Report - notice.redundancy-payments.org.uk/

Report Overview

Submitted URL
notice.redundancy-payments.org.uk/
IP
20.39.208.24
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-16 17:09:08
Access
public
Website Title
Apply for redundancy payment
Final URL
notice.redundancy-payments.org.uk/claims/start
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
notice.redundancy-payments.org.uk	unknown	2014-05-19	2017-03-31	2023-12-19	7.3 kB	399 kB	20.39.208.24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs
2024-04-16	medium	notice.redundancy-payments.org.uk/	HM Revenue & Customs

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	notice.redundancy-payments.org.uk/claims/start	111 B	2023-03-07	2024-04-29
Pretty URL notice.redundancy-payments.org.uk/claims/start IP 20.39.208.24 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:12:26 Last Seen2024-04-29 12:30:51 Times Seen140 Hash f8245ee5f611c3c4cf83b87f62c07de1 bbd81291a868d2e5c933336f069d6320c46d41fd fba5a75c897899b15308045df0ddc2390993ddb2499a8df637cabc65240021c5 Loading...

	notice.redundancy-payments.org.uk/static/public/javascripts/all.js	88 kB	2023-03-13	2024-04-16
Pretty URL notice.redundancy-payments.org.uk/static/public/javascripts/all.js IP 20.39.208.24 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:40:31 Last Seen2024-04-16 19:09:10 Times Seen7 Hash 442d392d8ac8db9891df7161ca369e09 60a99d36015cf5514b317a087e643573d44eeaf8 71a56aa8e5e162dba0955954d1b0cbce9d6ace7713a3cc977f0f7e0950c3219f Loading...

	notice.redundancy-payments.org.uk/claims/start	30 B	2023-03-07	2024-04-16
Pretty URL notice.redundancy-payments.org.uk/claims/start IP 20.39.208.24 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:59:46 Last Seen2024-04-16 19:09:10 Times Seen16 Hash f288f5351057110456ec1b2b5da2c22b 3706e5bf0c7aa24c1e024def7cc8e8af486861b8 9757935522bc0d39caf3eca5a2e77bc1952a16b2346ad568e95942e8f26f61a4 Loading...

HTTP Transactions (11)

URL IP Response Size

notice.redundancy-payments.org.uk/static/public/assets/images/govuk-apple-touch-icon-180x180.png

20.39.208.24

200 OK

3.5 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/images/govuk-apple-touch-icon-180x180.png
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/claims/start
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: image/png
Content-Length: 3503
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:43 GMT
ETag: "1660632123.0890522-3503-2454793242"
Date: Tue, 16 Apr 2024 17:08:43 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/images/favicon.ico

20.39.208.24

200 OK

6.3 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/images/favicon.ico
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 4 bits/pixel, 32x32, 8 bits/pixel
Size
6.3 kB (6318 bytes)
Hash
de7abc5226925203ac10b0a4a94af949
f56cdbb947dae5ef70f410639c06c034bc2db511
6921a31b023a41929073393bdad00077436c3835994079bcd2e437261875b2fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/images/favicon.ico HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/claims/start
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: image/vnd.microsoft.icon
Content-Length: 6318
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:43 GMT
ETag: "1660632123.0890522-6318-3919717518"
Date: Tue, 16 Apr 2024 17:08:43 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/images/govuk-crest.png

20.39.208.24

200 OK

3.6 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/images/govuk-crest.png
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
PNG image data, 125 x 102, 8-bit colormap, non-interlaced
Size
3.6 kB (3584 bytes)
Hash
bcd5768bd7721641ee71ba103bb38900
42a8d445a3446dee17cc6684ea055703e490bf5e
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/images/govuk-crest.png HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: image/png
Content-Length: 3584
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:43 GMT
ETag: "1660632123.0890522-3584-2155161132"
Date: Tue, 16 Apr 2024 17:08:43 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/fonts/bold-affa96571d-v2.woff

20.39.208.24

200 OK

41 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/fonts/bold-affa96571d-v2.woff
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
Web Open Font Format, TrueType, length 40816, version 1.0
Size
41 kB (40816 bytes)
Hash
affa96571d94a9ab7d95b0850b26edde
1117d82d9030e93f62e8c70b525097c1b1801138
5a2a925237869837d1afdd0a70ffded0717296d2d25885865d19c0da7f3ece5d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/fonts/bold-affa96571d-v2.woff HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: font/woff
Content-Length: 40816
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:43 GMT
ETag: "1660632123.0770519-40816-2261329780"
Date: Tue, 16 Apr 2024 17:08:43 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/fonts/light-94a07e06a1-v2.woff2

