# mobileapp.top — SUSPICIOUS > mobileapp.top is a suspected crypto drainer scam resolving to 172.67.202.127 with 0/95 VirusTotal detections. Verify safety on PhishDestroy before interacting. ## Summary PhishDestroy identifies mobileapp.top as an active crypto drainer scam posing as a mobile application portal. This domain is under active investigation due to its use of obfuscated JavaScript designed to intercept cryptocurrency transactions and drain victim wallets. The threat actor behind this campaign leverages a recently registered domain (January 23, 2026) to exploit user trust in seemingly legitimate mobile app services. Technical analysis reveals the domain resolves to Cloudflare IP 172.67.202.127, a known hosting provider often abused for short-lived malicious campaigns. While 0 out of 95 security vendors on VirusTotal currently flag this domain, its rapid registration timeline and lack of historical reputation suggest it is actively being weaponized against crypto users. This domain exhibits multiple red flags consistent with emerging crypto drainer operations. VirusTotal's 0/95 detection rate indicates this is a zero-day threat that has evaded traditional signature-based detection systems. The domain was registered through NameSilo, LLC, a registrar known for its low barriers to domain acquisition, which threat actors frequently exploit for disposable malicious infrastructure. The SSL certificate issued by Google Trust Services lends false legitimacy to the page title 'mobileapp.top', creating a convincing facade for unsuspecting victims. The recent creation date (January 23, 2026) combined with zero blocklist detections suggests this is either a brand-new threat or an actively evolving campaign that has not yet been widely reported to threat intelligence platforms. The combination of these factors creates a deceptive yet dangerous threat environment for cryptocurrency users seeking legitimate mobile applications. Users who have visited mobileapp.top should immediately cease any cryptocurrency-related transactions from devices that accessed this domain. Check wallet extensions and browser extensions for unauthorized permissions, particularly those related to transaction signing. If any suspicious transactions have occurred, report them to your wallet provider and relevant blockchain explorers immediately. Run a full antivirus scan on all devices that accessed this domain, with particular attention to browser storage where crypto wallet seeds or private keys may be compromised. Do not interact with any further prompts or download any files from this domain. Report this domain to PhishDestroy for further analysis and community protection. Consider rotating all cryptocurrency wallet addresses and private keys as a precautionary measure, as crypto drainers often harvest credentials for future exploitation even after initial access. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Page title: mobileapp.top ## Domain Intelligence - Registered: 2026-01-23 04:36:33 - Registrar: NameSilo, LLC - IP: 172.67.202.127 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d78f3b4d-17cc-48bd-87a5-9f55774c8226 - PhishDestroy: https://phishdestroy.io/domain/mobileapp.top/ - LLM endpoint: https://phishdestroy.io/domain/mobileapp.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mobileapp.top/ Last updated: 2026-03-24