# heleket.site — SUSPICIOUS

> Warning: heleket.site identified as a crypto drainer posing as a fake login page. VirusTotal 0/95 detections. Verify on PhishDestroy before entering credentials.

## Summary
PhishDestroy identifies heleket.site as an active phishing domain operating as a crypto drainer that mimics a login interface to steal cryptocurrency wallet credentials. This deception targets users by presenting a fake authentication portal designed to harvest private keys or seed phrases, allowing threat actors to drain digital assets. The domain resolves to IP 104.21.4.101 using a Let's Encrypt SSL certificate, which adds a false sense of legitimacy for unsuspecting victims.

This domain was flagged with clear red flags: registered through NameSilo, LLC on March 09, 2026—only days old—and currently shows zero detections on VirusTotal out of 95 security engines. Such a low detection rate, combined with a recently created domain and fresh SSL certification, is a common pattern among emerging phishing infrastructures designed to evade detection. Users are strongly advised to avoid interacting with this domain, especially when prompted for login credentials or wallet information.

If you have visited heleket.site and entered any sensitive information, immediately revoke access to your crypto wallet through official channels and transfer remaining funds to a secure wallet. Scan your device with updated antivirus software and consider using a dedicated hardware wallet for future transactions. Report the domain to PhishDestroy and your browser's safe browsing tools to help protect others. Always verify URLs through trusted sources like PhishDestroy before submitting any credentials or financial data.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-09 16:12:42
- Registrar: NameSilo, LLC
- IP: 104.21.4.101

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f74071ce-3e14-451c-9788-40c17def44da
- PhishDestroy: https://phishdestroy.io/domain/heleket.site/
- LLM endpoint: https://phishdestroy.io/domain/heleket.site/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/heleket.site/
Last updated: 2026-03-26