energyrebates-uk.com
Open in
urlscan Pro
34.175.142.16
Malicious Activity!
Public Scan
Submitted URL: https://energyrebates-uk.com/
Effective URL: https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl
Submission: On October 03 via api from GB — Scanned from ES
Effective URL: https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl
Submission: On October 03 via api from GB — Scanned from ES
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 6 HTTP transactions.
The main IP is 34.175.142.16, located in
Madrid, Spain and
belongs to GOOGLE-CLOUD-PLATFORM, US.
The main domain is energyrebates-uk.com.
TLS certificate: Issued by R3 on October 2nd 2022. Valid for: 3 months.
This is the only time energyrebates-uk.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on October 2nd 2022. Valid for: 3 months.
This is the only time energyrebates-uk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 3 | 34.175.142.16 34.175.142.16 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
| 2 | 2a04:4e42:600... 2a04:4e42:600::144 | 54113 (FASTLY) (FASTLY) | |
| 2 | 2a04:4e42:400... 2a04:4e42:400::144 | 54113 (FASTLY) (FASTLY) | |
| 6 | 3 |
3
34.175.142.16
(Madrid, Spain)
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 16.142.175.34.bc.googleusercontent.com
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 16.142.175.34.bc.googleusercontent.com
| energyrebates-uk.com |
2
2a04:4e42:600::144
(United States)
ASN54113 (FASTLY, US)
ASN54113 (FASTLY, US)
| assets.publishing.service.gov.uk | |
| www.gov.uk |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
www.gov.uk
www.gov.uk — Cisco Umbrella Rank: 21104 |
68 KB |
| 3 |
energyrebates-uk.com
1 redirects
energyrebates-uk.com |
237 KB |
| 1 |
service.gov.uk
assets.publishing.service.gov.uk — Cisco Umbrella Rank: 43851 |
18 KB |
| 6 | 3 |
| Domain | Requested by | |
|---|---|---|
| 3 | www.gov.uk |
energyrebates-uk.com
|
| 3 | energyrebates-uk.com |
1 redirects
energyrebates-uk.com
|
| 1 | assets.publishing.service.gov.uk |
energyrebates-uk.com
|
| 6 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.gov.uk |
| www.ofgem.gov.uk |
| costoflivingsupport.campaign.gov.uk |
| www.nationalarchives.gov.uk |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| energyrebates-uk.com R3 |
2022-10-02 - 2022-12-31 |
3 months | crt.sh |
| www.gov.uk GlobalSign RSA OV SSL CA 2018 |
2021-11-18 - 2022-12-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl
Frame ID: 2002139C23AE805BC6492AFACE42BA26
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Energy Bills Support Scheme explainer - GOV.UKPage URL History Show full URLs
-
https://energyrebates-uk.com/
HTTP 302
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFY... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
GOV.UK Frontend
(UI frameworks)
Expand
Overall confidence: 80%
Detected patterns
Detected patterns
- <body[^>]+govuk-template__body
- <a[^>]+govuk-link
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
URL: https://www.gov.uk/
Title: GOV.UK
Title: GOV.UK
Search URL Search Domain Scan URL
URL: https://www.ofgem.gov.uk/sites/default/files/docs/2005/10/11782-resaleupdateoct05_3.pdf
Title: how to ensure customers are being charged no more than they should when they buy the electricity through their landlord, including what to do if they think there has been a mistake
Title: how to ensure customers are being charged no more than they should when they buy the electricity through their landlord, including what to do if they think there has been a mistake
Search URL Search Domain Scan URL
URL: https://costoflivingsupport.campaign.gov.uk/
Title: Help for Households
Title: Help for Households
Search URL Search Domain Scan URL
URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence v3.0
Title: Open Government Licence v3.0
Search URL Search Domain Scan URL
URL: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/
Title: © Crown copyright
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://energyrebates-uk.com/
HTTP 302
https://energyrebates-uk.com/start.php?EjCAVDWX&inID=eyyVLUngUGsDgRArKGnKKJxaCjVuvYUHHQzPdGSGnBscGAwDbLFYkECfl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
start.php
energyrebates-uk.com/ Redirect Chain
|
104 KB 104 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
startstyle.css
energyrebates-uk.com/css/ |
133 KB 133 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s300_energy-bills.png
assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158488/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
www.gov.uk/assets/static/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
www.gov.uk/assets/frontend/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
www.gov.uk/assets/frontend/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| energyrebates-uk.com/ | Name: PHPSESSID Value: 610687075d84092d05f908caf7fb7c9d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.publishing.service.gov.uk
energyrebates-uk.com
www.gov.uk
2a04:4e42:400::144
2a04:4e42:600::144
34.175.142.16
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
1f1d5415ff77f86bd0d71f7f3aab414424dea8d88b0850e1707488f134a2eba2
41cef09a75d359bbc0b3aa21fe168739ea8e53cf2dc35ed85320c31d43c432da
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
e264909d5b52e62eface8518df0ccddf99e21922a2e6316bffe0d38340e590d9
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0