claim.redundancy-payments.org.uk
Open in
urlscan Pro
104.26.10.56
Malicious Activity!
Public Scan
Effective URL: https://claim.redundancy-payments.org.uk/claims/start
Submission Tags: falconsandbox
Submission: On January 24 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 18th 2021. Valid for: a year.
This is the only time claim.redundancy-payments.org.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 19 | 104.26.10.56 104.26.10.56 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
redundancy-payments.org.uk
2 redirects
claim.redundancy-payments.org.uk |
264 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
19 | claim.redundancy-payments.org.uk |
2 redirects
claim.redundancy-payments.org.uk
|
17 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.smartsurvey.co.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-18 - 2022-06-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://claim.redundancy-payments.org.uk/claims/start
Frame ID: 1A0DE2CB43ED2919D243D11E56256417
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
GOV.UK - The best place to find government services and informationPage URL History Show full URLs
-
http://claim.redundancy-payments.org.uk/
HTTP 301
https://claim.redundancy-payments.org.uk/ HTTP 302
https://claim.redundancy-payments.org.uk/claims/start Page URL
Detected technologies
GOV.UK Template (UI frameworks) ExpandDetected patterns
- <link[^>]+govuk-template[^>"]+css
- <link[^>]+govuk-template-print[^>"]+css
- <link[^>]+govuk-template-ie6[^>"]+css
- <link[^>]+govuk-template-ie7[^>"]+css
- <link[^>]+govuk-template-ie8[^>"]+css
- govuk-template\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: GOV.UK
Search URL Search Domain Scan URL
Title: feedback
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: The Insolvency Service
Search URL Search Domain Scan URL
Title: Open Government Licence
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://claim.redundancy-payments.org.uk/
HTTP 301
https://claim.redundancy-payments.org.uk/ HTTP 302
https://claim.redundancy-payments.org.uk/claims/start Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
start
claim.redundancy-payments.org.uk/claims/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.css
claim.redundancy-payments.org.uk/static/public/stylesheets/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
claim.redundancy-payments.org.uk/static/public/stylesheets/ |
267 KB 198 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inss.css
claim.redundancy-payments.org.uk/static/public/stylesheets/ |
46 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown.png
claim.redundancy-payments.org.uk/static/public/images/ |
780 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
claim.redundancy-payments.org.uk/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.js
claim.redundancy-payments.org.uk/static/public/javascripts/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
claim.redundancy-payments.org.uk/static/public//javascripts/vendor/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.js
claim.redundancy-payments.org.uk/static/public//javascripts/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bind.js
claim.redundancy-payments.org.uk/static/public//javascripts/vendor/ |
1 KB 920 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
selection-buttons.js
claim.redundancy-payments.org.uk/static/public//javascripts/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.js
claim.redundancy-payments.org.uk/static/public//javascripts/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
details.polyfill.js
claim.redundancy-payments.org.uk/static/public//javascripts/vendor/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template-print.css
claim.redundancy-payments.org.uk/static/public/stylesheets/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-pointer.png
claim.redundancy-payments.org.uk/static/public/images/icons/ |
207 B 531 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-government-licence.png
claim.redundancy-payments.org.uk/static/public/stylesheets/images/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest.png
claim.redundancy-payments.org.uk/static/public/stylesheets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 71 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 94 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| GOVUK function| $ function| jQuery function| ShowHideContent3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
claim.redundancy-payments.org.uk/ | Name: _csrf_token Value: c1d6fae348e458b89db020ca8368851f4fb4bfa1481bcd6999ed40bc14b3d2b7 |
|
claim.redundancy-payments.org.uk/ | Name: session Value: 1eecd231-cf0b-4b0c-8629-2fdbab3c4a3c.SqiaLcBKX8NV1DjsPBB7R0FhhVM |
|
claim.redundancy-payments.org.uk/ | Name: seen_cookie_message Value: yes |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
claim.redundancy-payments.org.uk
104.26.10.56
00fad4595b509345b831de4ce0b1817ed289c2260e6ef5e1e6c04c5838b62e59
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
181527c20a7f69dd313eb305ef3b9002a3d6dba6d2f97d3e6b8a11e45595efb3
23b3d0ab608a970f426da950c9532c2472ca0114c540ed4d9eaf936d4c5b18d2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26f6e863e98bfadaee6a5c5e734e9c2424a950ecd578a27b6b5f258faa289c4e
298670bd147f2c023e76026ca559ffdee4ed8fee93b2a7260bfa164252662073
56a2e37d46bfc2a9250a9245e2c1762b36e56e91f2bc8b088061206174496b25
645d1dac4ded7a9af547d78d716c804c9691501aed9e280e595e6371d512462d
6813a04aa7ebe09726eda5fdd9c4abf1c5f151335adf0ad90474a5fe316e87ed
83344cdd089ed1ab287e63019e5703e61ce48f3698479f92838709491c58b6a4
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
e55ee6755f2aa00311e2dc87885a4f681d10f25a78c3b2ccbd61929c113cb3c9
e5b47e034536de4f7cb71435f287b8326ea1827a19b8c01507f712503338bd90
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d