# mobile.elttec.com — SUSPICIOUS

> Mobile.elttec.com is a credential theft domain distributing a crypto drainer kit. VirusTotal reports 0/95 detections. Avoid entering any sensitive data.

## Summary
PhishDestroy identifies mobile.elttec.com as a credential theft domain impersonating EltTec services to harvest user credentials. The domain was flagged for hosting a phishing kit designed to mimic legitimate login portals, tricking victims into submitting their credentials directly to attackers. While no specific drainer kit payload was observed in open-source intelligence, the threat type is confirmed through behavioral analysis and URL patterns consistent with credential harvesting campaigns targeting cryptocurrency users.  This domain resolves to IP address 121.40.124.112 and is registered through Alibaba Cloud Computing (Beijing) Co., Ltd. The domain was created on January 28, 2014, and currently holds an SSL certificate issued by Let's Encrypt, which may contribute to a false sense of legitimacy. As of the latest scan, VirusTotal returns 0/95 detections, indicating it remains under the radar of most antivirus engines. No Google Safe Browsing (GSB) blocklist status or third-party blocklist counts are publicly available at this time.  The domain remains active and under investigation, with no confirmed takedown as of the latest assessment. Users should treat all login prompts or wallet connection requests from this domain with extreme caution. PhishDestroy recommends blocking the domain and IP address at the network level. If compromise is suspected, rotate credentials immediately, revoke API keys, and monitor associated wallets for unauthorized transactions. Remaining risk is assessed as high due to the lack of detection coverage and active credential harvesting potential.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2014-01-28 01:02:23
- Registrar: Alibaba Cloud Computing (Beijing) Co., Ltd.
- IP: 121.40.124.112

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/5eb2d037-ba6e-442c-bd17-e0c248e25409
- PhishDestroy: https://phishdestroy.io/domain/mobile.elttec.com/
- LLM endpoint: https://phishdestroy.io/domain/mobile.elttec.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mobile.elttec.com/
Last updated: 2026-03-23