20.39.208.24

404 NOT FOUND

53 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/fonts/light-94a07e06a1-v2.woff2
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
data
Size
53 kB (52866 bytes)
Hash
faf8e2a2b2dfb8f994050d873eaef37a
afe01a905e1dbac331cfa4721cb18f405d4be26a
bd74c40aa89efb565dcf18af2330bdbdfc5d445494959bf34bbdd716917f9a74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/fonts/light-94a07e06a1-v2.woff2 HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 NOT FOUND
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Apr 2024 17:08:43 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/fonts/bold-b542beb274-v2.woff2

20.39.208.24

404 NOT FOUND

16 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/fonts/bold-b542beb274-v2.woff2
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
data
Size
16 kB (15896 bytes)
Hash
5fe36419fd4fab83aa07a2ad3adce473
be4300fee57c842d495652884e97fa998e0d627b
07dfd2511004a0b65cf63e01f776bdf3c8a82e8ccf2286f2e649026e708d6c77

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/fonts/bold-b542beb274-v2.woff2 HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 NOT FOUND
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Apr 2024 17:08:43 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/claims/start

20.39.208.24

200 OK

17 kB

URL User Request GET HTTP/1.1
notice.redundancy-payments.org.uk/claims/start
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
data
Size
17 kB (16707 bytes)
Hash
d5ec60803577acafa97892f3edfa5fd1
9822fb2d3a5537bfa3926141c62b23cdcc646559
c743cc6ff4a99afb8864926e4fa15bdec13aae8e56b11f950c769d0a73a250aa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /claims/start HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Apr 2024 17:08:42 GMT
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Cookie
Set-Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; Expires=Sun, 21-Apr-2024 17:08:42 GMT; Max-Age=432000; Secure; HttpOnly; Path=/; SameSite=Lax
session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:42 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/

20.39.208.24

302 FOUND

12 kB

URL User Request GET HTTP/1.1
notice.redundancy-payments.org.uk/
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type

Size
12 kB (12538 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET / HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 FOUND
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 16 Apr 2024 17:08:42 GMT
Content-Type: text/html; charset=utf-8
Location: https://notice.redundancy-payments.org.uk/claims/start
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Refresh: 1815
Vary: Cookie
Set-Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; Expires=Sun, 21-Apr-2024 17:08:42 GMT; Max-Age=432000; Secure; HttpOnly; Path=/; SameSite=Lax
session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:42 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css

20.39.208.24

200 OK

109 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type

Size
109 kB (109094 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/stylesheets/inss.css HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/claims/start
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:42 GMT
ETag: "1660632123.1770544-109094-991896312"
Date: Tue, 16 Apr 2024 17:08:42 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:42 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/javascripts/all.js

20.39.208.24

200 OK

88 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/javascripts/all.js
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type

Size
88 kB (87820 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/javascripts/all.js HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/claims/start
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:42 GMT
ETag: "1660632123.157054-87820-4081197557"
Date: Tue, 16 Apr 2024 17:08:42 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:42 GMT; Secure; HttpOnly; Path=/
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains

notice.redundancy-payments.org.uk/static/public/assets/fonts/light-f591b13f7d-v2.woff

20.39.208.24

200 OK

43 kB

URL GET HTTP/1.1
notice.redundancy-payments.org.uk/static/public/assets/fonts/light-f591b13f7d-v2.woff
IP
20.39.208.24:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://notice.redundancy-payments.org.uk/claims/start
Certificate
IssuerLet's Encrypt
Subjectida-cs-prod.redundancy-payments.org.uk
Fingerprint91:5F:35:CC:B2:22:5C:9F:78:CD:01:D7:39:62:C9:75:09:3C:5B:B2
ValidityThu, 04 Apr 2024 00:48:35 GMT - Wed, 03 Jul 2024 00:48:34 GMT

File type
Web Open Font Format, TrueType, length 43425, version 1.2
Size
43 kB (43425 bytes)
Hash
f591b13f7daad512cf0dfa0ddcb2960e
3ddaa91b2256c7aab9786d3e2b4c97abedc91930
091aa3008e57dfeea899e33243c1d4ea95bab658f1cc2191679193bcbfac0b7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /static/public/assets/fonts/light-f591b13f7d-v2.woff HTTP/1.1
Host: notice.redundancy-payments.org.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://notice.redundancy-payments.org.uk/static/public/stylesheets/inss.css
Cookie: _csrf_token=002ad8781c9fe74b0066748c0baa6a2cd49ab5fafabea768270e067c6fdaa5ea; session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: font/woff
Content-Length: 43425
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 06:42:03 GMT
Cache-Control: public, max-age=43200
Expires: Wed, 17 Apr 2024 05:08:43 GMT
ETag: "1660632123.0770519-43425-2908235705"
Date: Tue, 16 Apr 2024 17:08:43 GMT
Set-Cookie: session=6e01309a-eb83-4398-b0a9-099de69cb15c.QCRHoIFETdXbwEoHHGmNESj5YTQ; Expires=Tue, 16-Apr-2024 17:38:43 GMT; Secure; HttpOnly; Path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP