# mob.g2trck.com — MALICIOUS

> PhishDestroy identifies mob.g2trck.com as a credential theft domain exploiting GoDaddy hosting, flagged by 12/95 VirusTotal scanners.

## Summary
PhishDestroy identifies mob.g2trck.com as a credential theft domain hosting a crypto drainer targeting unsuspecting users. This domain mimics legitimate tracking services to harvest login details and cryptocurrency wallet credentials, posing an elevated threat to visitors' financial safety. The infrastructure exploits GoDaddy's hosting services while masquerading through a Google Trust Services SSL certificate to appear legitimate.  This domain was flagged by 12 out of 95 security vendors on VirusTotal, with registration traced to GoDaddy.com, LLC on September 16, 2025—an unusually recent creation indicative of opportunistic malfeasance. Additionally, it appears on one prominent blocklist and is actively blocked by the Hagezi tracker, confirming malicious intent. The low detection rate despite clear red flags suggests this threat is either newly emergent or deliberately evasive.  Users who visited mob.g2trck.com should immediately audit their cryptocurrency wallets and online accounts for unauthorized access. Change passwords for any services accessed post-visit, enable two-factor authentication where available, and consider revoking unused API keys or wallet connections. If any accounts linked to crypto holdings were accessed while on this domain, transfer funds to a new wallet address immediately. Report the domain to your antivirus provider and avoid interacting with similar URLs to prevent further exposure. Proactive monitoring of financial transactions is strongly advised following this encounter.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-09-16 17:27:21
- Registrar: GoDaddy.com, LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 12 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Hagezi"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/55222600-7f54-464c-be9a-e950d82ee75c
- PhishDestroy: https://phishdestroy.io/domain/mob.g2trck.com/
- LLM endpoint: https://phishdestroy.io/domain/mob.g2trck.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mob.g2trck.com/
Last updated: 2026-03-26