# hypers.pages.dev — MALICIOUS

> Discover why hypers.pages.dev is flagged as a high-risk phishing site and learn how it was taken offline to protect users.

## Summary
PhishDestroy identifies hypers.pages.dev as a high-risk phishing domain designed to deceive users and harvest sensitive information. Classified under generic phishing threats, this domain posed significant risks to unsuspecting visitors by mimicking legitimate services or requests.

Analysis reveals that hypers.pages.dev resolved to the IP address 172.66.47.50 and was registered through Cloudflare, Inc. The domain was relatively new, having been created on February 21, 2026, which is often a hallmark of malicious setups. Supporting evidence includes its detection by VirusTotal, where 15 out of 95 security engines flagged it as malicious, and a Google Safe Browsing classification for social engineering. Additionally, the domain was listed on two security blocklists, indicating widespread recognition of its threat.

Currently, hypers.pages.dev has been taken offline, mitigating immediate risk to users. Despite the domain being inactive, organizations should remain vigilant and continue monitoring for potential phishing campaigns that may arise from similar infrastructure. PhishDestroy recommends updating security filters and educating users about the dangers of interacting with suspicious or recently created domains to prevent future incidents.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.50
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["owen.ns.cloudflare.com", "raegan.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bf318-e7dd-7166-b1e1-830326cc3116.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/7baa8cee-a619-471e-af31-766766e00521
- PhishDestroy: https://phishdestroy.io/domain/hypers.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/hypers.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hypers.pages.dev/
Last updated: 2026-03-19