# checker-hana.cfd — SUSPICIOUS

> checker-hana.cfd was linked to phishing and is now offline. Avoid sharing personal info and verify sources before interacting with similar domains.

## Summary
PhishDestroy has identified checker-hana.cfd as a low-risk phishing domain that was associated with a deceptive service titled "Hana Network Airdrop Checker." The domain appeared to target users interested in cryptocurrency airdrops, aiming to collect sensitive information under the guise of a legitimate checking tool. While the threat level was classified as low, users were advised to exercise caution as phishing attempts can lead to compromised accounts or loss of assets.

From a technical standpoint, checker-hana.cfd was registered on July 28, 2025, using the registrar HOSTINGER operations, UAB. It resolved to the IP address 84.32.84.79. VirusTotal scans flagged the domain with detections from 2 out of 95 security vendors, and it was present on two security blocklists, indicating some recognition of its malicious intent by cybersecurity communities. The page title "Hana Network Airdrop Checker" suggested an attempt to exploit interest in crypto airdrops as a lure.

Currently, checker-hana.cfd is offline and no longer resolving, reducing immediate risk. PhishDestroy recommends that users remain vigilant against similar domains offering airdrop services or unusual cryptocurrency-related tools. It is crucial to avoid providing personal or wallet information on unverified platforms and to rely on official sources for airdrop participation to prevent falling victim to phishing schemes like this one.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Scam type: Airdrop Scam
- Page title: Hana Network Airdrop Checker

## Domain Intelligence
- Registered: 2025-07-28 09:16:48
- Expires: 2026-07-28 23:59:59
- Registrar: HOSTINGER operations, UAB
- Country: LT
- IP: 84.32.84.79
- IP Country: LT
- IP City: Vilnius
- IP Org: AS47583 Hostinger International Limited
- Nameservers: ns1.dns-parking.com ns2.dns-parking.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a2bbb-5030-7164-8706-5d28a4f9a411.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c00a032e-fca4-4c31-b33b-a5fe2080e165
- PhishDestroy: https://phishdestroy.io/domain/checker-hana.cfd/
- LLM endpoint: https://phishdestroy.io/domain/checker-hana.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/checker-hana.cfd/
Last updated: 2026-03-19