urlscan.io logo urlscan.io
SecurityTrails logo

eeuk.13-40-158-147.cprapid.com Open in urlscan Pro
13.40.158.147  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://eeuk.13-40-158-147.cprapid.com/govUK/
Effective URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Submission Tags: @ecarlesi threat phishing govuk Search All
Submission: On November 29 via api from IT — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 13.40.158.147, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is eeuk.13-40-158-147.cprapid.com.
TLS certificate: Issued by R10 on November 29th 2024. Valid for: 3 months.
This is the only time eeuk.13-40-158-147.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

2    13.40.158.147 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-40-158-147.eu-west-2.compute.amazonaws.com
eeuk.13-40-158-147.cprapid.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    2a04:4e42:200::144 (United States)

ASN54113 (FASTLY, US)
www.gov.uk
1    2a04:4e42:600::144 (United States)

ASN54113 (FASTLY, US)
assets.publishing.service.gov.uk
4    151.101.128.144 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.gov.uk
Apex Domain
Subdomains		 Transfer
12 www.gov.uk
www.gov.uk — Cisco Umbrella Rank: 28731
149 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
175 KB
2 cprapid.com
eeuk.13-40-158-147.cprapid.com
111 KB
1 service.gov.uk
assets.publishing.service.gov.uk — Cisco Umbrella Rank: 64533
19 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
21 KB
18 5
Domain Requested by
12 www.gov.uk eeuk.13-40-158-147.cprapid.com
www.gov.uk
2 www.googletagmanager.com eeuk.13-40-158-147.cprapid.com
2 eeuk.13-40-158-147.cprapid.com 1 redirects
1 assets.publishing.service.gov.uk eeuk.13-40-158-147.cprapid.com
1 www.google-analytics.com eeuk.13-40-158-147.cprapid.com
18 5
Subject Issuer Validity Valid
cpanel.eeuk.13-40-158-147.cprapid.com
R10		 2024-11-29 -
2025-02-27		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
www.gov.uk
GlobalSign RSA OV SSL CA 2018		 2024-11-15 -
2025-12-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Frame ID: 3BCBC595B40C00138AAE9A00DA84B890
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

£400 energy bills discount to support households this winter - GOV.UK

Page URL History Show full URLs

  1. http://eeuk.13-40-158-147.cprapid.com/govUK/ HTTP 307
    https://eeuk.13-40-158-147.cprapid.com/govUK/ HTTP 302
    https://eeuk.13-40-158-147.cprapid.com/govUK/energy/ Page URL

Detected technologies

Overall confidence: 80%
Detected patterns
  • <body[^>]+govuk-template__body
  • <a[^>]+govuk-link
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

18
Requests

94 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

7
IPs

3
Countries

474 kB
Transfer

1447 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://eeuk.13-40-158-147.cprapid.com/govUK/ HTTP 307
    https://eeuk.13-40-158-147.cprapid.com/govUK/ HTTP 302
    https://eeuk.13-40-158-147.cprapid.com/govUK/energy/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
eeuk.13-40-158-147.cprapid.com/govUK/energy/
Redirect Chain
  • http://eeuk.13-40-158-147.cprapid.com/govUK/
  • https://eeuk.13-40-158-147.cprapid.com/govUK/
  • https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
110 KB
111 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.40.158.147 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-40-158-147.eu-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f497b1f332b7906d373ccae45abf67a0bd7744fe29184b418277067d470ee841

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
113147
Content-Type
text/html
Date
Fri, 29 Nov 2024 17:27:27 GMT
Keep-Alive
timeout=5, max=99
Last-Modified
Sat, 18 Mar 2023 23:06:26 GMT
Server
Apache

