SafeMode - Analysis: wetestxresolve.pages.dev

Visual Capture

Detection Info

http://wetestxresolve.pages.dev

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

eb3e931f-74b…

Analyzed

2026-02-07 22:02

Final URL (after redirects)

https://wetestxresolve.pages.dev/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12A43D8B217491EFE10C783E0B722773673A863D9E56F820682F847255B8BD5ADC735A0
CONTENT ssdeep	384:arhb8fgbnziNBXELiy/Y+nPacLR8ImC4mGHXISBhq8t8DDOmQpvqYtZ:4lbnzsZELk+CuV63HX38umQpiQ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	ce9634343696963e
VISUAL aHash	76383c3c30383000
VISUAL dHash	c4f06169e0e0e0c0
VISUAL wHash	7e78fc7c78783800
VISUAL colorHash	38001600040
VISUAL cropResistant	c4f06169e0e0e0c0

Code Analysis

Risk Score 79/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Cryptocurrency wallet users
• Method: Impersonation using free hosting
• Exfil: JavaScript form submission detected (data not visible, potential credential harvesting)
• Indicators: Free hosting, brand logo, 'Connect Wallet' button, obfuscation detected
• Risk: High

🔒 Obfuscation Detected

fromCharCode
unescape
unicode_escape

🎯 Kit Endpoints

https://tailwindcss.com/docs/content-configuration
https://tailwindcss.com/docs/using-with-preprocessors#nesting
https://tailwindcss.com/docs/installation
https://evilmartians.com/chronicles/postcss-8-plugin-migration`),m.env.LANG&&m.env.LANG.startsWith(
https://tailwindcss.com`}),...e.nodes])},container:(()=
https://mths.be/cssesc
https://files.coinmarketcap.com/static/widget/coinMarquee.js
https://3rdparty-apis.coinmarketcap.com/v1/cryptocurrency/widget
https://cdn.tailwindcss.com
https://tailwindcss.com/docs/content-configuration#pattern-recommendations
https://twitter.com/browserslist
https://s2.coinmarketcap.com/static/img/coins/32x32/
https://tailwindcss.com/docs/content-configuration#safelisting-classes
https://3rdparty-apis.coinmarketcap.com/v1/cryptocurrency/top
https://tailwindcss.com/docs/content-configuration#discarding-classes
https://tailwindcss.com/docs/upgrade-guide#remove-dark-mode-configuration
https://www.w3ctech.com/topic/2226`));let
https://coinmarketcap.com/currencies/
https://tailwindcss.com/docs/upgrade-guide#prefix-cannot-be-a-function
https://tailwindcss.com/docs/upgrade-guide#configure-content-sources
https://coinmarketcap.com/
https://tailwindcss.com/docs/upgrade-guide#replace-variants-with-layer

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Free Hosting + Brand Logo

The combination is a strong indicator of phishing.

Obfuscation Detected

Common technique used to hide malicious code.

Form Submission Detected

Indicates that user input is being collected and exfiltrated

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

General public

Attack Method

Brand impersonation + obfuscated JavaScript

Exfiltration Channel

Unknown

Risk Assessment

HIGH - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
24 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Cryptocurrency wallet (generic)

Fake Service

Wallet rectification service

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site likely attempts to harvest user credentials by prompting them to 'Connect Wallet'. Obfuscated JavaScript is likely used to intercept user data and exfiltrate it to the attacker.

Secondary Method: Malware distribution

The site might attempt to infect the user's system by directing them to download malicious code. This is currently based on the context of the website, but has not been confirmed.