ScanMalware.com

Security Scan Report: fwa.nnh.mybluehost.me

Site favicon
Submitted: Oct 11, 2025, 11:38:32 PMCompleted: Oct 11, 2025, 11:39:24 PMpubliccompleted
Loading additional data...

Summary

This website contacted 21 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main domain is fwa.nnh.mybluehost.me and was registered NaN years ago.

Submitted URL: https://fwa.nnh.mybluehost.me/inges/login.php

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

Site impersonates ING and harvests personal data; treat as high‑risk phishing.

Risk Factors
Brand impersonation (ING) on unrelated domain
Credential‑harvesting form collecting ID and DOB
Unranked domain presenting a well‑known brand
Deceptive subdomain structure resembling a login page
Absence of password field does not mitigate data‑theft risk
Domain age information unavailable

Details

Page Title

ING

Scan Type

public

Language

🇪🇸

Spanish

(50% confidence)

Category

government public service

(34%)

Domain Information

The domain name 'fwa.nnh.mybluehost.me' uses the Montenegrin country-code top-level domain (.me); it also runs on subdomain 'fwa.nnh'. The core label 'mybluehost' covers 10 characters containing three vowels alongside 7 consonants. It segments into three words: my, blue, host. Expect 4 characters per word on average. Most frequently, 'my' shows up in Afrikaans. It also appears in English and Chinese (Pinyin) contexts.

Screenshot

Security scan screenshot of https://fwa.nnh.mybluehost.me/inges/login.php

Page Load Overview

24.97s
Total Load Time
19
HTTP Requests
6
Domains
726 KB
Total Size

Language Analysis

Primary Language

🇪🇸Spanish
Code: es
Confidence:50%
Script:Latin
Direction:ltr

Detection Details

Language Code:es
Detection Confidence:50%
Script Type:Latin
Text Length:202 chars
Detector Agreement:100%

Website Classification

Primary Category

government public service34% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

government public service
34%
finance banking
33%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
19104.17.24.14United States
AS13335CLOUDFLARENET
0151.101.66.137San Francisco, California, United States
AS54113FASTLY
0142.250.186.67United States
AS15169GOOGLE
050.6.34.190Frankfurt am Main, Hesse, Germany
AS31898ORACLE-BMC-31898
0142.250.186.74United States
AS15169GOOGLE
0104.16.174.226United States
AS13335CLOUDFLARENET
0104.17.25.14United States
AS13335CLOUDFLARENET
02a04:4e42:600::649United States
AS54113FASTLY
02a04:4e42:200::649United States
AS54113FASTLY
0151.101.194.137San Francisco, California, United States
AS54113FASTLY
1921--

Detected Technologies7

JQueryv3.6.1
100%
Cloudflare
50%
Bluehost
40%
jsDelivr
20%
jQuery CDN
20%
cdnjs
20%
Font Awesome
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C8A201DB649262298D175E6383CC191C9D399EA34A534D9EB12E240D5FC6FF8239333B

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:r7MCMpFMCMpBMCMpuMCMpgMCMpZMCMpLMCMpANspuoamIQGHrPBCTa8oL:nMCMPMCMfMCM8MCMGMCM/MCMtMCMAspg

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:23231:ZAAQRBSGAKCEw8cISoBCTjmHgGAJMCYCCXkLIEwBAeWyi0AgUCIoKIQT9DgYMBoIEVN4CRnIAckhNIooGIFwAJ8NEZEAhpIa

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ff08181825031903
Perceptual Hash:abd98ca6a6dca322
Difference Hash:f03a3a324f4b330b
Wavelet Hash:ff183839071f0303
Color Hash:#3c3a78

Other Hashes

Crop Resistant:f03a3a324f4b330b

Scan History

Scan history not available

Unable to load historical scan data