# hyperilquid.co — SUSPICIOUS > hyperilquid.co mimics Hyperliquid in a brand impersonation scam. VT 0/95 detections. Check the full report. ## Summary PhishDestroy identifies hyperilquid.co as a live brand impersonation domain targeting Hyperliquid, a well-known decentralized liquidity protocol. The domain is not associated with any legitimate drainer kit at this time, but it is actively masquerading as Hyperliquid’s official interface to deceive users into connecting wallets or entering credentials. The setup suggests a classic phishing operation designed to harvest private keys or seed phrases under the guise of trading or liquidity provision. The threat is classified as ‘under_investigation’ due to the low VT detection rate and lack of confirmed malicious payload delivery, but the intent is clear: fraudulent brand exploitation. Technical analysis reveals critical red flags: VirusTotal currently scores the domain at 0/95 detections, indicating it remains undetected by most antivirus engines. It resolves to IP 130.12.180.128, hosted on infrastructure associated with suspicious activity. The domain was registered on April 06, 2026, through Dynadot Inc., a registrar known to host numerous fraudulent domains. It uses a Let's Encrypt SSL certificate, which is common among phishing sites to appear legitimate. Google Safe Browsing (GSB) status is not yet flagged, and blocklist inclusion remains at zero—further highlighting the need for proactive detection. As of this report, hyperilquid.co remains active and unresolved. PhishDestroy has flagged the domain for brand impersonation and escalated it for further analysis. Users are advised to avoid interacting with this domain or any links associated with it. The current risk is elevated due to the absence of automated detection and the domain’s recent creation date, which allows it to evade early-stage filters. Immediate blocking at the network and endpoint level is recommended. The investigation is ongoing, and updates will be provided as new intelligence emerges. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registered: 2026-04-06 10:32:59 - Registrar: Dynadot Inc - IP: 130.12.180.128 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/hyperilquid.co - PhishDestroy: https://phishdestroy.io/domain/hyperilquid.co/ - LLM endpoint: https://phishdestroy.io/domain/hyperilquid.co/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperilquid.co/ Last updated: 2026-04-06