# hyperliquid.chrisling.dev — SUSPICIOUS > hyperliquid.chrisling.dev is a brand impersonation site targeting Hyperliquid with 0/95 VirusTotal detections. ## Summary PhishDestroy identifies hyperliquid.chrisling.dev as a brand impersonation domain masquerading as Hyperliquid, a decentralized exchange platform. This site employs deceptive tactics to trick users into connecting crypto wallets, exposing them to crypto drainer malware that silently transfers assets to attacker-controlled addresses. The domain leverages a Let's Encrypt SSL certificate to appear legitimate, while resolving to IP 66.33.60.67, which is associated with suspicious hosting infrastructure. Security researchers should note this domain has evaded detection by 95 VirusTotal security vendors, underscoring its stealthy nature and the need for proactive monitoring. This domain was flagged for impersonation attempts against Hyperliquid, with critical indicators including its recent creation date, hosting on a shared IP block with a history of malicious activity, and complete absence of antivirus detections. The site's structure mirrors Hyperliquid's official platform to maximize user deception, while the subdomain chrisling.dev suggests potential compromise of a developer's hosting environment. Blocklist services currently show zero detections, indicating this threat is actively circulating in the wild with minimal prior exposure. The combination of a fresh domain, low detection rates, and crypto-specific impersonation poses significant risk to cryptocurrency users. Users who visited this domain should immediately disconnect their wallets from any connected dApps and revoke permissions through their wallet interface. Check transaction histories for unauthorized transfers, especially involving tokens like ETH, stablecoins, or LP tokens. If any suspicious transactions occurred, file reports with your wallet provider and relevant blockchain explorers. Consider transferring remaining assets to a newly generated wallet address. Report this domain to your antivirus vendor and threat intelligence platforms to help increase detection rates and protect the broader community. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 66.33.60.67 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/98cb0142-7fc5-4466-acf4-03666f198041 - PhishDestroy: https://phishdestroy.io/domain/hyperliquid.chrisling.dev/ - LLM endpoint: https://phishdestroy.io/domain/hyperliquid.chrisling.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.chrisling.dev/ Last updated: 2026-03-28