# PhishDestroy threat dossier — raudium-waleet-eng-us.blogspot.com ================================================================ Fetched: 2026-06-30 16:46:46 UTC Canonical: https://phishdestroy.io/domain/raudium-waleet-eng-us.blogspot.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 100/100 (PhishDestroy scoring — see methodology below) Scam classification: Impersonation Targeted brand: Raydium ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 2/91 security vendors flagged this domain Flagging vendors: ChainPatrol, alphaMountain.ai Public blocklists: listed on 3 independent blocklists ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 142.251.14.132 (US, Mountain View) ASN: AS15169 Google LLC Hosting org: Google LLC Registrar: Google Blogger Page title: Raydium Wallet Guide: Secure, Fast HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Google Trust Services / WE2 Expires: 2026-08-17 Status: INVALID chain Fingerprint: 4adb787481f5156204c338b0318482e942bfa1a0e06989317cfef462b2ff72a4 Subject Alternative Names (related infrastructure — often same operator): - blogspot.ae - blogspot.al - blogspot.am - blogspot.ba - blogspot.be - blogspot.bg - blogspot.ca - blogspot.ch - blogspot.cl - blogspot.co.at - blogspot.co.id - blogspot.co.il - blogspot.co.ke - blogspot.co.nz - blogspot.co.uk ... +55 more ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- First detected: 2026-06-09 05:37:52 UTC (by PhishDestroy tracker) First reported: 2026-06-07 01:28:48 UTC (abuse notice filed) Last verified: 2026-06-30 18:17:49 UTC Current status: ACTIVE / observable ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-06-26 13:40:31 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] This domain poses a targeted brand impersonation threat against Raydium, a decentralized finance platform. The site presents itself as a legitimate Raydium Wallet Guide under the title 'Raydium Wallet Guide: Secure, Fast,' likely designed to deceive users into disclosing wallet credentials, seed phrases, or installing malicious software under the guise of security instructions. The content is structured to exploit trust in the Raydium brand, potentially leading to unauthorized access to cryptocurrency assets or financial fraud. Analysis indicates the domain is hosted on Google Blogger infrastructure and resolves to IP address 142.251.14.132. The SSL certificate is issued by Google Trust Services (WE2), which does not mitigate the malicious intent. VirusTotal reports 2 out of 95 security vendors flagging the domain as malicious, while it appears on 3 distinct security blocklists. The domain leverages the legitimate appearance of a Blogspot subdomain to evade initial suspicion, though the naming convention 'raudium-waleet-eng-us' is atypical for official communications and includes deliberate misspellings to mimic the target brand. Users who visited this domain should immediately revoke any permissions granted to associated browser extensions or applications. If credentials or seed phrases were entered, affected wallets must be transferred to new, secure addresses, and all connected devices should undergo a full malware scan using updated security tools. Monitor transaction histories for unauthorized activity and report the incident to the legitimate Raydium support channels for further mitigation. Avoid interacting with any content from this domain, and verify all future communications through official Raydium channels only. ## EVIDENCE HASHES ---------------------------------------------------------------- Favicon MD5: face9ad5ebc8bcdb40fb9dbc1954e603 TLS cert SHA-256: 4adb787481f5156204c338b0318482e942bfa1a0e06989317cfef462b2ff72a4 ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (volunteer takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/raudium-waleet-eng-us.blogspot.com/ JSON API: https://api.destroy.tools/v1/check?domain=raudium-waleet-eng-us.blogspot.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: volunteer-driven open-source threat-intelligence platform. Tracked: 172,677 domains (12,855 alive under monitoring, 159,232 confirmed takedowns/dead). Site: https://phishdestroy.io