hkw.tlv.mybluehost.me
Open in
urlscan Pro
50.87.253.245
Malicious Activity!
Public Scan
Submission: On June 16 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 15th 2022. Valid for: 3 months.
This is the only time hkw.tlv.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 50.87.253.245 50.87.253.245 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2226.bluehost.com
hkw.tlv.mybluehost.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
mybluehost.me
hkw.tlv.mybluehost.me |
80 KB |
0 |
this.nhs.uk
Failed
sandbox.this.nhs.uk Failed |
|
2 | 2 |
Domain | Requested by | |
---|---|---|
1 | hkw.tlv.mybluehost.me | |
0 | sandbox.this.nhs.uk Failed |
hkw.tlv.mybluehost.me
|
2 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fnivstmybluehostme.hkw.tlv.mybluehost.me R3 |
2022-05-15 - 2022-08-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm
Frame ID: 9A07ADE63457109FDE2F109BD8E9386E
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
pdf.htm
hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/ |
124 KB 80 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
48 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
smallpdf.png
sandbox.this.nhs.uk/fileadmin/data/bin/uploads/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
31 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- sandbox.this.nhs.uk
- URL
- https://sandbox.this.nhs.uk/fileadmin/data/bin/uploads/smallpdf.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hkw.tlv.mybluehost.me
sandbox.this.nhs.uk
sandbox.this.nhs.uk
50.87.253.245
200cc2ba721f5c3fe832fb1c6dc1076d2f8428fc22cbdb611850a7ebbdda0f4e
578c2d0e1abfbb1a0b9a9e320a9812e4c81e818568ed4af4ab52e715ed641645
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca
f24fb6baf679474b65abd6736e16fa31d0f4351715079b7d0f4d0e21dd81a6e5