Phishing Analysis: Keplr

100 Risk Score

High Risk

Threat Level: ALTO • Impersonating: Keplr

• Threat: Credential harvesting phishing kit
• Target: Keplr wallet users
• Method: Fake login form stealing wallet credentials
• Exfil: Data sent via WebSocket to unofficial servers
• Indicators: Domain mismatch, obfuscated JavaScript, new domain
• Risk: CRITICAL - Immediate credential theft

⚠ Risk Factors

JavaScript obfuscation detected (6 patterns)
Credential harvesting indicators detected
OTP/2FA stealing indicators detected
WebSocket connection for real-time C2 communication

Visual Capture

Detection Info

https://keplr.top

Detected Brand

Keplr

Country

International

Confidence

100%

HTTP Status

200

Report ID

a155eda6-748…

Analyzed

2026-01-11 08:33

Final URL (after redirects)

https://keplr.top/#/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12E33BB64F153346B84B7C4D1B8956F54F1C2DB35C7580A08A3AC1A6D2FCBCD9AFA132A
CONTENT ssdeep	1536:ILqdqLEZSAYRpRBlp6dYuhghEj6uPTzhBeC3L:DuHkf

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c41ee136b227e3ca
VISUAL aHash	801810065e76f7ff
VISUAL dHash	17b071bcb486868e
VISUAL wHash	801810065e7ef7ff
VISUAL colorHash	300000001c0
VISUAL cropResistant	17b071bcb486868e

Code Analysis

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

WebSocket C2

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing kit
• Target: Keplr wallet users
• Method: Fake login form stealing wallet credentials
• Exfil: Data sent via WebSocket to unofficial servers
• Indicators: Domain mismatch, obfuscated JavaScript, new domain
• Risk: CRITICAL - Immediate credential theft

🔒 Obfuscation Detected

atob
fromCharCode
unescape
document.write
unicode_escape
base64_strings