# hyperliquidairdrops.sbs — MALICIOUS

> hyperliquidairdrops.sbs was a medium-risk crypto drainer domain. Learn why it was flagged and how to stay safe from similar scams.

## Summary
PhishDestroy identifies hyperliquidairdrops.sbs as a crypto drainer phishing domain that posed a medium risk to users. Such domains attempt to steal cryptocurrency assets by tricking victims into revealing private keys or wallet credentials. Although this domain is currently offline, the threat it represented underscores the ongoing risks targeting crypto holders.

The infrastructure behind hyperliquidairdrops.sbs included a domain registered on February 21, 2026, through Web Commerce Communications Limited. It resolved to an IPv6 address (2606:4700:3032::6815:154d) known to be associated with content delivery networks. VirusTotal analysis flagged the domain by 7 out of 95 security vendors, and it appeared in one AlienVault OTX threat pulse and one security blocklist. The domain's page title was "Just a moment...", a common tactic used to mimic legitimate waiting screens.

Users should remain vigilant against any unsolicited crypto airdrop offers or requests for wallet credentials. Avoid interacting with suspicious domains like hyperliquidairdrops.sbs, even if they appear offline, as attackers often reuse infrastructure or launch similar campaigns under different names. Always verify the legitimacy of crypto-related promotions through official sources and maintain updated security software to detect emerging threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Web Commerce Communications Limited
- Country: GB
- IP: 2606:4700:3032::6815:154d
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["brit.ns.cloudflare.com", "garret.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "Certego", "CRDF", "Fortinet", "Gridinsoft", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019caffb-8eba-7719-9718-4add1a9f1930.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/546cf79b-0393-474a-a93e-2c243b10f262
- PhishDestroy: https://phishdestroy.io/domain/hyperliquidairdrops.sbs/
- LLM endpoint: https://phishdestroy.io/domain/hyperliquidairdrops.sbs/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquidairdrops.sbs/
Last updated: 2026-03-19