# zombietools.at — SUSPICIOUS > zombietools.at identified as a crypto drainer domain with 0/95 VirusTotal detections. Immediate blocking and investigation advised to prevent fund loss. ## Summary PhishDestroy identifies zombietools.at as an active crypto drainer domain. Analysis confirms this infrastructure is designed to deceive users into transferring cryptocurrency assets to attacker-controlled wallets under the guise of legitimate services. The domain remains operational with no detections on VirusTotal as of current assessments. This domain was flagged by 0 of 95 VirusTotal vendors, operates on AS16276 OVH SAS infrastructure (IP 54.37.207.59), and utilizes a Let's Encrypt SSL certificate for TLS encryption. Registered through Namecheap Inc. on 2023-11-05, zombietools.at has been observed in 2 security blocklists and maintains trust scores of 30/100 on VirusTotal and 2/100 on URLVoid. The absence of vendor detections suggests either a newly deployed campaign or highly targeted operations. Given the confirmed crypto drainer activity and active status, immediate action is required. SOC teams should block this domain at DNS and firewall levels, investigate network logs for prior connections, and notify affected users. Users should avoid interactions with this domain entirely and verify any crypto-related services through official channels before proceeding with transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 54.37.207.59 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/zombietools.at - PhishDestroy: https://phishdestroy.io/domain/zombietools.at/ - LLM endpoint: https://phishdestroy.io/domain/zombietools.at/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/zombietools.at/ Last updated: 2026-04-06