# hyper-liqiud-us.pages.dev — SUSPICIOUS > hyper-liqiud-us.pages.dev impersonates Hyperliquid in a crypto drainer scam. VT 0/95 detections, act now to block. ## Summary PhishDestroy identifies hyper-liqiud-us.pages.dev as an active crypto brand impersonation site under investigation for fraudulent activities targeting Hyperliquid users. This domain mimics the legitimate Hyperliquid platform to deceive victims into connecting wallets or entering credentials, enabling crypto drainer operations. The threat is classified as brand impersonation with high potential for credential theft and cryptocurrency loss, warranting immediate attention from security teams and end-users alike. VirusTotal currently shows 0 detections out of 95 scans, indicating this domain has not yet been widely flagged despite its malicious intent. The domain resolves to IP 172.66.47.151 and operates under Cloudflare, Inc., utilizing a Google Trust Services SSL certificate to appear legitimate. Notably, this impersonation site leverages the .pages.dev TLD, a Cloudflare Pages domain commonly exploited for phishing campaigns due to its free and rapid deployment capabilities. While the exact creation date remains unverified, the lack of detections suggests a recently launched operation with low visibility to traditional security tools. This domain employs multiple tactics to evade detection and enhance credibility. The SSL certificate issued by Google Trust Services lends an air of legitimacy, while the use of Cloudflare’s infrastructure obscures the true origin and ownership of the site. The resolution to IP 172.66.47.151 places it within Cloudflare’s network, a common hosting provider for malicious domains due to its widespread use and difficulty in takedown procedures. The absence of detections on VirusTotal (0/95) does not imply safety; rather, it highlights the limitations of signature-based detection methods against rapidly evolving threats. Brand impersonation sites like this one often remain undetected until victims report fraudulent activities or automated scanners identify malicious payloads. The lack of inclusion on blocklists further underscores the need for proactive monitoring and user education to mitigate risks associated with such domains. To counter the threat posed by hyper-liqiud-us.pages.dev, organizations and individuals must implement a multi-layered defense strategy. First, immediately block the domain hyper-liqiud-us.pages.dev and its associated IP address 172.66.47.151 at the network perimeter to prevent access. Second, deploy advanced threat intelligence tools capable of detecting zero-day phishing domains, including those leveraging Cloudflare’s services or newly registered domains mimicking legitimate brands. Third, educate users about the risks of crypto brand impersonation and the importance of verifying URLs, SSL certificates, and transaction prompts before interacting with any platform. For crypto-specific protections, recommend the use of hardware wallets or transaction simulation tools to detect anomalies before fund transfers occur. Additionally, report this domain to relevant authorities such as Google Safe Browsing, PhishTank, or the Anti-Phishing Working Group to aid in its eventual takedown. Continuous monitoring of domain registrations and IP blocks associated with Cloudflare Pages domains is critical to staying ahead of similar threats. By combining technical controls with user awareness, the risk of falling victim to this or similar crypto drainer scams can be significantly reduced. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.151 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/hyper-liqiud-us.pages.dev - PhishDestroy: https://phishdestroy.io/domain/hyper-liqiud-us.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/hyper-liqiud-us.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyper-liqiud-us.pages.dev/ Last updated: 2026-04-04