release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site
Open in
urlscan Pro
35.189.126.202
Malicious Activity!
Public Scan
Submission: On September 20 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on September 20th 2023. Valid for: 3 months.
This is the only time release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 35.189.126.202 35.189.126.202 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2600:141b:500... 2600:141b:5000::17df:9c48 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:821::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:1400:900... 2600:1400:9000::687e:74b1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:836 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:470:6e0a... 2001:470:6e0a::1b:243 | 6939 (HURRICANE) (HURRICANE) | |
15 | 6 |
ASN15169 (GOOGLE, US)
PTR: 202.126.189.35.bc.googleusercontent.com
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
platformsh.site
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site |
367 KB |
5 |
typekit.net
use.typekit.net — Cisco Umbrella Rank: 1059 p.typekit.net — Cisco Umbrella Rank: 1428 |
100 KB |
2 |
civiccomputing.com
cc.cdn.civiccomputing.com — Cisco Umbrella Rank: 26624 apikeys.civiccomputing.com — Cisco Umbrella Rank: 25233 |
93 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 111 |
77 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
7 | release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site |
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site
|
4 | use.typekit.net |
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site
use.typekit.net |
1 | apikeys.civiccomputing.com |
cc.cdn.civiccomputing.com
|
1 | cc.cdn.civiccomputing.com |
www.googletagmanager.com
|
1 | p.typekit.net |
use.typekit.net
|
1 | www.googletagmanager.com |
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site
|
15 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
twitter.com |
www.linkedin.com |
email.ofgem.gov.uk |
www.ofgem.gov.uk |
epr.ofgem.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site R3 |
2023-09-20 - 2023-12-19 |
3 months | crt.sh |
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-09-14 - 2023-10-15 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-08-14 - 2023-11-06 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-05 - 2024-05-03 |
a year | crt.sh |
apikeys.civiccomputing.com R3 |
2023-08-18 - 2023-11-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/
Frame ID: B73C0019D5E921AC4C1FF560BE084207
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Welcome to Ofgem | OfgemDetected technologies
CIVIC (Cookie compliance) ExpandDetected patterns
- cc\.cdn\.civiccomputing\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
Typekit (Font Scripts) Expand
Detected patterns
- <link [^>]*href="[^"]+use\.typekit\.(?:net|com)
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Share on Facebook
Search URL Search Domain Scan URL
Title: Share on Twitter
Search URL Search Domain Scan URL
Title: Share on LinkedIn
Search URL Search Domain Scan URL
Title: Subscribe to receive our latest news and communications
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Search licences: Electronic Public Register
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/ |
166 KB 168 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vit8nia.css
use.typekit.net/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_h0fON2oNuPa8V-kCeUUKaedMlPgHWzP_FM5kGVMaKf0.css
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/sites/default/files/css/ |
702 B 562 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_-YBcxplfMDRjcE3Ru8nOl6vQwbJrzBuUq7WdHKcAeJw.css
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/sites/default/files/css/ |
108 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_WKxNwTzliBbPWYONhOf5Br5fruX7_EWWXwPSHNue3LQ.js
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/sites/default/files/js/ |
101 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
216 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/themes/custom/numiko/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.css
p.typekit.net/ |
5 B 172 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GettyImages-1246137737.jpg
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/sites/default/files/styles/12_6_media_huge/public/2023-05/ |
99 KB 100 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_zFPT2ORBaEnm3k3l7C2PGfD932S4tDGGLi9qF384hCM.js
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site/sites/default/files/js/ |
145 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/d45b9a/000000000000000077359577/30/ |
33 KB 33 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/98e3f6/000000000000000077359562/30/ |
33 KB 34 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/0758f3/000000000000000077359583/30/ |
33 KB 33 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookieControl-9.x.min.js
cc.cdn.civiccomputing.com/9/ |
329 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v
apikeys.civiccomputing.com/c/ |
107 B 438 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| dataLayer undefined| $ function| jQuery object| drupalSettings object| Drupal function| shouldLoadPolyfills undefined| scriptElement function| once function| DrupalTranslationsWebpackPlugin object| picturefillCFG function| picturefill object| webpackJsonp object| lazySizes object| gsapVersions object| MicroModal object| google_tag_manager object| google_tag_data function| setImmediate function| clearImmediate object| regeneratorRuntime object| CookieControl object| config0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apikeys.civiccomputing.com
cc.cdn.civiccomputing.com
p.typekit.net
release-3-7-0-3xn4ehy-pctxfulozaj62.uk-1.platformsh.site
use.typekit.net
www.googletagmanager.com
2001:470:6e0a::1b:243
2600:1400:9000::687e:74b1
2600:141b:5000::17df:9c48
2606:4700:10::ac43:836
2607:f8b0:4006:821::2008
35.189.126.202
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
25a4f2a96a028eed3ee2f2854e303ade7b77c2931fadcbd19deaa4bb75bbf519
302a2ba50620fc6d23a8395124daa850e451cfad9a148e2a4ba1819031d08c75
58ac4dc13ce58816cf59838d84e7f906be5faee5fbfc45965f03d21cdb9edcb4
63c0b99d314756d6999a2c0260126939488d1d270295297a4b1c1df6fc38bcb3
8747ce376a0db8f6bc57e90279450a69e74c94f8075b33ff14ce6419531a29fd
a4b8cba0ebdac90c75116461ad43c4662986763a10436ee3dba314169c448a36
ab420c3f3810dd894b09365878372b993ddb6b5734e8679f9f1ad508b69e2b10
af3b3037b84be1ef0f0dfafc75bd30480c05ac2ccda8bee8c9188308a8b81221
af73e89f8fe4533c871e02cec68e20e87ef5d00facf781e754cc77b046954eed
cc53d3d8e4416849e6de4de5ec2d8f19f0fddf64b8b431862e2f6a177f388423
ccaac2a8b85879c92bbd73e67512e8e8ab0e719ad0163193081ea6abb20031cc
d801675918d2930e26eceab373e97f7572f9ec5f39b12a52f0be2e29a2fda42d
db5aa6e1e4115b57ca13b7394e40280033c5aab231b91e111a0eb1c5cc6bb2bd
f9805cc6995f303463704dd1bbc9ce97abd0c1b26bcc1b94abb59d1ca700789c