# hltev.com — SUSPICIOUS

> hltev.com is a credential-harvesting phishing site impersonating a major tech brand. Flagged by 0 of 95 VirusTotal vendors. Check the full report.

## Summary
PhishDestroy identifies hltev.com as an active credential-harvesting domain designed to impersonate a prominent technology login portal. The domain is currently under investigation as a confirmed phishing threat with a high risk of user credential compromise. Security teams and end-users are advised to exercise extreme caution when encountering this domain or its associated infrastructure.


This domain was flagged by 4 security blocklists, including PhishingArmy, StevenBlack, OISD, and CERT-PL, while maintaining 0 detections out of 95 VirusTotal vendors as of the latest scan. Registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, hltev.com resolves to IP address 104.21.68.43 and utilizes a Let's Encrypt SSL certificate for added legitimacy. The domain was created on June 02, 2025, indicating a recently deployed threat infrastructure with minimal historical scrutiny.


While the investigation into hltev.com remains active, preliminary analysis confirms its involvement in credential harvesting campaigns targeting unsuspecting users. The combination of recent registration, minimal detection rates, and multiple blocklist flags suggests a sophisticated and evolving threat. Organizations and individuals should immediately block this domain at the network and endpoint levels, avoid any interaction with its login interfaces, and report any observed activity to their security teams or relevant CERT authorities. Enhanced monitoring for associated IP addresses and SSL certificates is strongly recommended to prevent further exploitation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-06-02 11:43:42
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.68.43

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishingArmy", "StevenBlack", "OISD", "CERT-PL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/hltev.com
- PhishDestroy: https://phishdestroy.io/domain/hltev.com/
- LLM endpoint: https://phishdestroy.io/domain/hltev.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hltev.com/
Last updated: 2026-04-03