# hlrewards.xyz — SUSPICIOUS

> Beware: hlrewards.xyz is a crypto drainer phishing site impersonating crypto rewards platforms. This domain is flagged by 4 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies hlrewards.xyz as an active crypto drainer phishing domain currently engaged in fraudulent activities. The domain mimics legitimate crypto reward platforms to deceive users into connecting their wallets and draining funds. Given its confirmed malicious status and persistent operation, immediate caution is advised.


This domain was flagged by 4 of 95 VirusTotal vendors, registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, and resolves to IP address 188.114.97.3. The domain was created on February 14, 2026, and has appeared on 2 separate security blocklists. Notably, the domain holds an SSL certificate issued by Google Trust Services, potentially misleading users about its legitimacy.


The domain remains active and poses an elevated risk to users, particularly those engaging with cryptocurrency platforms. PhishDestroy strongly recommends avoiding interaction with hlrewards.xyz and verifying any similar domains through its platform. Immediate action should be taken to block this domain at the network level to prevent further compromise. Additionally, users who may have interacted with this domain should audit their wallet connections and revoke any suspicious permissions immediately.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-14 15:39:08
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/41b479cc-32dd-4503-a47a-5d063899e20b
- PhishDestroy: https://phishdestroy.io/domain/hlrewards.xyz/
- LLM endpoint: https://phishdestroy.io/domain/hlrewards.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hlrewards.xyz/
Last updated: 2026-03-27