Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://max-solantesting-z1.com
Detected Brand
Raydium (DeFi platform)
Country
International
Confidence
100%
HTTP Status
200
Report ID
37bd608f-f5fโฆ
Analyzed
2026-01-30 19:30
Final URL (after redirects)
https://max-solantesting-z1.com/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DEB243305242AE7F21C7C6E16731B7A6B285E605CA17971953F8135D2BCBCE4CCAAB31 |
|
CONTENT
ssdeep
|
384:XUbOaGROlnQ2xYYmuuOuoUlluK8lHQEubFuLnOuoUHwuWQuBJNa5USVCP:XqOaGRuRXuF7A/cbgLnF9bW7BJgCP |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc3b3365892e8e39 |
|
VISUAL
aHash
|
00003c3c3838003c |
|
VISUAL
dHash
|
02107070726032f0 |
|
VISUAL
wHash
|
c31c3c3c3c3c387e |
|
VISUAL
colorHash
|
38001200090 |
|
VISUAL
cropResistant
|
02107070726032f0 |
Code Analysis
Risk Score
76/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Card Stealer
๐ฌ Threat Analysis Report
โข Threat: Phishing
โข Target: Raydium users
โข Method: Domain spoofing/Impersonation
โข Exfil: Unknown, likely to steal crypto wallet access.
โข Indicators: Mismatched domain, obfuscation
โข Risk: HIGH
๐ Obfuscation Detected
- fromCharCode
- unicode_escape
๐ฏ Kit Endpoints
- http://max-solantesting-z1.com/api/submit
๐ก API Calls Detected
- POST
๐ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Suspicious Domain
The domain name does not match the known Raydium domain, and is likely a typo-squatting or impersonation attempt.
Domain Age
Domain is relatively new, indicating a possibly short-lived phishing campaign.
Obfuscation
Javascript is obfuscated, makes it difficult to tell what its doing.
๐ฌ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Raydium (DeFi platform) users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer
- 18 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Raydium
Official Website
raydium.io
Fake Service
Raydium platform
โ๏ธ Attack Methodology
Primary Method: Impersonation/Phishing
The site mimics the Raydium platform to deceive users into connecting their wallets. The attacker aims to steal the user's seed phrase or private keys.
Secondary Method: Social Engineering
Use of legitimate Raydium branding to lure the user, including the logos and layout to trick the user into thinking this is legit.
Target Blockchain
Solana
๐ Infrastructure Indicators of Compromise
๐ฆ Malicious Files
Main File
main-8f7aa3fe73cd2af2.js.download
File Size
๐ Attack Flow Diagram
User fills <input name='username'> โ submitForm() โ fetch('http://max-solantesting-z1.com/api/submit') โ credentials sent
๐ฌ JavaScript Deep Analysis
Operator Language
English (1%)
Sophistication Level
Basic
Total Code Size
952.7ย KB
๐ API Endpoints Detected
Other
6
Discord Webhooks
1
๐ Obfuscation Detected
- : Moderate
- : Light
- : Heavy
- : Light
- : Light
- : Light
- : Light
- : Light
- : Heavy
๐ค AI-Extracted Threat Intelligence
๐ Attack Flow
User fills <input name='username'> โ submitForm() โ fetch('http://max-solantesting-z1.com/api/submit') โ credentials sent
๐ฏ Malicious Files Identified
Main Drainer
main-8f7aa3fe73cd2af2.js.downloadFile Size
45KB
Malicious Functions
submitFormsendData
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.