energyrebates-uk.com
Open in
urlscan Pro
34.175.142.16
Malicious Activity!
Public Scan
Effective URL: https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl
Submission: On October 03 via api from GB — Scanned from ES
Summary
TLS certificate: Issued by R3 on October 2nd 2022. Valid for: 3 months.
This is the only time energyrebates-uk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 34.175.142.16 34.175.142.16 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 | 2a04:4e42:600... 2a04:4e42:600::144 | 54113 (FASTLY) (FASTLY) | |
2 | 2a04:4e42:400... 2a04:4e42:400::144 | 54113 (FASTLY) (FASTLY) | |
6 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 16.142.175.34.bc.googleusercontent.com
energyrebates-uk.com |
ASN54113 (FASTLY, US)
assets.publishing.service.gov.uk | |
www.gov.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
www.gov.uk
www.gov.uk — Cisco Umbrella Rank: 21104 |
68 KB |
3 |
energyrebates-uk.com
1 redirects
energyrebates-uk.com |
237 KB |
1 |
service.gov.uk
assets.publishing.service.gov.uk — Cisco Umbrella Rank: 43851 |
18 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
3 | www.gov.uk |
energyrebates-uk.com
|
3 | energyrebates-uk.com |
1 redirects
energyrebates-uk.com
|
1 | assets.publishing.service.gov.uk |
energyrebates-uk.com
|
6 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.ofgem.gov.uk |
costoflivingsupport.campaign.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
energyrebates-uk.com R3 |
2022-10-02 - 2022-12-31 |
3 months | crt.sh |
www.gov.uk GlobalSign RSA OV SSL CA 2018 |
2021-11-18 - 2022-12-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl
Frame ID: 2002139C23AE805BC6492AFACE42BA26
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Energy Bills Support Scheme explainer - GOV.UKPage URL History Show full URLs
-
https://energyrebates-uk.com/
HTTP 302
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFY... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
- <a[^>]+govuk-link
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: GOV.UK
Search URL Search Domain Scan URL
Title: how to ensure customers are being charged no more than they should when they buy the electricity through their landlord, including what to do if they think there has been a mistake
Search URL Search Domain Scan URL
Title: Help for Households
Search URL Search Domain Scan URL
Title: Open Government Licence v3.0
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://energyrebates-uk.com/
HTTP 302
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
start.php
energyrebates-uk.com/ Redirect Chain
|
104 KB 104 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
startstyle.css
energyrebates-uk.com/css/ |
133 KB 133 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s300_energy-bills.png
assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158488/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
www.gov.uk/assets/static/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
www.gov.uk/assets/frontend/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
www.gov.uk/assets/frontend/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
energyrebates-uk.com/ | Name: PHPSESSID Value: 610687075d84092d05f908caf7fb7c9d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.publishing.service.gov.uk
energyrebates-uk.com
www.gov.uk
2a04:4e42:400::144
2a04:4e42:600::144
34.175.142.16
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
1f1d5415ff77f86bd0d71f7f3aab414424dea8d88b0850e1707488f134a2eba2
41cef09a75d359bbc0b3aa21fe168739ea8e53cf2dc35ed85320c31d43c432da
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
e264909d5b52e62eface8518df0ccddf99e21922a2e6316bffe0d38340e590d9
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0