energybills-online.com

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 95.161.129.78, located in Antigua And Barbuda and belongs to HUIZE_LTD Huize Telecom, RU. The main domain is energybills-online.com.

This is the only time energybills-online.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 3	95.161.129.78 95.161.129.78	57416 (HUIZE_LTD...) (HUIZE_LTD Huize Telecom)
2	2a04:4e42:200... 2a04:4e42:200::144	54113 (FASTLY) (FASTLY)
2	2a04:4e42:400... 2a04:4e42:400::144	54113 (FASTLY) (FASTLY)
6	3

3 95.161.129.78 (Antigua And Barbuda) 1 redirects

ASN57416 (HUIZE_LTD Huize Telecom, RU)

energybills-online.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::144 (United States)

ASN54113 (FASTLY, US)

assets.publishing.service.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::144 (United States)

ASN54113 (FASTLY, US)

www.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	www.gov.uk www.gov.uk — Cisco Umbrella Rank: 20630	68 KB
3	energybills-online.com 1 redirects energybills-online.com	237 KB
1	service.gov.uk assets.publishing.service.gov.uk — Cisco Umbrella Rank: 42272	19 KB
6	3

	Domain	Requested by
3	www.gov.uk	energybills-online.com
3	energybills-online.com	1 redirects energybills-online.com
1	assets.publishing.service.gov.uk	energybills-online.com
6	3

This site contains links to these domains. Also see Links.

Domain
www.gov.uk
www.ofgem.gov.uk
costoflivingsupport.campaign.gov.uk
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
www.gov.uk GlobalSign RSA OV SSL CA 2018	`2021-11-18` - `2022-12-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi
Frame ID: A739C9482FB2C4FA669C71CE4225C35B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Energy Bills Support Scheme explainer - GOV.UK

Page URL History Show full URLs

http://energybills-online.com/ HTTP 302
http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogy... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 80%
Detected patterns

<body[^>]+govuk-template__body
<a[^>]+govuk-link

Page Statistics

6
Requests

67 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

323 kB
Transfer

321 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gov.uk/
Title: GOV.UK

Search URL Search Domain Scan URL

URL: https://www.ofgem.gov.uk/sites/default/files/docs/2005/10/11782-resaleupdateoct05_3.pdf
Title: how to ensure customers are being charged no more than they should when they buy the electricity through their landlord, including what to do if they think there has been a mistake

Search URL Search Domain Scan URL

URL: https://costoflivingsupport.campaign.gov.uk/
Title: Help for Households

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence v3.0

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/
Title: © Crown copyright

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://energybills-online.com/ HTTP 302
http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request start.php Show response
energybills-online.com/
Redirect Chain

http://energybills-online.com/
http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi

104 KB
104 KB

366ms
261ms

Document
text/html

95.161.129.78
HUIZE_LTD Huize T...

General

Check archive.org

Show headers Download Go to

Full URL: http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi
Protocol: HTTP/1.1
Server: 95.161.129.78 , Antigua And Barbuda, ASN57416 (HUIZE_LTD Huize Telecom, RU),
Reverse DNS
Software: Apache /
Resource Hash: fa9b60870a488ec00459fc374a8c2d021aff19286f785c63667bc237ae32bf06

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Sun, 18 Sep 2022 21:21:01 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 18 Sep 2022 21:21:01 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi
Pragma: no-cache
Server: Apache

GET
H/1.1 200
OK startstyle.css
energybills-online.com/css/ 133 KB
133 KB 349ms
250ms Stylesheet
text/css 95.161.129.78
HUIZE_LTD Huize T...

General

Check archive.org

Show headers Download Go to

Full URL: http://energybills-online.com/css/startstyle.css
Requested by: Host: energybills-online.com
URL: http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi
Protocol: HTTP/1.1
Server: 95.161.129.78 , Antigua And Barbuda, ASN57416 (HUIZE_LTD Huize Telecom, RU),
Reverse DNS
Software: Apache /
Resource Hash: 41cef09a75d359bbc0b3aa21fe168739ea8e53cf2dc35ed85320c31d43c432da

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date: Sun, 18 Sep 2022 21:21:02 GMT
Last-Modified: Tue, 06 Sep 2022 03:44:20 GMT
Server: Apache
Connection: close
Accept-Ranges: bytes
Content-Length: 135949
Content-Type: text/css

