MalwareTips
DANGEROUS

Crypto scam / wallet-drainer

nexus1onion.com is a look-alike (homoglyph) of a well-known domain. Signals match fake investment platforms and wallet drainers. Never connect a wallet, paste a seed phrase, or deposit crypto here.

Security Review

Is nexus1onion.com legit or a scam?

Our verdict:Dangerous· 14/100

Clone of a darknet marketplace on a 71-day-old domain flagged as crypto phishing by PhishDestroy.

Top reasons
Domain only 71 days old with no established business presenceExact clone of a known Tor marketplace using identical branding on clearnetExplicitly flagged as cryptocurrency phishing by PhishDestroy
nexus1onion.comScanned 3d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 13·MT 15
Category tags
phishingcrypto#Phishing#Crypto Fraud#Clone Site90% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
Data unavailable
Domain Age
71 days old
Registered Mar 23, 2026
MT Intelligence
Dangerous
High likelihood · 90% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
High scam likelihoodengineMT · Guardiantrust15/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The site presents itself as an informational hub for the Nexus darknet market but runs on a brand-new .com domain instead of the real Tor .onion addresses. It exactly copies the title, description, and features of the legitimate marketplace while providing zero contact details. PhishDestroy explicitly lists nexus1onion.com as a cryptocurrency phishing site targeting wallet credentials. The registrar has a noted history of high-risk domains, and the page loads no real business registration or verifiable presence. These signals together indicate a drainer or phishing operation rather than a legitimate resource.
Full dossier
Analysis complete

Page Content

The page promotes multi-sig escrow, Monero payments, and vendor verification for a darknet marketplace but contains no login forms, no working links to the actual market, and zero contact information. It functions as promotional copy for a nonexistent clearnet version of a Tor-only service.

Infrastructure

Domain is 71 days old, hosted on Cloudflare with valid SSL, and loads minimal external resources. The IP shows low abuse reports, yet the registrar is flagged in external data as high-risk for illegal-content domains.

Domain History

Registered March 2026 through NiceNIC with no privacy protection. No business records exist, and the domain is not indexed in global traffic rankings.

Web Reputation

One confirmed phishing report exists; no positive reviews or legitimate mentions were located.

Risk Factors
5
  • Domain only 71 days old with no established business presence
  • Exact clone of a known Tor marketplace using identical branding on clearnet
  • Explicitly flagged as cryptocurrency phishing by PhishDestroy
  • Zero contact email, phone, or address listed anywhere on the page
  • Registrar previously linked to high volumes of illegal-content domains
Positive Signals
2
  • Browser blocklist feeds returned clean
  • Hosting IP shows only a single abuse report
AI Recommendation
Do not visit the site or interact with any links. If you already entered credentials, monitor your accounts and consider changing passwords from a secure device.
Scam network detected
2 linked domains correlated

Evidence confirms this site is a clone of nexus market .onion with contactless-crypto-new-domain patterns typical of drainer farms.

nexus1onion.infonexus1onion.shop
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of nexus1onion.com
LIVE RENDER
nexus1onion.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for nexus1onion.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
2 months
Registered Mar 2026
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Clones nexus market .onion (e.g. nexusabcdkq4pdlubs6wk6ad7pobuupzoomoxi6p7l32ci4vjtb2z7
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
1 scam report
Key findings
7 headline facts from open-web research
  • Domain nexus1onion.com registered March 23, 2026 (71 days old as of June 2026)
  • Explicitly flagged as cryptocurrency phishing site by PhishDestroy with 83/100 risk score and listed in their blocklist
  • Page title exactly matches 'Nexus Onion — Premier Darknet Marketplace | nexus1onion.com'
  • Registrar NiceNIC noted by PhishDestroy as high-risk with >90% of domains linked to illegal content
  • No scam reports, reviews, or complaints found on Reddit or major forums in targeted searches
  • Related clearnet sites (nexus1onion.info, nexus1onion.shop) exist promoting the same Nexus darknet market theme
  • Real Nexus marketplace referenced via multiple .onion mirrors in directories like onion.live
Scam reports (1)
Direct quotes from public scam databases, forums, and news.
  • PhishDestroyopen

    "The domain nexus1onion[.]com has been identified as a cryptocurrency phishing website. This malicious site targets Web3 users by mimicking legitimate crypto platforms to steal wallet credentials and digital assets."

