urlscan.io logo urlscan.io
SecurityTrails logo

hkw.tlv.mybluehost.me Open in urlscan Pro
50.87.253.245  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm
Submission: On June 16 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions. The main IP is 50.87.253.245, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is hkw.tlv.mybluehost.me.
TLS certificate: Issued by R3 on May 15th 2022. Valid for: 3 months.
This is the only time hkw.tlv.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 50.87.253.245 46606 (UNIFIEDLA...)
2 2
Apex Domain
Subdomains		 Transfer
1 mybluehost.me
hkw.tlv.mybluehost.me
80 KB
0 this.nhs.uk Failed
sandbox.this.nhs.uk Failed
2 2
Domain Requested by
1 hkw.tlv.mybluehost.me
0 sandbox.this.nhs.uk Failed hkw.tlv.mybluehost.me
2 2

This site contains no links.

Subject Issuer Validity Valid
fnivstmybluehostme.hkw.tlv.mybluehost.me
R3		 2022-05-15 -
2022-08-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm
Frame ID: 9A07ADE63457109FDE2F109BD8E9386E
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

80 kB
Transfer

207 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pdf.htm
hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/ 		124 KB
80 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
50.87.253.245 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box2226.bluehost.com
Software
Apache /
Resource Hash
f24fb6baf679474b65abd6736e16fa31d0f4351715079b7d0f4d0e21dd81a6e5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-type
text/html
date
Thu, 16 Jun 2022 15:07:31 GMT
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified
Thu, 16 Jun 2022 09:45:42 GMT
server
Apache
vary
Accept-Encoding
x-server-cache
false
truncated
/ 		48 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/jpeg
smallpdf.png
sandbox.this.nhs.uk/fileadmin/data/bin/uploads/ 		0
0
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
200cc2ba721f5c3fe832fb1c6dc1076d2f8428fc22cbdb611850a7ebbdda0f4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
578c2d0e1abfbb1a0b9a9e320a9812e4c81e818568ed4af4ab52e715ed641645

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type
image/jpeg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sandbox.this.nhs.uk
URL
https://sandbox.this.nhs.uk/fileadmin/data/bin/uploads/smallpdf.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation

0 Cookies

2 Console Messages

Source Level URL
Text
security warning URL: https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm(Line 505)
Message:
Mixed Content: The page at 'https://hkw.tlv.mybluehost.me/.cn-2ahUKEwjDiMC9qqz4AhVDgRoKHe4UB4cQ_AUoAXoECAEQAw&biw/pdf.com/pdf.htm' was loaded over HTTPS, but requested an insecure element 'http://sandbox.this.nhs.uk/fileadmin/data/bin/uploads/smallpdf.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://sandbox.this.nhs.uk/fileadmin/data/bin/uploads/smallpdf.png
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED