# ahv3ctpms4e.it-support-group.com — MALICIOUS > ahv3ctpms4e.it-support-group.com is a crypto drainer posing as IT support. It has an 18/95 VirusTotal detection rate and remains active despite blocklist. ## Summary PhishDestroy identifies ahv3ctpms4e.it-support-group.com as a generic phishing domain specifically engineered to harvest cryptocurrency wallet credentials through deceptive IT support impersonation tactics. This domain masquerades as a legitimate IT support portal, luring victims into entering sensitive private key or seed phrase information under the guise of security maintenance. The infrastructure behind this campaign is designed to drain cryptocurrency assets from unwitting users, making it a high-risk crypto drainer site rather than a conventional phishing page. This domain was flagged by PhishDestroy with concrete technical indicators confirming its malicious intent. VirusTotal analysis shows an elevated detection rate of 18 out of 95 security vendors, indicating partial but fragmented recognition of its malicious nature. The domain is registered through Amazon Registrar, Inc., resolving to IP address 52.204.246.179, and was created on October 21, 2021. It holds a valid SSL certificate issued by Let's Encrypt, likely to appear more legitimate to potential victims. Critically, this domain is blocked by PhishingDB and appears on 1 active security blocklist, yet it continues to operate with elevated risk due to incomplete global takedown coverage. As of current intelligence, ahv3ctpms4e.it-support-group.com remains active with an elevated risk level, demonstrating that partial blocklists are insufficient to neutralize crypto drainer campaigns. Immediate defensive actions include blacklisting the domain, IP, and SSL certificate across all security controls. Users should avoid accessing this site entirely and should never input cryptocurrency wallet information into any web form, especially those claiming affiliation with IT support. While current responses have been partially effective, the domain's continued activity underscores the need for enhanced real-time threat intelligence sharing. Remaining risk for crypto users remains significant, particularly for those unfamiliar with crypto drainer tactics. It is recommended to treat all unsolicited IT support communications with extreme caution and verify legitimacy through official channels before interacting with any login or wallet-related web interfaces. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2021-10-21 14:55:09 - Registrar: Amazon Registrar, Inc. - IP: 52.204.246.179 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["PhishingDB"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a077281b-b449-4c80-b435-d52e50726b23 - PhishDestroy: https://phishdestroy.io/domain/ahv3ctpms4e.it-support-group.com/ - LLM endpoint: https://phishdestroy.io/domain/ahv3ctpms4e.it-support-group.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ahv3ctpms4e.it-support-group.com/ Last updated: 2026-03-29