Security Scan Report: sberbank.kwid9.usepay.xyz

Redirected to:
https://bulsis.net/go/2735916?ref=&subid1=
Submitted: May 23, 2026, 1:06:04 PMCompleted: May 23, 2026, 1:07:29 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 3 HTTP transactions. The main domain is bulsis.net and was registered NaN years ago.

Submitted URL: https://sberbank.kwid9.usepay.xyz

Effective URL: https://bulsis.net/go/2735916?ref=&subid1=Redirected

AI Security Verdict

High Risk

Confidence: 78%

7
Risk Score

The site impersonates Sberbank and redirects to an external URL, presenting a high‑risk brand‑impersonation threat.

Risk Factors
Brand impersonation (use of Sberbank brand on unrelated domain)
External redirect to unrelated domain (bulsis.net)
Hidden form fields without visible credential inputs
Unranked / low‑reputation domain
Medium IDS alerts for JavaScript obfuscation
Domain age information unavailable

Details

Page Title

...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the open generic top-level domain (.xyz), 'sberbank.kwid9.usepay.xyz' is registered and includes subdomain 'sberbank.kwid9'. Its registrable label 'usepay' stretches across 6 characters holding 3 vowels versus 3 consonants. It segments into two words: use, pay. The median word length lands at 3 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://sberbank.kwid9.usepay.xyz

Page Load Overview

8.12s
Total Load Time
5
HTTP Requests
2
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:3 chars
Detector Agreement:0%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
5157.90.33.74Falkenstein, Saxony, Germany
AS24940Hetzner Online GmbH
51--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A6E1E6D135E038602392A1E77D33B6ADF566DDE2670A5C44F5AC78B4FF06E0484231AC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:Zg25DIQJt0YcTwf1qgnds3AsDdZCzR72Jw6DG7xa5RpDALts2Epx1xRUdSJvL:ZrDIQJBj17GQsDdZCzpb6bj2u2Epvr9

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:6871:CAaB7AQSQMxiY8EmuBJAAQIaARSGEAAIqAsgME1MwTgAiBQQAKkEAFEFRFAYiACgQIgJhSSZERKIIEkPIIiYxZSEEPQlgYIA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:c7c7dfcfffffffff
Perceptual Hash:b83133733138c7c7
Difference Hash:1c1c041410000000
Wavelet Hash:c3c3c3c3f0f0f0f0
Color Hash:#3a5f78

Other Hashes

Crop Resistant:1c1c041410000000

Scan History

Scan history not available

Unable to load historical scan data