SafeMode - Analysis: camonsolana.com

Visual Capture

Detection Info

https://camonsolana.com/

Detected Brand

MetaMask

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

c04947bd-16f…

Analyzed

2026-04-26 15:39

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1EE911F745154AD3B68E3C2D0E774A7BB32E08247EB57231116FEC36E4BDAE96DC22085
CONTENT ssdeep	48:TEkZLFO9gYlgS9b+YmZseadv4HCvhF3I7QuJFO9gYlJ8d44k2H4cFf3vMt5S1ilc:T5ZL8lgWP33O8lSTBBEt5xbUwQ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	92936d6d38923c6d
VISUAL aHash	06743c2e20300000
VISUAL dHash	54c9cdcdc0646008
VISUAL wHash	3e7c7e7e3c783000
VISUAL colorHash	38e00000000
VISUAL cropResistant	8205124d4d100182,54c9cdcdc0646008

Code Analysis

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔒 Obfuscation Detected

atob
unescape
document.write
hex_escape

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info

Code Obfuscation

JavaScript code obfuscated using 109 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

MetaMask users

Attack Method

obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
109 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

MetaMask

Official Website

https://metamask.io

Fake Service

Banking/payment service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 109 techniques to evade detection by security scanners and make reverse engineering more difficult.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

camonsolana.com

Registered

2026-04-21 20:27:43+00:00

Registrar

PDR Ltd. d/b/a PublicDomainRegistry.com

Status

Recently registered (4 days old)

Hosting Information

Provider

PDR Ltd. d/b/a PublicDomainRegistry.com

ASN

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

MetaMask

https://allocation-scan.xyz/

Jun 16, 2026

Binance (implied by '币安人生')

http://camonsolana.com

Apr 26, 2026

Scan History for camonsolana.com

Found 1 other scan for this domain

http://camonsolana.com Binance (implied by '币安人生') Apr 26, 2026 15:39