indexo.dev

ipayimpact.co.uk

.uk crawl

First seen 2026-04-19 · Last seen 2026-05-14 · ok HTTP/1.1 200 2986 ms crawled 2026-05-13

GB · 20.49.249.118 · AS8075 Microsoft Corporation

Reputation 92/100 no dmarc policy

sector tech type blog

HTML metadata

Title
Welcome to iPayimpact
Language
en

Technology

CMS
Ghost

Third-party hosts loaded (4)

  • ajax.aspnetcdn.com×2
  • ajax.googleapis.com×2
  • cdnjs.cloudflare.com×2
  • maxcdn.bootstrapcdn.com×1

Registration

Registrar
Team Blue Internet Services UK Limited t/a Team Blue Internet Services Limited t/a names.co.uk
Created
2012-05-18
Expires
2028-05-18 729 days left
Updated
2024-05-18
Name servers
  • ns0.phase8.net.
  • ns1.phase8.net.
  • ns2.phase8.net.

DNS records live

NS
  • ns0.phase8.net
  • ns1.phase8.net
  • ns2.phase8.net
MX
  • 30 fwd0.hosts.co.uk
  • 30 fwd1.hosts.co.uk
  • 30 fwd2.hosts.co.uk
TXT
Show 4 TXT records
  • 3869967CDBE6E311C7BB8931936ED8FE986C6DF7545C42401B4A8A692BCE4AF8
  • _zp8yspqvpz9hh2nft47dij5gl98i1gw
  • _yeb0ztr8owha4s0eo3fwkbvpylc7apm
  • 9nmx1g87smr468pjl5dspb4q4w05r71w

Email authentication weak

SPF
v=spf1 a mx include:spf.mail.hosting-platform.com -all
strict (-all)
DMARC
not published
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nIbzrTsCP+M0J36i9BHg20LrMDn25QFdD16rbO0ZXtfVmzxm5ZwVVmMxdXYCPuL0ZUqzoQfOUq0mlgsTk…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgK/pjxqPDPxHqUeetkyRrUePfuzeGGUwP12jQPcuWGTXS/SjLz8D4JJZrhANIsBgUaFmCdbi6xy5p8x2Sx8LuBb…
selectors probed

Certificate (current)

DigiCert EV RSA CA G2
from 2025-06-17 to 2026-06-17
Expires in 28 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.ipayimpact.co.uk/IPI/Account/LogOn

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src https: wss: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://cdn.checkout.com https://ajax.googleapis.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://js.stripe.com *.dnapayments.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com https://www.googletagmanager.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.braintreegateway.com; connect-src 'self' https://www.google.com https://google.com https://pay.google.com https://js.checkout.com https://api.stripe.com wss://ipay-prod.service.signalr.net https://ipay-prod.service.signalr.net *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analy
strict-transport-security
max-age=31536000; includeSubDomains

Links to (2)

Linked from (3)