Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://web3securityconnects.com.hedgepremiumcapital.com
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
b8da91f5-3e9โฆ
Analyzed
2026-02-09 15:37
Final URL (after redirects)
http://web3securityconnects.com.hedgepremiumcapital.com/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17B33956052335A6B02A383C0E6B69F9DE0C08350D3674B69F3FC876FAECDC44AD55262 |
|
CONTENT
ssdeep
|
768:64iiVGsanE+yb2Wpu04L3MC0hEC63xVy8H:dDVGsanE+yb2Wpu46hVy8H |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bad74d2c119594d5 |
|
VISUAL
aHash
|
02a4fe4cc5818100 |
|
VISUAL
dHash
|
16494c9919252712 |
|
VISUAL
wHash
|
02f5fecfcdc78100 |
|
VISUAL
colorHash
|
300000084c0 |
|
VISUAL
cropResistant
|
16494c9919252712 |
Code Analysis
Risk Score
73/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Banking
๐ฃ Personal Info
๐ฌ Threat Analysis Report
โข Threat: Phishing
โข Target: Cryptocurrency users
โข Method: Impersonation
โข Exfil: eval
โข Indicators: Subdomain mismatch, obfuscation, domain age.
โข Risk: HIGH
๐ Obfuscation Detected
- eval
๐ฏ Kit Endpoints
- https://bootstrap.smartsuppchat.com
- http://web3securityconnects.com.hedgepremiumcapital.com/assets2/js/app.js
- https://cdn.jsdelivr.net/npm/@easepick/[email protected]/dist/index.css
- https://widget-v3.smartsuppcdn.com
- https://files.smartsuppcdn.com
- https://gsap.com/standard-license
- https://bugzilla.mozilla.org/show_bug.cgi?id=612118\n
- https://gsap.com/forums/topic/20368-possible-gsap-bug-switching-classnames-in-chrome/.\n
- https://www.highcharts.com/docs/accessibility/accessibility-module.
- https://bugzilla.mozilla.org/show_bug.cgi?id=548397\n
- https://api.smartsuppchat.com
- https://www.smartsuppchat.com/loader.js?
- https://gsap.com\n
- https://gsap.com/forums/topic/20215-problem-using-tweenmax-in-standalone-self-containing-svg-file-err-cannot-set-property-csstext-of-undefined/).\n},\n
- https://{key}.storage.smartsuppchat.com
- https://gsap.com/forums/topic/23823-closing-nav-animation-not-working-on-ie-and-iphone-6-maybe-other-older-browser/?tab=comments#comment-113005
- https://www.highcharts.com?credits\
- http://\
- https://swiperjs.com\n
- https://gsap.com/forums/topic/24583-how-to-return-colors-that-i-had-after-reverse/\n
- https://webpack.js.org/configuration/mode/).
- http://svgjs.dev\
- https://\
- https://webpack.js.org/configuration/devtool/)
- https://alpinejs.dev/plugins/${slug}`,
- https://gsap.com\
- https://gsap.com/forums/topic/18310-clippath-doesnt-work-on-ios/\n
- https://stackoverflow.com/questions/54520554/custom-element-getrootnode-closest-function-crossing-multiple-parent-shadowd\nfunction
๐ก API Calls Detected
- GET
๐ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Suspicious Domain
The domain contains an unrelated subdomain which often indicates phishing.
Obfuscation
Obfuscated Javascript is a technique often used to hide malicious intent.
Domain Age
Domain age is relatively recent which can indicate a phishing attempt
๐ฌ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
General public
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 168 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Web3 Security Connects
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
The site likely impersonates a crypto service and aims to steal login credentials or wallet information via a fake login page.
๐ Infrastructure Indicators of Compromise
๐ฆ Malicious Files
Main File
loader.js?
File Size
๐ฌ JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
2.3ย MB
๐ API Endpoints Detected
Other
24
๐ Obfuscation Detected
- : Light
- : Moderate
๐ค AI-Extracted Threat Intelligence
๐ฏ Malicious Files Identified
Main Drainer
loader.js?File Size
2365KB
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for web3securityconnects.com.hedgepremiumcapital.com
Found 2 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.