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 29 Nov 2024 17:27:27 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
location
energy/
js
www.googletagmanager.com/gtag/ 		275 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S5RQ7FTGVR&l=dataLayer&cx=c
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e8cd70cd36105478d847f6b941009dba5c91e51604a3fb0650df68a9b09e22ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 29 Nov 2024 17:27:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 29 Nov 2024 17:27:27 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
98167
x-xss-protection
0
server
Google Tag Manager
gtm.js
www.googletagmanager.com/ 		244 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MG7HG5W
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
34b68483b00d619f44c415a5383c2a888734f17b16041dd280afd59e105bc16d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Fri, 29 Nov 2024 17:27:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 29 Nov 2024 17:27:27 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 29 Nov 2024 15:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
79774
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
gzip
age
2762
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 18:41:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 29 Nov 2024 16:41:25 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
lux-measurer-505eef3e243b1d08ea7c4b945ebe1ae146d896db61366e415b30cc1bcd84cbdc.js
www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/lux-measurer-505eef3e243b1d08ea7c4b945ebe1ae146d896db61366e415b30cc1bcd84cbdc.js
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2002530433042d7fa39cfe4320807d21db87c2295a7b247b8c6f1c76783ef25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"33690f0164d03a80c866f37fde13dafc"
age
806379
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Tue, 07 May 2024 16:00:42 GMT
content-type
application/javascript
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.597984,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
849
server
AmazonS3
lux-reporter-0630526d2811f955ec5e421a6233bd828938bf706c2481233ef4efb8831d0625.js
www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/lux-reporter-0630526d2811f955ec5e421a6233bd828938bf706c2481233ef4efb8831d0625.js
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b96046acbaea34f9e5acf43c1b1b433140e6fd8ede2f1be0b3d9c3445c91498a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"df92b362c78a8b1632d0a60bb5270ceb"
age
5493
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Thu, 13 Oct 2022 11:13:50 GMT
content-type
application/javascript
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.597996,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
6604
server
AmazonS3
rum-loader-c53469dcb841d7b228c914a2e8bdcf3b831a578adf7d4f21cf9da5b85df7381e.js
www.gov.uk/assets/static/govuk_publishing_components/ 		669 B
438 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/govuk_publishing_components/rum-loader-c53469dcb841d7b228c914a2e8bdcf3b831a578adf7d4f21cf9da5b85df7381e.js
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4b2c0ed1c13efb6bdcde52d8f50a127abba38769ae89685475f4c351beff209b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"28f6cd5172ee638424577fb03aa10ff6"
age
206077
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Thu, 01 Feb 2024 11:31:58 GMT
content-type
application/javascript
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.598000,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
317
server
AmazonS3
application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css
www.gov.uk/assets/static/ 		201 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17c1530accbbe7c449c7f80f22192cfb149431918c44e5c92ccc77f5fc661c24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"86db42a53a97d13379c6fe942a21fd42"
age
5493
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Thu, 13 Oct 2022 11:13:49 GMT
content-type
text/css
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.598088,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
17862
server
AmazonS3
application-69450ed4fc007ef22e313f1c73a1f02c3aba8f2eab45d754ce20b3c7eb538e4c.css
www.gov.uk/assets/government-frontend/ 		219 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/government-frontend/application-69450ed4fc007ef22e313f1c73a1f02c3aba8f2eab45d754ce20b3c7eb538e4c.css
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b6eb84f9776380d9b2702d0e74567e2a3933af6814431b381f15cdf49c66e9d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"29cdd931acf65356003a7ed21c1a73e6"
age
5493
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Tue, 22 Nov 2022 16:39:24 GMT
content-type
text/css
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.598302,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
22508
server
AmazonS3
print-bec47bfcef04d828411851a031b4ff4de7144980b52046d17755e41959083555.css
www.gov.uk/assets/static/ 		61 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/print-bec47bfcef04d828411851a031b4ff4de7144980b52046d17755e41959083555.css
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a19d3ab919a8022b86629fcdbee0638449c79e7313792a85a479172819b9c8aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"6c9ec25ead012c9f195e46b7736f4fc8"
age
702984
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Thu, 13 Oct 2022 11:13:50 GMT
content-type
text/css
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.597945,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
6621
server
AmazonS3
print-bcb988c58a27d6eb2bbce8bdaa46a916550927b9715bd8bf8b69a36c3716d40f.css
www.gov.uk/assets/government-frontend/ 		72 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/government-frontend/print-bcb988c58a27d6eb2bbce8bdaa46a916550927b9715bd8bf8b69a36c3716d40f.css
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b477e5c3052eb2e85dc28d5e020ce7d7c7bbb9b8709a63e36ffba60199875571
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"8423f03453830c3eb084e336e27b070f"
age
5493
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Mon, 12 Dec 2022 17:13:12 GMT
content-type
text/css
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.629922,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
8145
server
AmazonS3
s300_energy-bills.png
assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158400/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/image_data/file/158400/s300_energy-bills.png
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
475bc60d06dc75f818bf042927323c43a7ef06cc92147b49c66dff61f5dd9753
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

