# app.hyeprsrwap.exchange — MALICIOUS — Crypto Drainer (Angel Drainer)

> app.hyeprsrwap.exchange hosts a high-risk crypto drainer scam using Angel Drainer kit. Avoid interaction and protect your assets now.

## Summary
PhishDestroy identifies app.hyeprsrwap.exchange as a high-risk phishing domain specializing in crypto asset theft. Classified as a crypto drainer, this domain impersonates a decentralized finance interface labeled "Hyperswap Interface" to lure victims into revealing sensitive wallet credentials. Its malicious intent is confirmed through association with the Angel Drainer malware kit, a known tool for unauthorized crypto fund extraction.

Technical indicators reveal that app.hyeprsrwap.exchange resolved to IP address 188.114.97.3 and was registered through Cloudflare, Inc., complicating attribution efforts. The domain scored extremely low trust ratings, including a 1/100 on both Scamadviser and Gridinsoft, and was listed on two independent security blocklists. VirusTotal flagged this domain with detections from 10 out of 95 security vendors, underscoring its recognized threat status within the cybersecurity community.

Currently, app.hyeprsrwap.exchange is offline, indicating takedown or loss of control by its operators. PhishDestroy recommends continued vigilance as such domains often resurface under different names or IPs. Users and organizations should block this domain proactively and avoid engaging with suspicious crypto swapping interfaces to prevent potential loss of digital assets.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Page title: Hyperswap Interface

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: none

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Seclookup", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01996766-564c-74cf-806a-0ff7a84ba7b4.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c5b2ab41-d0c2-4f14-b581-8ecbd3a65925
- PhishDestroy: https://phishdestroy.io/domain/app.hyeprsrwap.exchange/
- LLM endpoint: https://phishdestroy.io/domain/app.hyeprsrwap.exchange/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app.hyeprsrwap.exchange/
Last updated: 2026-03-19