# hyperfundx.app — SUSPICIOUS

> PhishDestroy identifies hyperfundx.app as a crypto drainer phishing site. VirusTotal score now 0/95. Check the full report.

## Summary
PhishDestroy identifies hyperfundx.app as a generic phishing domain designed to impersonate cryptocurrency investment platforms, likely targeting users with deceptive fund-doubling schemes. No specific brand or drainer kit has been confirmed in available telemetry, but the domain's thematic alignment with crypto scams suggests an imminent credential harvesting or wallet-draining operation. Registrant information remains opaque, with NICENIC INTERNATIONAL GROUP CO., LIMITED serving as the registrar, a common choice among fraudulent actors due to lax oversight and bulk domain registrations.  

This domain was flagged with a VirusTotal detection score of 0/95 as of the latest scan, indicating no immediate antivirus or security vendor recognition despite its active malicious status. It resolves to IP address 104.21.6.158, hosted within Cloudflare’s infrastructure (AS13335), a tactic often used to obfuscate origin and evade takedown efforts. The domain was registered on March 11, 2026, a suspiciously recent creation that aligns with the rapid deployment cycle typical of phishing campaigns. Google Safe Browsing (GSB) has not yet flagged this domain, and no public blocklist entries were found at time of analysis.  

The current status of hyperfundx.app is marked as active in PhishDestroy’s threat database, with an investigation status of under_investigation, reflecting ongoing analysis by the security community. No active takedowns have been executed as of this report, and the domain remains accessible via HTTPS using a Let’s Encrypt certificate, further enhancing its perceived legitimacy. While the immediate risk is assessed as high due to its active phishing nature, the lack of vendor detections and GSB listing suggests a window of opportunity for attackers. Users are advised to avoid visiting hyperfundx.app, verify all crypto-related domains via official channels, and report any encounters to PhishDestroy for further analysis. Remaining risk includes potential wallet drainer deployment or credential theft if the domain evolves into a full-scale scam operation.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-11 23:34:59
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.6.158

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/328d0aea-8fbe-46bd-916f-50e65046e0df
- PhishDestroy: https://phishdestroy.io/domain/hyperfundx.app/
- LLM endpoint: https://phishdestroy.io/domain/hyperfundx.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperfundx.app/
Last updated: 2026-03-23