www.bensplumbingandheatinggroup.co.uk Open in urlscan Pro
172.67.211.28 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/bluestarguide.html#a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcX...
Effective URL:
https://www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/bluestarguide.html
Submission Tags: @phish_report
Submission: On January 06 via api (January 6th 2025, 9:48:30 am UTC) from FI — Scanned from FI

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 2 HTTP transactions. The main IP is 172.67.211.28, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bensplumbingandheatinggroup.co.uk.
TLS certificate: Issued by E5 on November 28th 2024. Valid for: 3 months.

This is the only time www.bensplumbingandheatinggroup.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	172.67.211.28 172.67.211.28	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	95.182.96.103 95.182.96.103	56971 (AS56971 C...) (AS56971 CGI GLOBAL LIMITED)
1	104.21.112.1 104.21.112.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2

1 172.67.211.28 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bensplumbingandheatinggroup.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.182.96.103 (Montserrat, Spain) 1 redirects

ASN56971 (AS56971 CGI GLOBAL LIMITED, HK)

bluestarguide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.112.1 (None, )

ASN13335 (CLOUDFLARENET, US)

www.myredirectservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	myredirectservices.com www.myredirectservices.com
1	bluestarguide.com 1 redirects bluestarguide.com	323 B
1	bensplumbingandheatinggroup.co.uk www.bensplumbingandheatinggroup.co.uk	889 B
2	3

	Domain	Requested by
1	www.myredirectservices.com	www.bensplumbingandheatinggroup.co.uk
1	bluestarguide.com	1 redirects
1	www.bensplumbingandheatinggroup.co.uk
2	3

This site contains no links.

Subject Issuer	Validity	Valid
bensplumbingandheatinggroup.co.uk E5	`2024-11-28` - `2025-02-26`	3 months	crt.sh
myredirectservices.com WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh

This page contains 1 frames:

Frame: https://www.myredirectservices.com/25T99KMS/7DJ1LB4D/?sub1=2&sub2=31441_0&sub3=47_106276_5270_693573_md
Frame ID: 9BAD118F8EA08A44A13E44EC9D308380
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 HTTP 307
https://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 HTTP 307
http://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 HTTP 302
https://www.myredirectservices.com/25T99KMS/7DJ1LB4D/?sub1=2&sub2=31441_0&sub3=47_106276_5270_693573_md

2 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request bluestarguide.html Show response www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/	140 B 889 B	363ms 289ms	Document text/html	172.67.211.28 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/bluestarguide.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.211.28 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `90a7cda939e3ed22c6938e70c966b4a92b156c6c8a80c5172bba27d8720c4dbd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8fdaca873ca9b604-WAW content-encoding zstd content-type text/html date Mon, 06 Jan 2025 09:48:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PIDcwmM5LuSjEeWmsV2BbGLZU1oIDQFFFqNtpcGT0n8EijkJry%2FxTrzAg6QrVK6lAolCXK%2FlwX8PqyKnVOxqKjqVQ5eg5ihkc4aQuwYV1NdZfph%2FvQ44oywhENlJ%2F3HFDpoi288xMeOhfSWBWZfOA%2BGG%2F4rtG0Is"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=46864&min_rtt=46474&rtt_var=7708&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4093&recv_bytes=4487&delivery_rate=600&cwnd=12000&unsent_bytes=0&cid=a2163791f29ab6f3&ts=304&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding x-cdn-cache-status MISS x-origin-cache-status MISS x-provided-by StackCDN x-via FRA1
GET H3	204	/ www.myredirectservices.com/25T99KMS/7DJ1LB4D/ Redirect Chain http://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 https://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 http://bluestarguide.com/a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 https://www.myredirectservices.com/25T99KMS/7DJ1LB4D/?sub1=2&sub2=31441_0&sub3=47_106276_5270_693573_md	0 0	670ms 435ms	Document text/plain	104.21.112.1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.myredirectservices.com/25T99KMS/7DJ1LB4D/?sub1=2&sub2=31441_0&sub3=47_106276_5270_693573_md Requested by Host: www.bensplumbingandheatinggroup.co.uk URL: https://www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/bluestarguide.html Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.112.1 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.bensplumbingandheatinggroup.co.uk/wp-content/uploads/2024/12/bluestarguide.html#a2lBQmh2bndGbG9sNXhSUjVuVmRZRjYxM3RqNU1ESFE2RFhWcXlBL3FkZ2VJUVM0ZDc5MnZ1cXExOHVEOWxXTUxnWVlObGJITVJ3NGx1dmw2VVB6QWEyS1F4N0FhSEw0bm1nam96cktjUkU9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ch Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8fdaca90ac0cee47-WAW date Mon, 06 Jan 2025 09:48:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqR5croLOiOT2mQ8YGD8WYRZCbeqBZ1QSdkFgYeytbh%2FODjZnSj6CtTJBARnPdqgKT5pxQiUzt5zunuEzoTG%2BLINipijuY%2BwCM172tzSSKqjXoZ6n0b8i8KsV2rqSZxvDarMcqpbWURWmeokng%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Origin x-eflow-request-id ed698fdf-6fa2-401c-95b9-e12249c6f7dd Redirect headers Connection Keep-Alive Content-Length 164 Content-Type text/html; charset=UTF-8 Date Mon, 06 Jan 2025 09:48:13 GMT Keep-Alive timeout=5, max=100 Location https://www.myredirectservices.com/25T99KMS/7DJ1LB4D/?sub1=2&sub2=31441_0&sub3=47_106276_5270_693573_md Server Apache/2.4.52 (Ubuntu)

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bluestarguide.com
www.bensplumbingandheatinggroup.co.uk
www.myredirectservices.com
104.21.112.1
172.67.211.28
95.182.96.103
90a7cda939e3ed22c6938e70c966b4a92b156c6c8a80c5172bba27d8720c4dbd

www.bensplumbingandheatinggroup.co.uk Open in urlscan Pro 172.67.211.28 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

1 kBTransfer

0 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

www.bensplumbingandheatinggroup.co.uk Open in urlscan Pro
172.67.211.28 Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

2 HTTP transactions
0 data transactions