# heleket.click — SUSPICIOUS > heleket.click is a credential theft domain with 0/95 VirusTotal detections. Registered via Global Domain Group LLC on March 11, 2026, it resolves to 188.114.97. ## Summary PhishDestroy identifies heleket.click as a live credential theft domain actively distributing malicious content to unsuspecting users. The domain was registered on March 11, 2026 through Global Domain Group LLC and resolves to IP 188.114.97.3, which hosts infrastructure commonly associated with unauthorized data collection campaigns. Security scans conducted via VirusTotal reveal zero detections out of 95 engines, indicating this threat remains largely undetected by automated systems. The presence of a Let's Encrypt SSL certificate adds a false sense of legitimacy, luring victims into entering sensitive login credentials or personal information on spoofed login pages. Technical analysis of heleket.click confirms its classification as a credential theft domain, designed to mimic legitimate services in order to harvest usernames, passwords, and other authentication details. The domain’s recent registration date and clean VirusTotal score (0/95) suggest it is either newly deployed or deliberately crafted to evade detection. The hosting IP 188.114.97.3 has been linked to multiple low-reputation activities in threat intelligence feeds, reinforcing the likelihood of malicious intent. Additionally, the domain’s registrar, Global Domain Group LLC, has been observed facilitating bulletproof hosting services, further increasing the risk profile. Users who have visited heleket.click are strongly advised to immediately review all accounts for unauthorized access and change passwords used on or after the visit. Enable multi-factor authentication (MFA) wherever possible to prevent credential-based attacks. Monitor financial accounts and credit reports for signs of identity theft. If any credentials were entered, reset them immediately and consider using a password manager to prevent reuse across sites. Report the domain to your security team or block it at the network level using the IP 188.114.97.3 and domain name heleket.click. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-11 20:17:37 - Registrar: Global Domain Group LLC - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/510eab64-fabb-450a-a0b7-94d7664b0e7b - PhishDestroy: https://phishdestroy.io/domain/heleket.click/ - LLM endpoint: https://phishdestroy.io/domain/heleket.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/heleket.click/ Last updated: 2026-03-26