my-energy-bill-online.com
Open in
urlscan Pro
62.113.114.79
Malicious Activity!
Public Scan
Effective URL: http://my-energy-bill-online.com/start.php?FhIKigTL&inID=wWmsOxIwQMkLMPDsFzuCLxuYsMSymdPlCqgEAuhneWmdfPg
Submission Tags: #phishing @ecarlesi Search All
Submission: On September 15 via api from FI — Scanned from FI
Summary
This is the only time my-energy-bill-online.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 62.113.114.79 62.113.114.79 | 48282 (VDSINA-AS) (VDSINA-AS) | |
2 | 2a04:4e42:400... 2a04:4e42:400::144 | 54113 (FASTLY) (FASTLY) | |
2 | 2a04:4e42:600... 2a04:4e42:600::144 | 54113 (FASTLY) (FASTLY) | |
6 | 3 |
ASN48282 (VDSINA-AS, RU)
PTR: v1383897.hosted-by-vdsina.ru
my-energy-bill-online.com |
ASN54113 (FASTLY, US)
assets.publishing.service.gov.uk | |
www.gov.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
www.gov.uk
www.gov.uk — Cisco Umbrella Rank: 20630 |
67 KB |
3 |
my-energy-bill-online.com
1 redirects
my-energy-bill-online.com |
237 KB |
1 |
service.gov.uk
assets.publishing.service.gov.uk — Cisco Umbrella Rank: 42272 |
19 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
3 | www.gov.uk |
my-energy-bill-online.com
|
3 | my-energy-bill-online.com |
1 redirects
my-energy-bill-online.com
|
1 | assets.publishing.service.gov.uk |
my-energy-bill-online.com
|
6 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.ofgem.gov.uk |
costoflivingsupport.campaign.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.gov.uk GlobalSign RSA OV SSL CA 2018 |
2021-11-18 - 2022-12-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://my-energy-bill-online.com/start.php?FhIKigTL&inID=wWmsOxIwQMkLMPDsFzuCLxuYsMSymdPlCqgEAuhneWmdfPg
Frame ID: E21A5CC0FB74A49AF7FA8909BC8013FC
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Energy Bills Support Scheme explainer - GOV.UKPage URL History Show full URLs
-
http://my-energy-bill-online.com/
HTTP 302
http://my-energy-bill-online.com/start.php?FhIKigTL&inID=wWmsOxIwQMkLMPDsFzuCLxuYsMSymdPlCqgEAuhneWmdfPg Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
- <a[^>]+govuk-link
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: GOV.UK
Search URL Search Domain Scan URL
Title: how to ensure customers are being charged no more than they should when they buy the electricity through their landlord, including what to do if they think there has been a mistake
Search URL Search Domain Scan URL
Title: Help for Households
Search URL Search Domain Scan URL
Title: Open Government Licence v3.0
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://my-energy-bill-online.com/
HTTP 302
http://my-energy-bill-online.com/start.php?FhIKigTL&inID=wWmsOxIwQMkLMPDsFzuCLxuYsMSymdPlCqgEAuhneWmdfPg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
start.php
my-energy-bill-online.com/ Redirect Chain
|
104 KB 104 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
startstyle.css
my-energy-bill-online.com/css/ |
133 KB 133 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s300_energy-bills.png
assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158488/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
www.gov.uk/assets/static/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
www.gov.uk/assets/frontend/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
www.gov.uk/assets/frontend/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
my-energy-bill-online.com/ | Name: PHPSESSID Value: 6c3afd1fd70104c2acc57ebbccd26493 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.publishing.service.gov.uk
my-energy-bill-online.com
www.gov.uk
2a04:4e42:400::144
2a04:4e42:600::144
62.113.114.79
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
41cef09a75d359bbc0b3aa21fe168739ea8e53cf2dc35ed85320c31d43c432da
706e1912e2e47cd65f287aaa59eed72d1f37448833872d3564e392bcb57ad87b
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
e264909d5b52e62eface8518df0ccddf99e21922a2e6316bffe0d38340e590d9
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0