URL: https://rustedfaith.co.uk/
Submission Tags: phishingrod
Submission: On January 19 via api from DE — Scanned from GB

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 79.170.40.239, located in Leeds, United Kingdom and belongs to GD-EMEA-DC-LD5, DE. The main domain is rustedfaith.co.uk.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 12th 2023. Valid for: a year.
This is the only time rustedfaith.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 79.170.40.239 20738 (GD-EMEA-D...)
1 104.126.37.147 20940 (AKAMAI-ASN1)
7 3
Domain Requested by
1 customer.heartinternet.uk rustedfaith.co.uk
1 rustedfaith.co.uk
0 pagead2.googlesyndication.com Failed rustedfaith.co.uk
0 forwards.heartinternet.uk Failed rustedfaith.co.uk
7 4

This site contains links to these domains. Also see Links.

Domain
customer.heartinternet.uk
Subject Issuer Validity Valid
*.secure-secure.co.uk
Go Daddy Secure Certificate Authority - G2
2023-01-12 -
2024-02-13
a year crt.sh
*.heartinternet.uk
Go Daddy Secure Certificate Authority - G2
2024-01-09 -
2025-02-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://rustedfaith.co.uk/
Frame ID: 8874E043323E06B0260C804A436562CC
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Web Hosting, Reseller Hosting & Domain Names from Heart Internet

Page Statistics

7
Requests

14 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

8 kB
Transfer

7 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
rustedfaith.co.uk/
6 KB
6 KB
Document
General
Full URL
https://rustedfaith.co.uk/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
79.170.40.239 Leeds, United Kingdom, ASN20738 (GD-EMEA-DC-LD5, DE),
Reverse DNS
web239.extendcp.co.uk
Software
/
Resource Hash
cd5c345c58737a420b824635228426a85b490a52cd17040aa814e2d0b03643c8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

content-type
text/html
btn_search.png
customer.heartinternet.uk/images/holdingpage/new/
709 B
2 KB
Image
General
Full URL
https://customer.heartinternet.uk/images/holdingpage/new/btn_search.png
Requested by
Host: rustedfaith.co.uk
URL: https://rustedfaith.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-147.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ef4b8aa42c889618a96cb4c49a61e2492cf40963bae4a34734c0ae419b39e9cf
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*;
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://rustedfaith.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*;
date
Fri, 19 Jan 2024 13:27:57 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=86400
content-security-policy-report-only
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.godaddy.com *.liveperson.net *.lpsnmedia.net *.tiqcdn.com *.typekit.net *.heg-cp.com *.facebook.net *.wsimg.com:* *.google.com *.google-analytics.com *.gstatic.com *.crazyegg.com *.t.co *.google.co.uk *.polyfill.io *.jquery.com analytics.twitter.com *.googletagmanager.com static.ads-twitter.com; object-src 'none'; frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:* *.paypal.com:*; report-uri /csp-collector.cgi; report-to csp-endpoint;
content-length
709
x-xss-protection
1
pragma
no-cache
referrer-policy
origin
last-modified
Wed, 03 May 2023 10:51:10 GMT
etag
"2c5-5fac7d57edc66"
x-frame-options
SAMEORIGIN
report-to
{ 'group': 'csp-endpoint', 'max-age': 10886400, 'endpoints': [{'url':'/csp-collector.cgi'}] }
content-type
image/png
cache-control
max-age=0, no-cache, no-store
feature-policy
sync-xhr 'self';
accept-ranges
bytes
expires
Fri, 19 Jan 2024 13:27:57 GMT
logo.png
forwards.heartinternet.uk/images/
0
0

styles.css
forwards.heartinternet.uk/
0
0

show_ads.js
pagead2.googlesyndication.com/pagead/
0
0

show_ads.js
pagead2.googlesyndication.com/pagead/
0
0

show_ads.js
pagead2.googlesyndication.com/pagead/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
forwards.heartinternet.uk
URL
https://forwards.heartinternet.uk/images/logo.png
Domain
forwards.heartinternet.uk
URL
http://forwards.heartinternet.uk/styles.css
Domain
pagead2.googlesyndication.com
URL
http://pagead2.googlesyndication.com/pagead/show_ads.js
Domain
pagead2.googlesyndication.com
URL
http://pagead2.googlesyndication.com/pagead/show_ads.js
Domain
pagead2.googlesyndication.com
URL
http://pagead2.googlesyndication.com/pagead/show_ads.js

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| google_ad_client string| google_ad_slot number| google_ad_width number| google_ad_height

0 Cookies

11 Console Messages

Source Level URL
Text
security warning URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure element 'http://customer.heartinternet.uk/images/holdingpage/new/btn_search.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure element 'http://forwards.heartinternet.uk/images/logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://rustedfaith.co.uk/(Line 8)
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forwards.heartinternet.uk/styles.css'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://rustedfaith.co.uk/(Line 14)
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.heartinternet.uk/domain-names/domain-search.html'. This endpoint should be made available over a secure connection.
security warning URL: https://rustedfaith.co.uk/(Line 35)
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure element 'http://customer.heartinternet.uk/images/holdingpage/new/btn_search.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://rustedfaith.co.uk/(Line 35)
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure element 'http://forwards.heartinternet.uk/images/logo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure script 'http://pagead2.googlesyndication.com/pagead/show_ads.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure script 'http://pagead2.googlesyndication.com/pagead/show_ads.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure script 'http://pagead2.googlesyndication.com/pagead/show_ads.js'. This request has been blocked; the content must be served over HTTPS.
security warning URL: https://rustedfaith.co.uk/
Message:
Mixed Content: The page at 'https://rustedfaith.co.uk/' was loaded over HTTPS, but requested an insecure element 'http://customer.heartinternet.uk/images/holdingpage/new/btn_search.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://forwards.heartinternet.uk/images/logo.png
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED