# hyperfoundation.click — SUSPICIOUS > PhishDestroy identifies hyperfoundation.click as a crypto drainer impersonating Hyperliquid; 0/95 VirusTotal detections. Verify now before you click ## Summary PhishDestroy identifies hyperfoundation.click as an active generic phishing domain launched on March 03, 2026 specifically designed to harvest wallet credentials and drain crypto assets under the guise of a legitimate Hyperliquid interface. The domain hosts a fake login portal that intercepts private keys or transaction approvals, redirecting drained funds to attacker-controlled wallets without user awareness. This domain resolves to IPv4 address 91.92.34.18 and uses a legitimate Let’s Encrypt SSL certificate to appear trustworthy. Despite zero detections on VirusTotal (0/95 engines), the site was registered through Global Domain Group LLC, a registrar known for low-friction bulk registrations often exploited in phishing campaigns. The domain’s recent creation date—only days ago—suggests a fresh, opportunistic threat likely distributed via social media or impersonation campaigns targeting DeFi users. As of analysis, the domain remains unlisted on Google Safe Browsing (GSB) and has not yet been added to major blocklists, leaving users vulnerable to first-access compromise. The threat is currently classified as active and under investigation with a medium risk pending further behavioral analysis. PhishDestroy has flagged this domain and added it to its blocklist; however, users should immediately verify any interaction with hyperfoundation.click using the PhishDestroy lookup tool. Remaining risk is elevated due to low detection rates and absence from blocklists, necessitating heightened caution when encountering links related to Hyperliquid or similar platforms. It is strongly recommended to avoid clicking, bookmarking, or whitelisting this domain until further notice. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-03 15:49:28 - Registrar: Global Domain Group LLC - IP: 91.92.34.18 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/caff1314-5221-4371-a659-889a126fc716 - PhishDestroy: https://phishdestroy.io/domain/hyperfoundation.click/ - LLM endpoint: https://phishdestroy.io/domain/hyperfoundation.click/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperfoundation.click/ Last updated: 2026-03-22