unlockuknow.com Open in urlscan Pro
104.248.172.243 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://unlockuknow.com/
Submission: On September 29 via automatic, source phishtank (September 29th 2019, 9:21:46 pm UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 104.248.172.243, located in London, United Kingdom and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is unlockuknow.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 28th 2019. Valid for: 3 months.

This is the only time unlockuknow.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: HSBC (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	104.248.172.243 104.248.172.243	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
2	91.214.6.226 91.214.6.226	20705 (HSBC-UK) (HSBC-UK)
9	2

7 104.248.172.243 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

unlockuknow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.214.6.226 (United Kingdom)

ASN20705 (HSBC-UK, GB)

www.security.hsbc.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	unlockuknow.com unlockuknow.com	72 KB
2	hsbc.co.uk www.security.hsbc.co.uk	5 KB
9	2

	Domain	Requested by
7	unlockuknow.com	unlockuknow.com
2	www.security.hsbc.co.uk	unlockuknow.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
unlockuknow.com Let's Encrypt Authority X3	`2019-09-28` - `2019-12-27`	3 months	crt.sh
www.security.hsbc.co.uk DigiCert SHA2 Extended Validation Server CA	`2019-02-06` - `2020-02-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://unlockuknow.com/
Frame ID: 1E3BEBA97ABE54CC846FB4069FDC056B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

77 kB
Transfer

73 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
unlockuknow.com/ 6 KB
7 KB 106ms
21ms Document
text/html 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 9ac69403926b6634eeab002f619f73c8e8fdb629358f90cffc9d4a9d61a09e31

Request headers

Host: unlockuknow.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Last-Modified: Sat, 28 Sep 2019 13:16:28 GMT
ETag: "18d4-5939ccf7f8ae2"
Accept-Ranges: bytes
Content-Length: 6356
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK mobile.css
unlockuknow.com/assets/css/ 35 KB
35 KB 22ms
21ms Stylesheet
text/css 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://unlockuknow.com/assets/css/mobile.css
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 46f3a02094ddf04b1600fa9a64ffccb8676ef2a0c42ee7c426303fa14a52980a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Tue, 05 Feb 2019 17:19:38 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "8ba9-58128d05d3e80"
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 35753

GET
H/1.1 200
OK googlejquery_mobile_css.css
unlockuknow.com/assets/css/ 8 KB
8 KB 63ms
21ms Stylesheet
text/css 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://unlockuknow.com/assets/css/googlejquery_mobile_css.css
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 3b3e523f5352588ed0ef5b3433f0ccbd1ab91181b1ee88113e74e975e67756a0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Thu, 01 Nov 2018 23:40:32 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "1e67-579a2f1cd9c00"
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 7783

GET
H/1.1 200
OK hsbc-uk.svg
unlockuknow.com/assets/img/ 2 KB
2 KB 66ms
24ms Image
image/svg+xml 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unlockuknow.com/assets/img/hsbc-uk.svg
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 42136cbd91f2a29bb206b47286b6a83a4e5b74cd1a7e25cb943b8b23944f2e08

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Thu, 01 Nov 2018 23:22:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "7fb-579a2af951840"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2043

GET
H/1.1 200
OK padlock.png
unlockuknow.com/assets/img/ 7 KB
7 KB 64ms
22ms Image
image/png 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unlockuknow.com/assets/img/padlock.png
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: eb3f6ab3f22a2966abb429997f3312472221bfe5e0aadf36e48f7b1cdfe2ff3e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Thu, 01 Nov 2018 23:22:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "1a2a-579a2af951840"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6698

GET
H/1.1 200
OK protecting-your-money.jpg
unlockuknow.com/assets/img/ 12 KB
12 KB 67ms
25ms Image
image/jpeg 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unlockuknow.com/assets/img/protecting-your-money.jpg
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 9f6a9bb8a898931b3aa22c498b2a49f48d0b8c109b733fad5fc8cabce2cc2889

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Thu, 01 Nov 2018 23:22:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "2fee-579a2af951840"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12270

GET
H/1.1 200
OK page-heading-gradient.png
unlockuknow.com/assets/img/ 141 B
486 B 22ms
21ms Image
image/png 104.248.172.243
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unlockuknow.com/assets/img/page-heading-gradient.png
Requested by: Host: unlockuknow.com
URL: https://unlockuknow.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.248.172.243 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash: 99110e9329f83fac57d7a057d114c67e0536db42b95606be5114c49e628b827f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:29 GMT
Last-Modified: Thu, 01 Nov 2018 23:22:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
ETag: "8d-579a2af951840"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 141

GET
H/1.1 200
OK default-left.gif
www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/ 1 KB
2 KB 1159ms
29ms Image
image/gif 91.214.6.226
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/default-left.gif

Requested by

Host: unlockuknow.com
URL: https://unlockuknow.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.6.226 , United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

8a4a5bc7c1c81d7dfe382d0f1157298e7e439e13228d23d2a448f1c811015c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:30 GMT
Vary: User-Agent
Last-Modified: Mon, 24 Jun 2019 11:15:48 GMT
ETag: "582-58c0fef230100"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: image/gif
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
S: gbl905_IP01-WS
Keep-Alive: timeout=5, max=100
Content-Length: 1410
Expires: Tue, 29 Oct 2019 21:21:30 GMT

GET
H/1.1 200
OK default.gif
www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/ 3 KB
3 KB 1157ms
27ms Image
image/gif 91.214.6.226
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/default.gif

Requested by

Host: unlockuknow.com
URL: https://unlockuknow.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.6.226 , United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

f2d04f19fe518e0201f68d3a0b0e6979c06848a95d84f3f07c32b000fc621367

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://unlockuknow.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Sep 2019 21:21:30 GMT
Vary: User-Agent
Last-Modified: Mon, 24 Jun 2019 11:15:46 GMT
ETag: "a03-58c0fef047c80"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: image/gif
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
S: gbl900_IP01-WS
Keep-Alive: timeout=5, max=100
Content-Length: 2563
Expires: Tue, 29 Oct 2019 21:21:30 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: HSBC (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| ajaxFunction

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

unlockuknow.com
www.security.hsbc.co.uk
104.248.172.243
91.214.6.226
3b3e523f5352588ed0ef5b3433f0ccbd1ab91181b1ee88113e74e975e67756a0
42136cbd91f2a29bb206b47286b6a83a4e5b74cd1a7e25cb943b8b23944f2e08
46f3a02094ddf04b1600fa9a64ffccb8676ef2a0c42ee7c426303fa14a52980a
8a4a5bc7c1c81d7dfe382d0f1157298e7e439e13228d23d2a448f1c811015c8f
99110e9329f83fac57d7a057d114c67e0536db42b95606be5114c49e628b827f
9ac69403926b6634eeab002f619f73c8e8fdb629358f90cffc9d4a9d61a09e31
9f6a9bb8a898931b3aa22c498b2a49f48d0b8c109b733fad5fc8cabce2cc2889
eb3f6ab3f22a2966abb429997f3312472221bfe5e0aadf36e48f7b1cdfe2ff3e
f2d04f19fe518e0201f68d3a0b0e6979c06848a95d84f3f07c32b000fc621367

unlockuknow.com Open in urlscan Pro 104.248.172.243 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

77 kBTransfer

73 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

unlockuknow.com Open in urlscan Pro
104.248.172.243 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

77 kB
Transfer

73 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!