# hyperliquiid-wallet.pages.dev — SUSPICIOUS

> PhishDestroy identifies hyperliquiid-wallet.pages.dev as a brand impersonation site claiming to mimic Hyperliquid.

## Summary
PhishDestroy identifies hyperliquiid-wallet.pages.dev as a fraudulent domain falsely mimicking Hyperliquid, a legitimate decentralized exchange platform. This site is currently under active investigation for brand impersonation and suspected crypto drainer activity aimed at stealing digital assets by tricking users into connecting wallets or entering private keys. The threat is not just generic phishing; it specifically targets crypto traders by exploiting brand recognition and trust in Hyperliquid to deceive visitors into surrendering sensitive blockchain credentials or authorizing malicious transactions.  

 This domain was flagged due to clear impersonation of Hyperliquid and suspicious operational setup. As of the latest scan, VirusTotal shows zero detections out of 95 security engines—indicating this fraudulent site has not yet been widely blacklisted. The domain resolves to IP address 172.66.46.233 and is registered through Cloudflare, Inc., using a Google Trust Services SSL certificate to appear legitimate. While SSL does not guarantee safety, its presence increases credibility and lowers user suspicion, making victims more likely to engage. The page is hosted on Cloudflare Pages (pages.dev), a common legitimate service, but is being abused to host fraudulent content with minimal infrastructure footprint.  

 If you visited hyperliquiid-wallet.pages.dev, do not connect your wallet or enter any credentials. Close the tab immediately and clear your browser cache. Check your wallet for unauthorized transactions or approvals, especially on Arbitrum or other chains Hyperliquid supports. Revoke any suspicious smart contract approvals using tools like revoke.cash or Tenderly. Report the domain to Hyperliquid’s official channels and consider scanning your device with updated antivirus software. Always verify URLs using official sources before interacting, and use bookmarks for critical platforms to avoid typosquatting or lookalike domains.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Hyperliquid

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.46.233

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/hyperliquiid-wallet.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/hyperliquiid-wallet.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hyperliquiid-wallet.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquiid-wallet.pages.dev/
Last updated: 2026-04-02