etag
"62e2fe2f-48f4"
age
0
fastly-backend-name
awsorigin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
content-type
image/png
x-served-by
cache-lcy-eglc8600073-LCY
x-cache-hits
0
content-disposition
inline; filename="s300_energy-bills.png"
x-frame-options
DENY
last-modified
Thu, 28 Jul 2022 21:22:55 GMT
cache-control
max-age=1800, public
x-timer
S1732901248.546679,VS0,VE26
via
1.1 varnish
accept-ranges
bytes
content-length
18676
server
nginx
application-087272cd04e26ba8d2c7c0ccef5db8dcc67495fdae7ef356f838d916abeda4c6.js
www.gov.uk/assets/static/ 		0
0
application-3cafadb7a7e2b573dec0a5d24fe813cbcedd7f3ca66281600a699c7a944f8dfd.js
www.gov.uk/assets/government-frontend/ 		99 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/government-frontend/application-3cafadb7a7e2b573dec0a5d24fe813cbcedd7f3ca66281600a699c7a944f8dfd.js
Requested by
Host: eeuk.13-40-158-147.cprapid.com
URL: https://eeuk.13-40-158-147.cprapid.com/govUK/energy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::144 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac6ed1252e1a4d580163185e8db545d28fd3c7fc24bcd98dec4109cabbd8b038
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"7ad88850d3fc9c596da575970400b6e4"
age
5493
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Thu, 10 Nov 2022 12:39:49 GMT
content-type
text/javascript
x-cache-hits
0
x-served-by
cache-lcy-eglc8600023-LCY
strict-transport-security
max-age=31536000; preload
vary
Accept-Encoding
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.629950,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
16272
server
AmazonS3
govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
www.gov.uk/assets/static/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gov.uk/assets/static/govuk-crest-87038e62e594b5f83ea40e0fb480fe7a5f41ba0db3917f709dfb39043f19a0f7.png
Requested by
Host: www.gov.uk
URL: https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.144 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css

Response headers

etag
"bcd5768bd7721641ee71ba103bb38900"
age
2117873
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Mon, 15 Jul 2024 10:31:50 GMT
content-type
image/png
x-cache-hits
0
x-served-by
cache-lcy-eglc8600081-LCY
strict-transport-security
max-age=31536000; preload
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.692519,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
3584
server
AmazonS3
bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
www.gov.uk/assets/static/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/bold-b542beb274-v2-35bf540bb39615b6a517986f3aa83f7fefa1efd1878603eeeb196488078542d1.woff2
Requested by
Host: www.gov.uk
URL: https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.144 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://eeuk.13-40-158-147.cprapid.com
Referer
https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css

Response headers

etag
"b542beb2746ca0e4a5a9aa7ea7767df7"
age
1508703
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Mon, 15 Jul 2024 10:31:50 GMT
content-type
binary/octet-stream
x-cache-hits
52124
x-served-by
cache-lcy-eglc8600061-LCY
strict-transport-security
max-age=31536000; preload
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.728515,VS0,VE0
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
31480
server
AmazonS3
light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
www.gov.uk/assets/static/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/light-94a07e06a1-v2-01565b0034e61d4609689bbb7ae0be844701f3812c8fe029fa1659b7ef3aa94f.woff2
Requested by
Host: www.gov.uk
URL: https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.144 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://eeuk.13-40-158-147.cprapid.com
Referer
https://www.gov.uk/assets/static/application-4d0a30e4ea17a02c4ff0e896efebbf3cf3eedb16204f9a9111fb075418950d6c.css

