EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of dusktestresolve.pages.dev

Detection Info

http://dusktestresolve.pages.dev/
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
c8ae1b89-169โ€ฆ
Analyzed
2026-02-18 03:07
Final URL (after redirects)
https://dusktestresolve.pages.dev/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T11533D8B317491EFE10C783E0B722773673A863E5E5AF820682F847655B8BD4ADC63560
CONTENT ssdeep
384:arhbSgbnziNBXELiy/Y+nPacLI/omC4mGHXISBhq8t8DDOmQpvqYtZ:4bbnzsZELk+Cuz63HX38umQpiQ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ce9234343696973e
VISUAL aHash
76383c3c30383000
VISUAL dHash
c4f06969e0e0e0e0
VISUAL wHash
7e787c7c7c783800
VISUAL colorHash
38001600080
VISUAL cropResistant
c4f06969e0e0e0e0

Code Analysis

Risk Score 79/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Phishing
โ€ข Target: Cryptocurrency wallet users
โ€ข Method: Impersonation and attempting to steal wallet credentials.
โ€ข Exfil: Unknown, likely to a server controlled by attackers.
โ€ข Indicators: Free hosting, brand-like appearance, 'wallet rectification'.
โ€ข Risk: High

๐Ÿ”’ Obfuscation Detected

  • fromCharCode
  • unescape
  • unicode_escape

๐ŸŽฏ Kit Endpoints

  • https://files.coinmarketcap.com/static/widget/coinMarquee.js

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The domain uses free hosting, which is a common characteristic of phishing sites.
Suspicious Content
The content relates to cryptocurrency wallets and 'rectification', which is likely a malicious attempt.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
General public
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Unknown
Risk Assessment
HIGH - Automated credential harvesting with Unknown

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 24 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Cryptocurrency wallet
Fake Service
Wallet rectification

Fraudulent Claims

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The site likely aims to trick users into entering their wallet credentials (seed phrases, private keys, etc.) on a fake login page.

๐ŸŒ Infrastructure Indicators of Compromise

๐Ÿฆ  Malicious Files

Main File
coinMarquee.js
File Size

Functions: sendData, submitForm

๐Ÿ“Š Attack Flow Diagram

User fills <input name=username> โ†’ sendData() โ†’ fetch(http://dusktestresolve.pages.dev/exfiltrate) โ†’ credentials sent

๐Ÿ”ฌ JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
455.3ย KB

๐Ÿ”— API Endpoints Detected

Other
10

๐Ÿ” Obfuscation Detected

  • : Moderate
  • : Moderate

๐Ÿค– AI-Extracted Threat Intelligence

๐Ÿ“Š Attack Flow

User fills <input name=username> โ†’ sendData() โ†’ fetch(http://dusktestresolve.pages.dev/exfiltrate) โ†’ credentials sent

๐ŸŽฏ Malicious Files Identified

Main Drainer
coinMarquee.js
File Size
45KB
Malicious Functions
  • sendData
  • submitForm

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
None (Deceptive DeFi Service)
https://monerotestsolved.pages.dev/
Apr 27, 2026

Scan History for dusktestresolve.pages.dev

Found 1 other scan for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.