# nearmobile-airdrop.xyz — MALICIOUS

> Explore the risks linked to nearmobile-airdrop.xyz, a crypto drainer domain now offline. Learn about its threat profile and technical details.

## Summary
PhishDestroy identifies nearmobile-airdrop.xyz as a malicious domain classified under the crypto drainer category. The domain was created on February 21, 2026, and is associated with fraudulent schemes targeting cryptocurrency users by attempting to steal digital assets through deceptive airdrop offers.

Technical indicators reveal that nearmobile-airdrop.xyz was flagged by multiple security vendors and appeared on four different security blocklists. It was registered through an inactive or dead domain registrar, which is common in threat actor infrastructure to avoid attribution. VirusTotal data shows limited but notable detection, highlighting the domain's suspicious nature.

Currently, nearmobile-airdrop.xyz is offline and no longer accessible. This status reduces immediate risk to users; however, vigilance remains necessary as similar domains may emerge. PhishDestroy recommends continued monitoring of related infrastructure and user education on avoiding crypto-related scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Scam type: Airdrop Scam
- Page title: NPro token by NEAR Mobile

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: WE1

## Detection Status
- VirusTotal: 5 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01991a27-78da-747a-aec3-fe87f0fa4110.png
- PhishDestroy: https://phishdestroy.io/domain/nearmobile-airdrop.xyz/
- LLM endpoint: https://phishdestroy.io/domain/nearmobile-airdrop.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/nearmobile-airdrop.xyz/
Last updated: 2026-03-19