# tonkeeper-trade.top — MALICIOUS > tonkeeper-trade.top is a cryptocurrency wallet phishing site, flagged by 6 of 95 VirusTotal vendors. Check the full report. ## Summary PhishDestroy identifies tonkeeper-trade.top as a live cryptocurrency wallet phishing domain impersonating Tonkeeper, a legitimate TON blockchain wallet application. This threat is classified under the specific category of 'generic_phishing,' targeting users through deceptive interfaces designed to steal digital assets. The domain is currently active and operational, with threat actors actively using it to harvest credentials and private keys from unsuspecting victims. This domain was flagged by 6 of 95 VirusTotal vendors, indicating a significant but not overwhelming consensus on its malicious nature. It resolves to the IP address 172.67.157.82 and was registered through Gname.com Pte. Ltd. on March 10, 2026, suggesting a very recent and opportunistic registration likely intended to capitalize on brand confusion during periods of high user activity or hype. The presence of a Let’s Encrypt SSL certificate may lend an air of legitimacy to the site, but this is a common tactic among phishing operators to appear trustworthy. The combination of a freshly minted domain and low but concerning detection rates elevates the risk profile, as newer domains often fly under the radar of automated detection systems until they are widely reported. Given the elevated risk level and active status of tonkeeper-trade.top, users are strongly advised against interacting with this domain or any associated links. The phishing campaign appears designed to exploit the trust associated with Tonkeeper, making it particularly dangerous for users seeking legitimate wallet services. Immediate action should be taken to block this domain at the network and endpoint levels, and users who may have already entered credentials are urged to revoke access immediately and transfer remaining funds to a secure wallet. Additionally, report the domain to your cybersecurity team or through platforms like Google Safe Browsing to help disrupt ongoing campaigns. Proactive monitoring for similar domains and heightened user awareness around cryptocurrency wallet security are critical to mitigating further exposure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-10 20:52:33 - Registrar: Gname.com Pte. Ltd. - IP: 172.67.157.82 ## Detection Status - VirusTotal: 6 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/33911b02-9e09-4dfa-b46c-b77f7d5a3257 - PhishDestroy: https://phishdestroy.io/domain/tonkeeper-trade.top/ - LLM endpoint: https://phishdestroy.io/domain/tonkeeper-trade.top/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/tonkeeper-trade.top/ Last updated: 2026-03-22