# hyperiliquid.at — SUSPICIOUS

> hyperiliquid.at flagged by 0 of 95 VirusTotal vendors as crypto drainer impersonating Hyperliquid. Block access immediately.

## Summary
PhishDestroy identifies hyperiliquid.at as an active crypto drainer domain impersonating Hyperliquid, currently under investigation with a status marked as active. This domain leverages brand impersonation tactics to deceive users into transferring cryptocurrency to attacker-controlled wallets, posing significant financial risk to unsuspecting victims.  

This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating a lack of universal detection despite its malicious intent. Registered through EuroDNS SA, hyperiliquid.at resolves to IP address 104.21.84.221 and utilizes a Let's Encrypt SSL certificate to appear legitimate. While specific creation date and blocklist counts are not provided in available intelligence, the absence of detections suggests a potentially emerging or sophisticated threat designed to evade initial scrutiny.  

Given the domain's active status and the absence of detections, users and organizations are strongly advised to block access to hyperiliquid.at at the network level and avoid any interaction with the domain or its associated services. Security teams should monitor for indicators of compromise, including connections to the identified IP address, and update threat intelligence feeds to proactively protect against this crypto drainer campaign. Further investigation into the domain's infrastructure and associated campaigns is recommended to mitigate potential financial losses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: EuroDNS SA ( https://nic.at/registrar/421 )
- IP: 104.21.84.221

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/db1be350-60ac-48d7-a127-eaa1278fdfe4
- PhishDestroy: https://phishdestroy.io/domain/hyperiliquid.at/
- LLM endpoint: https://phishdestroy.io/domain/hyperiliquid.at/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperiliquid.at/
Last updated: 2026-03-22