EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats
73 Risk Score

High Risk

Threat Level: ALTO • Impersonating: GOV.UK
  • • Threat: Vehicle tax renewal phishing.
  • • Target: UK citizens who need to renew their vehicle tax.
  • • Method: A fake website asks for personal and card details to process vehicle tax renewal.
  • • Exfil: The form submits to a PHP script on the same domain (Please-wait-a-moment.php?sslchannel=true&sessionid=3PPM0NSHZBKpdvOw7dwkCmtvBzltLbxfLmKTig8ICSJk3vx3H3de6x4vq8OZJl7qVJ5Ieo7nwXira1dgpXNd97Gq66CGC6I9J1VXS83pzlJ86thIu1srgB91IqHaw9ZEDu). The final exfiltration point is unknown.
  • • Indicators: Domain name is not gov.uk, hosted on bluehost, asks for card details, obfuscated Javascript, non-standard form actions.
  • • Risk: CRITICAL - Immediate theft of personal and financial information.

⚠ Risk Factors

  • Brand impersonation of GOV.UK on non-official domain
  • Contains 3 credential harvesting form(s)
  • Credential harvesting indicators detected
  • Credit card stealing indicators detected

Visual Capture

Screenshot of ksh.bfm.mybluehost.me

Detection Info

https://ksh.bfm.mybluehost.me/Renew-your-Vehicle-Tax-Now.php?sslchannel=true&sessionid=uYbC4nNmBu0FYLb7o88OdvlPVGIm0SbOj5PidTUbuG1l8CAXKmi3ZnyMJd42IzXTJMKNmDPd43RLi4M15YAQLo8AKxIl8IFLoyNRQzgbpWQYMIig12OdcMi2UTzXkR4vV8
Detected Brand
GOV.UK
Country
UK
Confidence
100%
HTTP Status
200
Report ID
e577d71b-be1…
Analyzed
2026-01-11 12:03

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1893231209084B83B80A381EDE6AFB62662CFC144C755499196F8C25947D3FE3FB3E674
CONTENT ssdeep
192:ghLm/H24V2P1sigIb2KBAqTETaEJgfrbt2:dHV2P1wKNTE+EJCrbc

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b8663167494f714e
VISUAL aHash
00cfffffffcfffcf
VISUAL dHash
1e18343830183818
VISUAL wHash
0087838f8f879f8f
VISUAL colorHash
070000001c0
VISUAL cropResistant
1e0c343818183018,3048445446c81696

Code Analysis

Risk Score 73/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Card Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Vehicle tax renewal phishing.
• Target: UK citizens who need to renew their vehicle tax.
• Method: A fake website asks for personal and card details to process vehicle tax renewal.
• Exfil: The form submits to a PHP script on the same domain (Please-wait-a-moment.php?sslchannel=true&sessionid=3PPM0NSHZBKpdvOw7dwkCmtvBzltLbxfLmKTig8ICSJk3vx3H3de6x4vq8OZJl7qVJ5Ieo7nwXira1dgpXNd97Gq66CGC6I9J1VXS83pzlJ86thIu1srgB91IqHaw9ZEDu). The final exfiltration point is unknown.
• Indicators: Domain name is not gov.uk, hosted on bluehost, asks for card details, obfuscated Javascript, non-standard form actions.
• Risk: CRITICAL - Immediate theft of personal and financial information.

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
GOV.UK
https://qsh.xka.mybluehost.me/Renew-your-Vehicle-Tax-Now.php...
Jan 11, 2026
 Screenshot
UK Government
https://qqw.cjf.mybluehost.me/Renew-your-Vehicle-Tax-Now.php...
Jan 11, 2026
 Screenshot
GOV.UK
https://rvf.rnu.mybluehost.me/Renew-your-Vehicle-Tax-Now.php...
Jan 11, 2026
 Screenshot
GOV.UK
https://ksh.bfm.mybluehost.me/Renew-your-Vehicle-Tax-Now.php...
Jan 11, 2026
 Screenshot
GOV.UK
https://qsh.xka.mybluehost.me/Renew-your-Vehicle-Tax-Now.php...
Jan 11, 2026

Scan History for ksh.bfm.mybluehost.me

Found 10 other scans for this domain