# ultimateshop.mobi — SUSPICIOUS > ultimateshop.mobi is a cryptocurrency drainer site. VirusTotal flags 1/95 vendors. Avoid connecting wallets or entering credentials. ## Summary PhishDestroy identifies ultimateshop.mobi as a cryptocurrency drainer domain designed to trick users into connecting their crypto wallets and siphon funds. This site mimics a legitimate online store to lure victims into approving malicious smart-contract permissions that silently transfer tokens without additional confirmations. Once a wallet is linked, the drainer can drain assets directly from the connected accounts, often targeting Ethereum, Binance Smart Chain, or Polygon networks where approvals are frequently required for decentralized apps. This domain was flagged by exactly 1 out of 95 VirusTotal security vendors as malicious within hours of its creation. Records show it was registered on September 06, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for bulk and privacy-protected registrations that are often exploited in short-lived scam campaigns. It currently resolves to IP address 185.38.151.11 and uses a Let’s Encrypt SSL certificate to appear legitimate, but SSL alone does not guarantee safety. If you visited ultimateshop.mobi, immediately revoke any wallet connection permissions related to the site using your wallet’s connection manager or a block explorer like Etherscan or BscScan. Do not approve any unexpected transaction requests or sign messages from this domain. If you entered any credentials or private keys, change your passwords and revoke session tokens immediately. Report the domain to your wallet provider and consider transferring remaining funds to a new, clean wallet. Use reputable security tools to scan your device for malware that may have been installed during the visit. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-09-06 04:51:59 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 185.38.151.11 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/243bdd56-831b-404a-843c-d65ef0ae1744 - PhishDestroy: https://phishdestroy.io/domain/ultimateshop.mobi/ - LLM endpoint: https://phishdestroy.io/domain/ultimateshop.mobi/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ultimateshop.mobi/ Last updated: 2026-03-27