# com-elevarepay.web.id — MALICIOUS

> com-elevarepay.web.id is a crypto drainer impersonating ElevatePay, flagged by 16/95 VirusTotal vendors.

## Summary
PhishDestroy identifies com-elevarepay.web.id as an active crypto drainer domain impersonating the legitimate payment service ElevatePay. The domain leverages social engineering tactics to trick users into connecting cryptocurrency wallets under the guise of payment processing, with automated fund extraction upon wallet connection. Security research indicates the use of open-source or commoditized drainer kits commonly available in underground markets, tailored to masquerade as financial transaction portals.

Technical indicators for this domain are extensive and concerning. VirusTotal analysis reveals detection by 16 out of 95 security vendors, reflecting significant malicious reputation. Registered through PT Cloud Hosting Indonesia, the domain resolves to IP address 210.79.190.69 and was created on March 27, 2026. Google Safe Browsing classifies this domain under SOCIAL_ENGINEERING, signaling active abuse. The presence of a Let’s Encrypt SSL certificate adds a veneer of legitimacy, potentially increasing user trust. As of the latest assessment, this domain remains unblocked by some enterprise filters, enabling continued exposure.

The current status of com-elevarepay.web.id is marked as active and high-risk, with no evidence of takedown at this time. Immediate response actions include blocking the domain at the DNS and network levels, updating firewall rules to deny traffic to 210.79.190.69, and conducting endpoint scans for signs of wallet compromise or unauthorized transactions. Despite these measures, residual risk remains due to the domain’s recent creation and ongoing abuse potential. Users and organizations are strongly advised to verify payment portals through official channels and implement real-time monitoring for anomalous blockchain activity. Seed: 235230

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-27 10:23:45
- Registrar: PT Cloud Hosting Indonesia
- IP: 210.79.190.69

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/84bf2819-e575-4cea-b49a-f6304ca64ef1
- PhishDestroy: https://phishdestroy.io/domain/com-elevarepay.web.id/
- LLM endpoint: https://phishdestroy.io/domain/com-elevarepay.web.id/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/com-elevarepay.web.id/
Last updated: 2026-03-28