Security Scan Report: ghbsn.info

Redirected to:
https://www.irs.gov/newsroom/five-reasons-to-choose-direct-deposit
Site favicon
Submitted: Jul 5, 2026, 2:21:30 PMCompleted: Jul 5, 2026, 2:23:00 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 3 domains to perform 1 HTTP transaction. The main domain is irs.gov and was registered NaN years ago.

Submitted URL: http://ghbsn.info/

Effective URL: https://www.irs.gov/newsroom/five-reasons-to-choose-direct-depositRedirected

AI Security Verdict

Low Risk

Confidence: 92%

3
Risk Score

The site hosts high‑severity malicious JavaScript (keylogger) despite redirecting to a legitimate IRS page; treat as high‑risk malware distribution.

Risk Factors
High‑severity JavaScript keylogger detected
Critical JS obfuscation and dynamic eval() usage
Unranked domain used for redirection to a government site
Potential cloaking via domain change
Safety Factors
Final destination is a legitimate .gov site
No credential or payment collection forms
Domain age is >10 years (well‑established)
Established domain (10503 days old) with no strong malicious indicators — risk clamped from 8 to 5
Verdict cited a credential/login form, but DOM analysis found no password field (real or disguised) or payment field, and no other hard signal — credential-phishing framing unsupported; risk adjusted from 5 to 3
Domain age information unavailable

Details

Page Title

Five Reasons to Choose Direct Deposit | Internal Revenue Service

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(65%)

Domain Information

The domain name 'ghbsn.info' uses the informational generic top-level domain (.info) with no subdomain. The core label 'ghbsn' covers 5 characters split between zero vowels and five consonants. Segmentation suggests two words: ghb, sn. Median word length is 2.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://ghbsn.info/

Page Load Overview

3.23s
Total Load Time
44
HTTP Requests
8
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:8,587 chars
Detector Agreement:80%

Website Classification

Primary Category

finance banking65% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

finance banking
65%
government public service
59%
government
48%
technology software
35%
adult content
31%

Detected Features

Search
Articles

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1623.48.224.197Secaucus, New Jersey, United States
AS20940Akamai International B.V.
14159.223.134.173North Bergen, New Jersey, United States
AS14061DigitalOcean, LLC
14172.66.171.172Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
443--

Detected Technologies7

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C0C3195363F41037413383C6B998FB28EA52A15BD7092986B1FC4B6A9FDBD14AD5330E

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:i6RyBZFSAt0Sy647ESrw2YIOPQu10CtIkzMTvZEZFRSfk7eciwnztlvr7IAETOeT:9yBivamFYz0j2H6+abueWIRm2POI

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:127314:CgAkpEC2Qo32MQGDBo1GCCgYmDIowYMJQLIcCOqKYYK0IKA5AGAIzAQG0A5IeDGIMiBCFCAG8gUwCEiCbKVawEICBkwaDWBQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000ffffffffffff
Perceptual Hash:b6124646694de9f9
Difference Hash:dd3c383a1e0f2f0f
Wavelet Hash:0000cfc7cfe3a7e3
Color Hash:#d279bb

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data