# keplrwallet.to — MALICIOUS

> keplrwallet.to is a high-risk crypto drainer site flagged on multiple blocklists. Avoid interaction and secure your crypto assets immediately.

## Summary
PhishDestroy identifies keplrwallet.to as a high-risk crypto drainer actively targeting users. This domain poses a significant threat to cryptocurrency holders by attempting to steal digital assets through deceptive means.

The domain was registered via the Government of Kingdom of Tonga on March 11, 2026, and is currently active. It appears on three security blocklists and is flagged by 13 out of 95 VirusTotal vendors. It resolves to IP 172.67.186.251, indicating a potentially malicious infrastructure designed for fraudulent activity.

Users are strongly advised to avoid keplrwallet.to and not to provide any wallet credentials or private keys. Monitoring for suspicious transactions and employing hardware wallets or trusted software is recommended. The domain remains active and should be treated with caution.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: Keplr Wallet: Secure Cosmos Wallet for IBC, Staking &amp; DeFi

## Domain Intelligence
- Registered: 2026-03-11 17:07:02
- Registrar: Government of Kingdom of Tonga
- Country: TO
- IP: 172.67.186.251
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["megan.ns.cloudflare.com", "yew.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "ESET", "Emsisoft", "Fortinet", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ceb97-ae08-729c-9673-9f7317731d0b.png
- PhishDestroy: https://phishdestroy.io/domain/keplrwallet.to/
- LLM endpoint: https://phishdestroy.io/domain/keplrwallet.to/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/keplrwallet.to/
Last updated: 2026-03-19