# smtp2.goteal.io — MALICIOUS

> PhishDestroy identifies smtp2.goteal.io as a credential theft domain. 8/95 VirusTotal vendors flag this crypto drainer impersonator. Block it now.

## Summary
PhishDestroy identifies smtp2.goteal.io as a credential theft domain with elevated risk. This host impersonates legitimate email services to harvest login credentials from unsuspecting users.

Forensic analysis reveals exact indicators: VirusTotal flags 8 out of 95 security vendors, the domain is registered via GoDaddy.com, LLC, resolves to IP 52.44.87.47, and was created on June 28, 2016. Amazon-issued SSL certificates and Google Safe Browsing status remain unverified; blocklist counts are actively tracked.

This domain remains active despite security vendor detections. Users should block smtp2.goteal.io at DNS, firewall, and endpoint levels. Remaining risk is elevated due to active credential harvesting campaigns targeting email and crypto platforms. Immediate action is required to prevent credential compromise.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2016-06-28 16:28:52
- Registrar: GoDaddy.com, LLC
- IP: 52.44.87.47

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8a9b5058-b738-421d-b7fd-45bb54096594
- PhishDestroy: https://phishdestroy.io/domain/smtp2.goteal.io/
- LLM endpoint: https://phishdestroy.io/domain/smtp2.goteal.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/smtp2.goteal.io/
Last updated: 2026-03-24