# secure-wallet-hyyperliquied.pages.dev — SUSPICIOUS

> secure-wallet-hyyperliquied.pages.dev is a KLAYswap impersonation hosting an active crypto drainer. VirusTotal score: 0/95 detections.

## Summary
PhishDestroy identifies secure-wallet-hyyperliquied.pages.dev as a live crypto drainer campaign impersonating KLAYswap infrastructure. The domain serves malicious JavaScript designed to siphon digital assets from unsuspecting users who connect their wallets. The domain resolves to 172.66.47.146, a Cloudflare IP space commonly abused for evading takedowns. SSL validation is provided by Google Trust Services, which increases the appearance of legitimacy and reduces immediate suspicion by automated scanners.

This domain was flagged by PhishDestroy’s crawlers on seed 8f63e1. VirusTotal currently shows zero detections out of 95 engines, indicating a novel or highly targeted campaign. The page is hosted via Cloudflare Pages, suggesting rapid deployment and low infrastructure cost. As of the last intelligence update, no major blocklists have flagged this domain, leaving users vulnerable to first-contact exploitation. The presence of a valid Google-issued SSL certificate further lowers technical barriers to user trust, making this a high-risk threat vector.

If you visited secure-wallet-hyyperliquied.pages.dev or interacted with its content, immediately revoke any connected wallet permissions using tools like Phantom revoke, Rabby revoke, or MetaMask’s connected sites manager. Disconnect the domain and check your transaction history for unauthorized transfers. Report the domain to PhishDestroy for blocklist inclusion and change passwords only if you reused credentials. Do not rely on browser warnings alone—this domain is actively bypassing detection systems despite its malicious intent.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 172.66.47.146

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2dc6fc74-2bdd-44fd-8407-1a3db04f1cd0
- PhishDestroy: https://phishdestroy.io/domain/secure-wallet-hyyperliquied.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/secure-wallet-hyyperliquied.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/secure-wallet-hyyperliquied.pages.dev/
Last updated: 2026-04-12