# app.hyperswsap.exchange — MALICIOUS > Stay safe: app.hyperswsap.exchange impersonates Hyperliquid. Avoid interaction and report suspicious activity immediately to protect your assets. ## Summary PhishDestroy identifies app.hyperswsap.exchange as a high-risk phishing domain engaged in brand impersonation targeting the cryptocurrency platform Hyperliquid. The domain’s page title "Swap Tokens | HyperSwap Exchange on Hyperliquid" is crafted to deceive users into believing they are interacting with an authentic Hyperliquid service, specifically mimicking token swap functionality. This classification is based on deceptive naming and content designed to harvest credentials or perform fraudulent transactions. Technical analysis reveals the domain was registered recently on February 21, 2026, and resolves to IP address 192.119.110.232. It currently appears on multiple security blocklists, indicating recognition by various threat intelligence sources. VirusTotal results show that 13 out of 95 security vendors flag this domain, confirming its malicious nature within the security community. The infrastructure suggests deliberate setup to mimic legitimate services while maintaining operational status for ongoing phishing campaigns. As of now, app.hyperswsap.exchange remains active and continues to present a significant threat to users due to its high-risk level and ongoing exploitation attempts. PhishDestroy recommends users avoid engaging with this domain and report any suspicious activity related to it. Security teams should continue monitoring this domain and related indicators to prevent credential theft and financial loss. Immediate mitigation and user awareness are critical to combat the risks posed by this impersonation campaign. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 530) - Target brand: Hyperliquid - Page title: Swap Tokens | HyperSwap Exchange on Hyperliquid ## Domain Intelligence - Registered: 2026-02-21 07:01:08 - IP: 192.119.110.232 - SSL Issuer: R13 ## Detection Status - VirusTotal: 13 vendors flagged Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Sophos", "VIPRE", "Webroot"] - Google Safe Browsing: clean - Blocklists: 4 hits Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL"] ## Evidence - Screenshot: https://urlscan.io/screenshots/01998394-e0e2-76dd-94c3-d0723adbbe3d.png - PhishDestroy: https://phishdestroy.io/domain/app.hyperswsap.exchange/ - LLM endpoint: https://phishdestroy.io/domain/app.hyperswsap.exchange/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app.hyperswsap.exchange/ Last updated: 2026-03-19