# mail.goteal.io — MALICIOUS > Beware: mail.goteal.io mimics Goteal.io services to deploy a live crypto drainer. Flagged by 11/95 security vendors. Verify URLs on PhishDestroy before clicking. ## Summary PhishDestroy identifies mail.goteal.io as a compromised domain actively propagating a crypto drainer impersonating the Goteal.io platform. This threat leverages a classic phishing vector—spoofed login portals—to trick users into connecting wallets and authorizing unauthorized transactions. The domain’s infrastructure is repurposed for credential harvesting and fund misappropriation, with no legitimate ties to Goteal.io beyond visual mimicry. Analysis of this infrastructure reveals a drainer kit designed to siphon cryptocurrency assets under the guise of a routine login or transaction approval. This domain exhibits multiple high-risk indicators. It was registered via GoDaddy.com, LLC on June 28, 2016, and resolves to IP 52.44.87.47. According to VirusTotal telemetry, 11 out of 95 security engines flag the domain as malicious. There are no available records indicating inclusion in Google Safe Browsing (GSB). While appearing aged, the domain functions actively under a malicious certificate issued by Amazon, strengthening its deception by presenting a false sense of legitimacy. The combination of an aged domain, valid SSL, and low detection rate suggests deliberate obfuscation and operational persistence. As of current analysis, the domain remains active and has not been globally blocked. This sustained availability increases exposure risk in email campaigns, fake websites, and social engineering lures. Immediate mitigation requires URL blocking at DNS and network levels, alongside user education to validate domains using tools like PhishDestroy. While elevated in risk, proactive blocking and community reporting can reduce its operational window. Remaining risk remains moderate-to-high due to continued accessibility and lack of widespread takedown. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2016-06-28 16:28:52 - Registrar: GoDaddy.com, LLC - IP: 52.44.87.47 ## Detection Status - VirusTotal: 11 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/80cdd7f3-4cf2-414d-90c8-a09ba77f562c - PhishDestroy: https://phishdestroy.io/domain/mail.goteal.io/ - LLM endpoint: https://phishdestroy.io/domain/mail.goteal.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/mail.goteal.io/ Last updated: 2026-03-23