk level is classified as under investigation with potential to escalate to HIGH pending further payload analysis. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-19 10:54:49 - Registrar: Wild West Domains, LLC - IP: 67.199.248.12 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/aad0492d-2ff5-47d1-8c55-a3cad2a15de0 - PhishDestroy: https://phishdestroy.io/domain/nexus-drop.org/ - LLM endpoint: https://phishdestroy.io/domain/nexus-drop.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/nexus-drop.org/ Last updated: 2026-03-25