# app.goteal.io — MALICIOUS

> app.goteal.io is a live crypto drainer kit impersonating legitimate wallet services. VT flags 9/95 vendors.

## Summary
PhishDestroy identifies app.goteal.io as an active crypto wallet drainer kit masquerading as a legitimate financial service. This domain was flagged by 9 out of 95 VirusTotal security vendors, indicating widespread suspicion of malicious intent. The infrastructure leverages a GoDaddy-registered domain created June 28, 2016, resolving to Amazon-hosted IP 52.44.87.47. This suggests a long-standing but recently weaponized domain repurposed for phishing operations targeting cryptocurrency users.  This domain poses an elevated threat as a generic drainer kit, designed to trick victims into connecting their wallets to a fraudulent application that silently drains funds. Technical indicators include a VirusTotal detection rate of 9/95, registration through GoDaddy.com, LLC, and hosting on Amazon’s infrastructure at IP 52.44.87.47. The domain was created in 2016, likely indicating domain aging abuse, a common tactic to evade early reputation filtering. While Google Safe Browsing (GSB) status is not specified, the low VT coverage relative to active campaigns suggests limited blacklisting at scale. Blocklist aggregator data indicates this domain is not widely blocked, increasing exposure risk to potential victims.  As of current monitoring, app.goteal.io remains active and classified as an elevated threat. Immediate response actions include adding the domain and IP to organizational blocklists, disabling access via corporate DNS filtering, and distributing user advisories emphasizing wallet connection risks. Remaining risk is elevated due to the domain’s age, trusted hosting provider, and low initial detection rate. Users are strongly advised to verify all wallet connection URLs manually and avoid interacting with unsolicited links. Security teams should monitor for derivative domains and monitor network traffic for outbound connections to 52.44.87.47.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2016-06-28 16:28:52
- Registrar: GoDaddy.com, LLC
- IP: 52.44.87.47

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/16436ffe-7d1e-431d-ad30-0adcc11ef998
- PhishDestroy: https://phishdestroy.io/domain/app.goteal.io/
- LLM endpoint: https://phishdestroy.io/domain/app.goteal.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app.goteal.io/
Last updated: 2026-03-23