# larpzwallet.com — MALICIOUS

> larpzwallet.com crypto-drainer site flagged by 14/95 VirusTotal vendors. Steals wallet credentials via fake wallet interface. Check before use.

## Summary
PhishDestroy identifies larpzwallet.com as an active crypto-drainer domain masquerading as a cryptocurrency wallet service. The site lures victims into connecting their crypto wallets and then drains funds via a sophisticated drainer kit embedded in the fake wallet interface. No direct link to a well-known brand was observed, indicating the threat actor is using a standalone spoofed wallet interface to deceive users. The domain leverages HTTPS via a Google Trust Services SSL certificate to appear legitimate.  This domain resolves to IP 188.114.96.3 and is registered through Hello Internet Corp. The domain was created on February 12, 2026, just days ago, indicating a very recent campaign. With 14 out of 95 VirusTotal security vendors flagging the domain, it remains under early detection scrutiny. While the SSL certificate is issued by a trusted authority, its recent creation and low blocklist penetration suggest a high-risk, evolving threat. The elevated risk level reflects the sophistication of the drainer kit and the active status of the domain.  As of this report, larpzwallet.com is active and poses an elevated risk to cryptocurrency users. Security teams are advised to block the domain and IP at the network level. Users should avoid visiting the site and verify any wallet-related URLs through official channels. Remaining risk is moderate due to early-stage detection, but the threat could escalate as more intelligence is gathered. Immediate blocking and user awareness are recommended to mitigate potential losses.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-12 22:34:17
- Registrar: Hello Internet Corp
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/larpzwallet.com
- PhishDestroy: https://phishdestroy.io/domain/larpzwallet.com/
- LLM endpoint: https://phishdestroy.io/domain/larpzwallet.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/larpzwallet.com/
Last updated: 2026-04-08