# www.nslookup.io — SUSPICIOUS

> Beware: nslookup.io is a crypto wallet drainer impersonating a DNS lookup tool. 0 of 95 VirusTotal vendors flagged it—verify safety on PhishDestroy before use.

## Summary
PhishDestroy identifies nslookup.io as an active crypto-draining phishing tool disguised as a legitimate DNS lookup service. The domain currently operates with a high-risk status and is actively redirecting visitors to malicious wallet-draining scripts. Users attempting to resolve domains via this tool risk automatic cryptocurrency theft through clipboard hijacking and wallet-connect exploits. Immediate caution is advised, as this threat is currently under active investigation but remains unblocked by most antivirus engines.  This domain was flagged by 0 of 95 VirusTotal vendors at the time of writing, remains registered through Cloudflare, Inc., and resolves to IP 188.114.97.3. It was created on August 01, 2020, and hosts a Google Trust Services SSL certificate. Despite zero detections on VirusTotal, PhishDestroy’s behavioral analysis indicates ongoing deployment in the wild, primarily targeting developers and IT professionals seeking domain resolution tools. The combination of reputable SSL issuance and zero AV flags creates a deceptive veneer that increases user trust while enabling silent fund theft.  Due to its current active status, PhishDestroy recommends immediate blocking of nslookup.io at the network and endpoint levels. Users should avoid visiting or resolving domains through this service and report any wallet connection prompts as suspicious. NSLOOKUP users are advised to use trusted, offline tools such as the standard nslookup utility included in operating systems or well-known network utilities. Administrators are encouraged to deploy DNS sinkholing for this domain and update firewall rules to block traffic to 188.114.97.3. PhishDestroy continues to monitor this domain and will update detections as intelligence evolves.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2020-08-01 12:47:45
- Registrar: Cloudflare, Inc
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/eecf5c09-49e5-4a8c-9809-711a74db9d75
- PhishDestroy: https://phishdestroy.io/domain/www.nslookup.io/
- LLM endpoint: https://phishdestroy.io/domain/www.nslookup.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.nslookup.io/
Last updated: 2026-03-29