ScanMalware.com

Security Scan Report: homecare.htrcare.com

Redirected to:
blob:https://reseller22.veegyapan.com/b3abf0e3-9537-4a29-8141-2cc879df...
Submitted: May 21, 2026, 1:59:03 PMCompleted: May 21, 2026, 2:01:02 PMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main domain is and was registered NaN years ago.

Submitted URL: https://homecare.htrcare.com/xgqtyze/cin-exe/link-well.html

Effective URL: blob:https://reseller22.veegyapan.com/b3abf0e3-9537-4a29-8141-2cc879df5ff6Redirected

AI Security Verdict

Confirmed Scam

Confidence: 92%

9
Risk Score

Page impersonates Wells Fargo, harvests credentials via multiple deceptive forms and exfiltrates them to an external domain; treat as confirmed phishing scam.

Risk Factors
Brand impersonation
Credential harvesting forms
Disguised/hidden password fields
Cross‑origin credential submission
Blob URL usage
Highly obfuscated JavaScript
Domain age information unavailable

Details

Page Title

One moment, please...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(36%)

Domain Information

Domain 'homecare.htrcare.com' uses the commercial generic top-level domain (.com) with subdomain 'homecare'. The core label 'htrcare' covers 7 characters with 2 vowels and 5 consonants. Tokenizing the label suggests three words: h, tr, care. Average segment length settles at 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://homecare.htrcare.com/xgqtyze/cin-exe/link-well.html

Page Load Overview

31.58s
Total Load Time
36
HTTP Requests
8
Domains
85 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:2,148 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking36% confidence
Type: spa
Method: ml+structural

All Detected Categories

finance banking
36%
e-commerce
25%
social_media
25%

Detected Features

Login Form
Search
Payment

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
18160.22.108.32New Delhi, National Capital Territory of Delhi, India
AS152523BLAZING BULLET PRIVATE LIMITED
18108.167.183.6Ashburn, Virginia, United States
AS19871Network Solutions, LLC
362--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1FE32189CAE952274F61343DD73BF2429122473E73008C29CF54D6EE4BF06A8D4A57B6A

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:GXHNsGeTHQpD+da6+8QPUV7lrDyjFrxz6FsH47F8Urdka6Oxq:GXX+/zV7SFZKg47F8UrdkLOxq

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:11541:ckwRYFBE6qWphAS7RQDSIBhIcQkhEygYAprIaAAQIJAcYYGAhwBBAQAMQJghFJQxkCLA0EIcTSWdAMCYiBTL5wlCI4sAhEMw

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffff81dbffffff
Perceptual Hash:bf2fc0c03f3fc0c0
Difference Hash:0000012323000000
Wavelet Hash:f3f3818100000000
Color Hash:#85e06c

Other Hashes

Crop Resistant:0000012323000000

Scan History

Scan history not available

Unable to load historical scan data