ScanMalware.com

Security Scan Report: citycredit.vip

Redirected to:
https://sgroshi.com.ua/kabinet?partner=letmeads&subpartner=WMQ3DA&utm_...
Submitted: Apr 25, 2026, 1:51:09 PMCompleted: Apr 25, 2026, 1:52:39 PMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 1 country across 2 domains to perform 4 HTTP transactions. The main domain is sgroshi.com.ua and was registered NaN years ago.

Submitted URL: https://citycredit.vip/go/shgltds

Effective URL: https://sgroshi.com.ua/kabinet?partner=letmeads&subpartner=WMQ3DA&utm_source=letmeads&utm_medium=cps_st&utm_term=WMQ3DA&offer=st&clickid=MEBST385Y2YMZWMQ3DA17771250725278963679&utm_campaign=directRedirected

AI Security Verdict

Moderate Risk

Confidence: 82%

5
Risk Score

The site impersonates a brand on an unranked, old domain with heavy JS obfuscation and redirects, indicating a high‑risk phishing attempt.

Risk Factors
Brand impersonation on unranked domain
High JavaScript obfuscation and encoding
Multiple redirects
Unranked domain age despite being old
Safety Factors
Domain age >15 years
No malicious Indicators of Compromise detected
No YARA malware matches
No network IDS alerts
No credential exfiltration observed
Established domain (5629 days old) with no strong malicious indicators — risk clamped from 8 to 5
Domain age information unavailable

Details

Bot Protection Detected

This website is protected by imperva bot protection. Our scanner was challenged or blocked during access.

Page Title

info-mfo.creditka.org

Scan Type

public

Language

🇷🇺

Russian

(60% confidence)

Category

finance banking

(47%)

Domain Information

The domain 'citycredit.vip' uses the .vip top-level domain and has no subdomain. Count 10 characters in 'citycredit' split between 3 vowels and 7 consonants. It segments into two words: city, credit. Median word length is five characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://citycredit.vip/go/shgltds

Page Load Overview

3.77s
Total Load Time
57
HTTP Requests
14
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇷🇺Russian
Code: ru
Confidence:60%
Script:Cyrillic
Direction:ltr

Detection Details

Language Code:ru
Detection Confidence:60%
Script Type:Cyrillic
HTML Lang Attribute:ru
Text Length:161 chars
Detector Agreement:67%

Website Classification

Primary Category

finance banking47% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

finance banking
47%
corporate
25%

Detected Features

OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
29104.21.87.167United States
AS15169
28172.67.198.87United States
AS13335
572--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A9048F77329A063986558498E05B430D9F20B143F506C9BCB9BCBAD9BFDED06107BB78

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:7fQho9PKBb9Js3q9Jzbs6tlg3SBKwdQWgceIszY2bMy8OldR:khoC9JSqzzbs6o3Sj3gcrsk2eAX

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:185074:GFdImAAqTAhgEApOLUDBIQVgMyMwjJhQpZMxpiKBJqCrAiBQd6CAPlCdJJQxEoEBACD2CwFBgKU+liQBGJEyQSA0lFKSwgIK

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffcfc7c3f3ffffff
Perceptual Hash:b1319acecc653333
Difference Hash:0018181606000000
Wavelet Hash:ffdfc7c300000000
Color Hash:#402dd2

Other Hashes

Crop Resistant:0018181606000000

Scan History

Scan history not available

Unable to load historical scan data