# chma.digital — MALICIOUS

> PhishDestroy analyzes chma.digital, linked to crypto draining and social engineering. Domain now offline after multiple security flags.

## Summary
PhishDestroy categorizes chma.digital as a high-risk crypto drainer domain. The domain posed a significant threat to users' cryptocurrency assets and online safety.

The evidence includes 22 security vendors flagging it, Google Safe Browsing marking it for social engineering, and presence on six blocklists. It resolved to IP 172.67.128.237 and was identified in AlienVault OTX threat pulses. The domain, suspiciously registered with no known registrar and created in 2026, is now offline.

Users should avoid interaction with this domain or related content. Employ updated antivirus software, enable phishing protection, and verify URLs carefully. Monitoring wallet activity is advised for those previously exposed.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Helvionex

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- Country: IN
- IP: 172.67.128.237
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ximena.ns.cloudflare.com", "lamar.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 22 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "Certego", "Chong Lua Dao", "Cluster25", "CRDF", "CyRadar", "DNS8", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c061d-3817-7549-a328-9696ccd9ba99.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/56385ad2-7e4f-4db0-82f4-5356daa43e1f
- Wayback Machine: https://web.archive.org/web/https://chma.digital
- PhishDestroy: https://phishdestroy.io/domain/chma.digital/
- LLM endpoint: https://phishdestroy.io/domain/chma.digital/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/chma.digital/
Last updated: 2026-03-19