GET
H2 200 s300_energy-bills.png
assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158488/ 18 KB
19 KB 224ms
62ms Image
image/png 2a04:4e42:200::144
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158488/s300_energy-bills.png

Requested by

Host: energybills-online.com
URL: http://energybills-online.com/start.php?NPIIFcANLYC&inID=XUXvqcYQYlTexJwPXCvGjmuwVOnSgmCOISYkunKLzRqHbpogyVhpHtrIi

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e264909d5b52e62eface8518df0ccddf99e21922a2e6316bffe0d38340e590d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://energybills-online.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload
via: 1.1 varnish
etag: "62e3fec4-48f4"
age: 206
x-cache: HIT
content-disposition: inline; filename="s300_energy-bills.png"
content-length: 18676
x-served-by: cache-mxp6975-MXP
last-modified: Fri, 29 Jul 2022 15:37:40 GMT
server: nginx
fastly-backend-name: awsorigin
date: Sun, 18 Sep 2022 21:21:02 GMT
x-frame-options: DENY
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=1800, public
accept-ranges: bytes
x-timer: S1663536062.241381,VS0,VE1
access-control-allow-headers: origin, authorization
x-cache-hits: 1

GET
H2 200 govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
www.gov.uk/assets/static/ 4 KB
4 KB 186ms
61ms Image
image/png 2a04:4e42:200::144
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gov.uk/assets/static/govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png

Requested by

Host: energybills-online.com
URL: http://energybills-online.com/css/startstyle.css

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://energybills-online.com/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload
via: 1.1 varnish
etag: "624ac7a1-e00"
age: 503072
x-cache: HIT
x-cache-hits: 1
content-length: 3584
x-served-by: cache-mxp6975-MXP
last-modified: Mon, 04 Apr 2022 10:25:37 GMT
server: nginx
fastly-backend-name: origin
date: Sun, 18 Sep 2022 21:21:02 GMT
content-type: image/png
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
x-timer: S1663536063.652146,VS0,VE1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
www.gov.uk/assets/frontend/ 31 KB
31 KB 319ms
65ms Font
font/woff2 2a04:4e42:400::144
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gov.uk/assets/frontend/bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2

Requested by

Host: energybills-online.com
URL: http://energybills-online.com/css/startstyle.css

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::144 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: http://energybills-online.com/
Origin: http://energybills-online.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload
via: 1.1 varnish
etag: "6242d665-7af8"
age: 1199755
x-cache: HIT
content-length: 31480
x-served-by: cache-mxp6952-MXP
last-modified: Tue, 29 Mar 2022 09:50:29 GMT
server: nginx
fastly-backend-name: origin
date: Sun, 18 Sep 2022 21:21:02 GMT
access-control-allow-methods: GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-timer: S1663536063.782356,VS0,VE1
access-control-allow-headers: origin, authorization
x-cache-hits: 1

GET
H2 200 light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
www.gov.uk/assets/frontend/ 33 KB
33 KB 327ms
74ms Font
font/woff2 2a04:4e42:400::144
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gov.uk/assets/frontend/light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2

Requested by

Host: energybills-online.com
URL: http://energybills-online.com/css/startstyle.css

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::144 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: http://energybills-online.com/
Origin: http://energybills-online.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload
via: 1.1 varnish
etag: "6242d667-8266"
age: 1100692
x-cache: HIT
content-length: 33382
x-served-by: cache-mxp6952-MXP
last-modified: Tue, 29 Mar 2022 09:50:31 GMT
server: nginx
fastly-backend-name: origin
date: Sun, 18 Sep 2022 21:21:02 GMT
access-control-allow-methods: GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
x-timer: S1663536063.782322,VS0,VE1
access-control-allow-headers: origin, authorization
x-cache-hits: 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			energybills-online.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b9405ba58156b97e92efb4f0ce6db184

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.publishing.service.gov.uk
energybills-online.com
www.gov.uk
2a04:4e42:200::144
2a04:4e42:400::144
95.161.129.78
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
41cef09a75d359bbc0b3aa21fe168739ea8e53cf2dc35ed85320c31d43c432da
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
e264909d5b52e62eface8518df0ccddf99e21922a2e6316bffe0d38340e590d9
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
fa9b60870a488ec00459fc374a8c2d021aff19286f785c63667bc237ae32bf06

energybills-online.com Open in urlscan Pro 95.161.129.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

67 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

323 kBTransfer

321 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

energybills-online.com Open in urlscan Pro
95.161.129.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

67 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

323 kB
Transfer

321 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!