# mailx.goteal.io — MALICIOUS

> PhishDestroy flags mailx.goteal.io as an active crypto drainer impersonating login portals. This domain resolved 9/95 on VirusTotal and was created June 28,.

## Summary
PhishDestroy identifies mailx.goteal.io as an elevated-risk domain operating an active crypto drainer impersonating login portals. The site leverages a fake credential harvesting interface to trick users into surrendering private keys or wallet passwords, then drains cryptocurrency assets in real time. No specific drainer kit brand was observed, but the landing page mimics popular exchange and wallet login UIs to maximize deception.


Technical indicators confirm malicious activity: VirusTotal detection stands at 9 out of 95 security vendors, the domain was registered through GoDaddy.com, LLC on June 28, 2016, and resolves to IP address 52.44.87.47. The domain holds a valid Amazon-issued SSL certificate, suggesting active infrastructure designed to evade browser warnings. Google Safe Browsing (GSB) has not yet flagged this domain, and blocklist aggregation shows minimal external coverage despite confirmed fraudulent behavior.


Current status is active and rising: this domain remains online and accessible as of the latest scan, with no immediate takedown observed. Users who encounter mailx.goteal.io should avoid interaction and report the URL immediately to PhishDestroy for analysis and propagation to browser blocklists. Remaining risk is elevated due to persistent availability, absence from major blocklists, and the domain’s eight-year operational history—providing ample time to build trust with unsuspecting visitors. Immediate action by registrars and hosting providers is required to mitigate ongoing abuse.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2016-06-28 16:28:52
- Registrar: GoDaddy.com, LLC
- IP: 52.44.87.47

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/79767aae-39cd-4b12-9ce4-46869bdf8b13
- PhishDestroy: https://phishdestroy.io/domain/mailx.goteal.io/
- LLM endpoint: https://phishdestroy.io/domain/mailx.goteal.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/mailx.goteal.io/
Last updated: 2026-03-23