# gicho-leokten.com — SUSPICIOUS

> Domain gicho-leokten.com is a crypto wallet drainer site with 0/95 VirusTotal detections. Avoid clicking links from this domain or it may steal your.

## Summary
PhishDestroy identifies gicho-leokten.com as a suspected crypto wallet drainer domain under active investigation for generic phishing activities. The domain shows no immediate antivirus detection, with 0/95 VirusTotal detections, and is registered through NETIM with creation date of December 01, 2025. It resolves to IP 217.60.38.33 and uses a Let's Encrypt SSL certificate, suggesting a freshly established infrastructure designed to evade early detection.  This domain’s technical indicators reveal a high-risk profile: zero threat detection on VirusTotal, registration via NETIM, IP address 217.60.38.33, and a recent creation date. While no Google Safe Browsing (GSB) blocklists or third-party feeds currently flag it, its clean VT score and recent registration (December 1, 2025) indicate it may be part of a fast-moving campaign targeting cryptocurrency users.  Current status shows the domain remains active and unblocked as of analysis time. Users should avoid interacting with any links or content from gicho-leokten.com. Immediate response includes network-level blocking of the IP and domain, and caution when handling crypto wallet transactions. Remaining risk is elevated due to the absence of detections and potential for rapid deployment of drainer scripts or credential harvesters.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-01 18:34:29
- Registrar: NETIM
- IP: 217.60.38.33

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4c628d5e-a4a2-48ac-be5b-13d4801ee4ad
- PhishDestroy: https://phishdestroy.io/domain/gicho-leokten.com/
- LLM endpoint: https://phishdestroy.io/domain/gicho-leokten.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gicho-leokten.com/
Last updated: 2026-03-21