# apple.mobprofs.com — SUSPICIOUS

> apple.mobprofs.com is a fake Apple login page using a crypto drainer. This domain (created 10/01/2025) was flagged by 2/95 VirusTotal scanners.

## Summary
PhishDestroy identifies apple.mobprofs.com as an active Apple brand impersonation site leveraging a credential harvesting mechanism to target unsuspecting users. This domain poses an elevated risk due to its use of Apple’s branding to deceive victims into entering sensitive information, which may then be exploited for financial fraud or account takeover. The presence of a crypto drainer script further suggests an automated theft mechanism designed to siphon cryptocurrency assets upon login, making this threat particularly severe for users seeking to access Apple services or promotions. 

This domain was flagged by 2 out of 95 VirusTotal security vendors, indicating partial detection by the antivirus community. It resolves to IP address 185.158.133.1, was registered on October 01, 2025, and uses Google Trust Services for its SSL certificate. The domain is hosted through Cloudflare, Inc., a common provider that masks origin servers and complicates takedown efforts. The recent creation date and use of a legitimate-looking certificate suggest an opportunistic campaign designed to capitalize on brand trust before widespread blacklisting occurs. 

Users should avoid interacting with apple.mobprofs.com entirely, as any input into this site could result in credential theft or cryptocurrency loss. If you encountered this domain and entered login details, change your Apple ID password immediately and revoke any unfamiliar app permissions. Enable two-factor authentication on all Apple accounts and use a password manager to detect counterfeit login pages. Report this domain to PhishDestroy for verification and block it via your browser or network defenses. Monitor financial accounts for unauthorized transactions and consider using hardware wallets for cryptocurrency storage to mitigate drainer risks. Always access Apple services directly via verified domains like apple.com or official apps.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Apple

## Domain Intelligence
- Registered: 2025-10-01 18:11:46
- Registrar: Cloudflare, Inc.
- IP: 185.158.133.1

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/849b7a47-8846-4a33-8146-934d6cf67a23
- PhishDestroy: https://phishdestroy.io/domain/apple.mobprofs.com/
- LLM endpoint: https://phishdestroy.io/domain/apple.mobprofs.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/apple.mobprofs.com/
Last updated: 2026-04-12