# hyperliquid.blothecap.xyz — SUSPICIOUS > PhishDestroy identifies hyperliquid.blothecap.xyz as a Hyperliquid impersonation scam. Check the full report. ## Summary PhishDestroy confirms hyperliquid.blothecap.xyz as an active brand impersonation scam targeting Hyperliquid users. The domain mimics legitimate services with a deceptive page title, 'hlstate — Hyperliquid Position Scanner,' to lure victims into exposing their trading credentials or funds. This elevated-risk threat leverages Hyperliquid’s brand recognition to manipulate users into interacting with malicious content, posing significant risks to cryptocurrency traders and liquidity providers. This domain, registered on December 23, 2025, through Squarespace Domains II LLC, resolves to IP address 35.75.242.111 and employs a Let's Encrypt SSL certificate to appear trustworthy. VirusTotal analysis reveals that only 1 out of 95 security vendors have flagged this domain, highlighting the challenge of early detection for such impersonation scams. The use of a recently registered domain and a reputable SSL provider demonstrates the sophistication of this threat, which is designed to evade standard security measures. The combination of a freshly minted domain, low detection rates, and brand exploitation underscores the urgency for user vigilance and proactive threat mitigation. To mitigate exposure to this scam, users are advised to verify the authenticity of any Hyperliquid-related websites by cross-checking URLs against the official hyperliquid.xyz domain. Avoid interacting with unsolicited links or third-party tools claiming to offer Hyperliquid position scanning services, as these are likely part of the impersonation strategy. Report suspicious domains to Hyperliquid’s official support channels and update browser security settings to block known malicious domains. Organizations should also consider deploying DNS filtering solutions to proactively block access to domains like hyperliquid.blothecap.xyz, reducing the risk of credential theft or financial loss. Proactive threat intelligence sharing within the cryptocurrency community is critical to identifying and dismantling similar impersonation campaigns. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid - Page title: hlstate — Hyperliquid Position Scanner ## Domain Intelligence - Registered: 2025-12-23 12:23:53 - Registrar: Squarespace Domains II LLC - IP: 35.75.242.111 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/94af6f69-7b9a-4d56-be6d-8c49748f4b7c - PhishDestroy: https://phishdestroy.io/domain/hyperliquid.blothecap.xyz/ - LLM endpoint: https://phishdestroy.io/domain/hyperliquid.blothecap.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.blothecap.xyz/ Last updated: 2026-03-28