Response headers

etag
"94a07e06a104e76fe40583f74b204aee"
age
1446123
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Mon, 15 Jul 2024 10:31:50 GMT
content-type
binary/octet-stream
x-cache-hits
52283
x-served-by
cache-lcy-eglc8600061-LCY
strict-transport-security
max-age=31536000; preload
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.728047,VS0,VE0
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
33382
server
AmazonS3
favicon-9ed7849c462c53aa2cdf1690eb257e801ecbf5696d1d0928868c5b032b4adb36.ico
www.gov.uk/assets/static/ 		6 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.gov.uk/assets/static/favicon-9ed7849c462c53aa2cdf1690eb257e801ecbf5696d1d0928868c5b032b4adb36.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.128.144 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6921a31b023a41929073393bdad00077436c3835994079bcd2e437261875b2fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://eeuk.13-40-158-147.cprapid.com/

Response headers

content-encoding
br
etag
"de7abc5226925203ac10b0a4a94af949"
age
1528151
fastly-backend-name
staticAssetsS3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Fri, 29 Nov 2024 17:27:27 GMT
last-modified
Fri, 16 Feb 2024 12:10:44 GMT
content-type
image/vnd.microsoft.icon
x-served-by
cache-lcy-eglc8600081-LCY
x-cache-hits
1
vary
Accept-Encoding
strict-transport-security
max-age=31536000; preload
cache-control
max-age=31536000, public, immutable
x-timer
S1732901248.811169,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
2361
server
AmazonS3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.gov.uk
URL
https://www.gov.uk/assets/static/application-087272cd04e26ba8d2c7c0ccef5db8dcc67495fdae7ef356f838d916abeda4c6.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| LongTaskObserver function| measureHTTPProtocol object| LUX object| LUX_ae object| LUX_al object| google_tag_data function| ga object| gaplugins object| google_tag_manager object| dataLayer function| nodeListForEach object| GOVUK function| onYouTubePlayerAPIReady object| GOVUKFrontend

2 Cookies

Domain/Path Name / Value
eeuk.13-40-158-147.cprapid.com/ Name: PHPSESSID
Value: 3e21a20eebc4a2b975f16568b5bd9a7c
eeuk.13-40-158-147.cprapid.com/ Name: lux_uid
Value: 173290124762036379

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.publishing.service.gov.uk
eeuk.13-40-158-147.cprapid.com
www.google-analytics.com
www.googletagmanager.com
www.gov.uk
www.gov.uk
13.40.158.147
151.101.128.144
2a00:1450:4001:808::200e
2a00:1450:4001:813::2008
2a04:4e42:200::144
2a04:4e42:600::144
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
17c1530accbbe7c449c7f80f22192cfb149431918c44e5c92ccc77f5fc661c24
34b68483b00d619f44c415a5383c2a888734f17b16041dd280afd59e105bc16d
475bc60d06dc75f818bf042927323c43a7ef06cc92147b49c66dff61f5dd9753
4b2c0ed1c13efb6bdcde52d8f50a127abba38769ae89685475f4c351beff209b
6921a31b023a41929073393bdad00077436c3835994079bcd2e437261875b2fc
a19d3ab919a8022b86629fcdbee0638449c79e7313792a85a479172819b9c8aa
a2002530433042d7fa39cfe4320807d21db87c2295a7b247b8c6f1c76783ef25
ac6ed1252e1a4d580163185e8db545d28fd3c7fc24bcd98dec4109cabbd8b038
b477e5c3052eb2e85dc28d5e020ce7d7c7bbb9b8709a63e36ffba60199875571
b6eb84f9776380d9b2702d0e74567e2a3933af6814431b381f15cdf49c66e9d7
b96046acbaea34f9e5acf43c1b1b433140e6fd8ede2f1be0b3d9c3445c91498a
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e8cd70cd36105478d847f6b941009dba5c91e51604a3fb0650df68a9b09e22ce
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f497b1f332b7906d373ccae45abf67a0bd7744fe29184b418277067d470ee841