Impersonation / typosquat
Clone of nexus market .onion (e.g. nexusabcdkq4pdlubs6wk6ad7pobuupzoomoxi6p7l32ci4vjtb2z7

Clearnet .com site uses identical title and description to promote darknet marketplace features while real Nexus operates exclusively on Tor .onion domains.

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

PhishDestroy flagged nexus1onion.com as a cryptocurrency phishing website that mimics legitimate crypto platforms to steal wallet credentials. The same source notes the registrar NiceNIC has over 90% of its domains tied to illegal content. Related clone domains (nexus1onion.info, nexus1onion.shop) promote the identical theme. No positive reviews or business registrations were found.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Critical cluster

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of nexus market .onion (e.g. nexusabcdkq4pdlubs6wk6ad7pobuupzoomoxi6p7l32ci4vjtb2z7.
  • Zero contact info, crypto/gambling content, and the domain is only 71 days old — hallmark of a drainer farm.
Linked signals (2)
Clone of nexus market .onion (e.g. nexusabcdkq4pdlubs6wk6ad7pobuupzoomoxi6p7l32ci4vjtb2z7Pattern · Contactless Crypto NEW Domain

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age71 days old
RegistrarNICENIC INTERNATIONAL GROUP CO., LIMITED
RegisteredMar 23, 2026
ExpiresMar 23, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · E8
ExpiresAug 19, 2026 (77d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
Suspected
Punycode
No
  • 1301http://nexus1onion.com/
  • 2200https://nexus1onion.com/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Scam-Type Likelihood

3 scam-type patterns detected
Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Crypto Fraud
Crypto Fraud
Moderate likelihood
0/100
  • AI analyst tagged this as crypto fraud / wallet-drainer.
  • AI analyst categorised the site as crypto-themed.
Brand Impersonation
Moderate likelihood
0/100
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.
Phishing
Low-level signals
0/100
  • AI analyst tagged this as phishing.

Crypto scam / wallet-drainer indicators

The page shows patterns common to crypto-investment scams, fake airdrops, and wallet drainers.

  • Do not interact with nexus1onion.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Never paste your seed phrase anywhere

    Legitimate wallets, exchanges and support staff will never ask for your 12/24-word recovery phrase. Typing it into any website — even one that looks real — gives attackers full access to your funds.

  • If you already connected a wallet

    Revoke token approvals immediately using revoke.cash or Etherscan's Token Approvals tool. Move remaining funds to a fresh wallet (new seed phrase). Assume the original wallet is compromised.

  • Report the wallet and URL

    File a report at IC3 (FBI Internet Crime Complaint Center) or your country's cybercrime portal. Recovery is unlikely, but reports help law enforcement map the network.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

static.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

  • Our automated security review flags nexus1onion.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

0
Trust / 100
Final Verdict·nexus1onion.com
DANGEROUS

This is a clearnet clone of a darknet marketplace that mimics the real Nexus Onion site. Our analysis flags it as a cryptocurrency phishing page with a confirmed report from PhishDestroy. Avoid visiting or entering any information.

Do not visit the site or interact with any links. If you already entered credentials, monitor your accounts and consider changing passwords from a secure device.

AV engines
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
loureiru.lol
33m ago
Read the review
Dangeroustrust14
cinewhale.cc
52m ago
Read the review
Dangeroustrust39
kabjember.com
2h ago
Read the review
Dangeroustrust41
by42.arswdppo.top
2h ago
Read the review
Dangeroustrust21
astral-games.xyz
3h ago
Read the review
Dangeroustrust25
oneshippros.com
3h ago
Read the review
Dangeroustrust34
movies4u.as
3h ago
Read the review
Dangeroustrust40
cineby.gd
3h ago
Read the review
Dangeroustrust14
lipopeakdrops.com
3h ago
Read the review
Dangeroustrust15
yooutube.com
7h ago
Read the review
Dangeroustrust1
youareanidiot.com
7h ago
Read the review
Dangeroustrust12
flixhd.cc
8h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.