Rocky Mountain Power is a real utility company, but the site has a critical security flaw: the SSL certificate doesn't cover the main domain, so you can't safely reach it. That's a serious problem for any site that might handle your account or payment info. Until it's fixed, treat this site with caution.
What you should do now
Don't panic. These steps limit the damage, and the sooner you take them the better.
1
Don't enter any details
No passwords, card numbers or personal information β even if the site looks professional.
2
Close the tab
Especially if you got here from an email, text message or social media ad.
3
Already paid? Call your bank
Contact your bank or card provider right away. They can often stop or reverse a recent payment.
4
Warn others
Report the site and share this check with anyone who sent you the link.
Cross-referenced 35 live signals from Google Safe Browsing, VirusTotal, WHOIS and more on Jul 12, 2026.How we score β
Where the score comes from
We look at six areas. Here's how rockymountainpower.net did in each.
20
Security
The SSL certificate is invalid for the bare domain, making the site unreachable via HTTPS. This is a critical flaw for a utility company that likely handles customer logins and payments.
85
Identity
The domain is 21 years old and belongs to PacifiCorp, a known utility company. Registration through Cloudflare is neutral, but the company's identity is clear from the site content and WHOIS.
85
Reputation
Clean blacklists, no Google Web Risk threats, and a two-decade web archive history confirm a long-standing, legitimate presence.
80
Transparency
Contact info, an about page, and social media links are present. Missing business disclosure is normal for a US-based utility.
80
Compliance
Privacy policy and terms of service are provided. Cookie consent is not required for a US utility site, so no gap here.
70
Infrastructure
DNS and email authentication are well-configured with DMARC rejection. DNSSEC is not enabled, which is common and not a major risk.
What we checked
The 35 signals behind this report.
Security & Transport
Certificate Issuer
Entrust Limited
Google Web Risk
Clean
SSL Certificate
Invalid
Security Headers
2 of 6
Site Reachable
Unreachable
Identity & WHOIS
About Page
Found
Branding
Basic
Business Disclosure
Not found
Contact Info
Found
Domain Age
21 years, 1 months
Domain Expiry
2027-09-24T20:35:25Z
Legal Pages
Privacy & Terms found
Registrar
Cloudflare, Inc.
Infrastructure & DNS
BIMI
Present
DMARC Record
p=reject
DNS Blacklists
Clean
DNS Resolution
1 IP(s)
DNSSEC
Not enabled
DNSSEC
unsigned
Email (MX Records)
1 record(s)
Hosting Network (ASN)
AS23255 PACIFICORP
Name Servers
2 server(s)
Page Load Time
627ms
SPF Record
Present
Reputation & Reach
Page Heading
Building a safe, resilient
Page Language
en
Page Title
PacifiCorp
Sitemap
Not found
Social Media Presence
2 platforms
Structured Data
Found
Tranco Rank
Rank #190641
Trustpilot
No Trustpilot profile
Web Archive History
21 years
Website Status
Online
robots.txt
Present
Think this verdict is wrong?
Site owners can request a fresh scan. Scores update automatically as signals change.
Rocky Mountain Power's website, rockymountainpower.net, belongs to a legitimate utility company β PacifiCorp has operated for decades, and the domain itself was registered over 21 years ago. That history is a good sign. But there's a glaring technical problem: the site's security certificate doesn't cover the bare domain name. When you try to visit rockymountainpower.net directly, your browser will warn you the connection isn't private. That's a red flag for any website where customers might log in or pay bills. The issue is likely a configuration error rather than a scam (the certificate does work for the www version), but it's still a serious gap. For now, you can access the site by typing 'www.rockymountainpower.net' β but the company should fix the certificate mismatch immediately. If you're a customer, use caution until they do.