ScanMalware.com

Security Scan Report: unwrap-xyd.info

Redirected to: https://www.irs.gov/refunds/get-your-refund-faster-tell-irs-to-direct-deposit-your-refund-to-one-two-or-three-accounts

Submitted: Nov 20, 2025, 11:27:47 PMCompleted: Nov 20, 2025, 11:30:47 PMpubliccompleted
Loading additional data...

Summary

This website contacted 34 IPs in 2 countries across 9 domains to perform 46 HTTP transactions. The main domain is irs.gov and was registered NaN years ago.

Submitted URL: https://unwrap-xyd.info/

Effective URL: https://www.irs.gov/refunds/get-your-refund-faster-tell-irs-to-direct-deposit-your-refund-to-one-two-or-three-accountsRedirected

AI Security Verdict

High Risk

Confidence: 92%

10
Risk Score

High‑risk phishing site using brand impersonation and a brand‑new domain

Risk Factors
Brand impersonation on a newly registered, unranked domain
Domain age < 7 days (critical risk multiplier)
Use of a non‑whitelisted redirect domain to mask the true destination
Domain age information unavailable

Details

Page Title

Get your refund faster: Tell IRS to direct deposit your refund to one, two, or three accounts | Internal Revenue Service

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

government public service

(65%)

Domain Information

Domain 'unwrap-xyd.info' uses the informational generic top-level domain (.info) while skipping any subdomain. Its registrable label 'unwrap-xyd' stretches across 10 characters containing 2 vowels alongside 7 consonants, along with 1 hyphen. Word splitting yields 3 words: unwrap, xy, d. Median word length comes out to two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://unwrap-xyd.info/

Page Load Overview

2.04s
Total Load Time
46
HTTP Requests
9
Domains
1.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:12,140 chars
Detector Agreement:100%

Website Classification

Primary Category

government public service65% confidence
Type: spa
Method: ml+structural

All Detected Categories

government public service
65%
finance banking
64%
adult content
52%
government
48%
technology software
45%

Detected Features

Search
Articles

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
30184.25.148.8Boston, Massachusetts, United States
AS20940Akamai International B.V.
4142.250.185.104United States
AS15169GOOGLE
3216.239.32.36United States
AS15169GOOGLE
223.41.252.169Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
2104.20.20.192United States
AS13335CLOUDFLARENET
1172.66.171.172United States
AS13335CLOUDFLARENET
1184.25.148.34Boston, Massachusetts, United States
AS20940Akamai International B.V.
1216.239.34.36United States
AS15169GOOGLE
123.35.232.134Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
169.192.160.133Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
4634--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1D1C3B693B1E41033017387D979D9FB18EA929157D7082882B1EC0B6E5FABE21AD1770F

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:8fFfASpOvAutSRT4+NS8x2bROGpuoNCuik+M/vSEZFRSfk7eciwnztlqr7IAETOC:45ASwfv1lGTQ8j2B6+8w6SZIwnCm3P1

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:121035:4gjGA9UK+MAYCFWEIgiASC5io8wIkUAkAbGBEDEkAy46GEIuggMJFAgYQCWIQQdIMCkIOUBDZEShzgGIEPSI8JgmCAAWBNHc

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000fffbfbffffff
Perceptual Hash:b11c1647497ab8f9
Difference Hash:dd0c360b030e0c1c
Wavelet Hash:000083e3e3e7e7ef
Color Hash:#1f9321

Other Hashes

Crop Resistant:dd0c360b030e0c1c,25d3dddc234cc44c

Scan History

Scan history not available

Unable to load historical scan data