www.access.service.clientportals.su
Open in
urlscan Pro
176.123.2.167
Malicious Activity!
Public Scan
Effective URL: https://www.access.service.clientportals.su/login/signin/creds
Submission: On April 23 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 14th 2024. Valid for: 3 months.
This is the only time www.access.service.clientportals.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 35.241.186.140 35.241.186.140 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
5 19 | 176.123.2.167 176.123.2.167 | 200019 (ALEXHOST) (ALEXHOST) | |
14 | 2 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.186.241.35.bc.googleusercontent.com
xqk17.mjt.lu |
ASN200019 (ALEXHOST, MD)
PTR: mygame
www.clientportals.su | |
www.tax.service.clientportals.su | |
www.access.service.clientportals.su |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
clientportals.su
5 redirects
www.clientportals.su www.tax.service.clientportals.su www.access.service.clientportals.su |
350 KB |
1 |
mjt.lu
1 redirects
xqk17.mjt.lu |
175 B |
14 | 2 |
Domain | Requested by | |
---|---|---|
12 | www.access.service.clientportals.su |
1 redirects
www.clientportals.su
www.access.service.clientportals.su |
5 | www.clientportals.su |
2 redirects
www.clientportals.su
|
2 | www.tax.service.clientportals.su | 2 redirects |
1 | xqk17.mjt.lu | 1 redirects |
14 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.clientportals.su R3 |
2024-03-14 - 2024-06-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.access.service.clientportals.su/login/signin/creds
Frame ID: A79841B168CE28BFA880078F886F2E14
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gH...
HTTP 302
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Page URL
-
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346?Q=3xsHCLU
HTTP 302
https://www.tax.service.clientportals.su/account HTTP 303
https://www.tax.service.clientportals.su/bas-gateway/sign-in?continue_url=/account HTTP 303
https://www.access.service.clientportals.su/authorize?client_id=qLpLcsAsJMK7hcJrR9pqsEV34CwhJN&response_type=code&scope=... HTTP 302
https://www.access.service.clientportals.su/login/signin/creds Page URL
Detected technologies
GOV.UK Frontend (UI frameworks) ExpandDetected patterns
- govuk-frontend(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYduIjGO3QhWfRw/aHR0cHM6Ly93d3cuY2xpZW50cG9ydGFscy5zdS9jb25maXJtLzIzMDAxMTgyNjYzOTY5MjU3NzQ2NTY5NjQ5Mzk2NTA0MDkzMjM0MzI5ODQzODA1NjAzMzMzODM2OTM0Ng
HTTP 302
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Page URL
-
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346?Q=3xsHCLU
HTTP 302
https://www.tax.service.clientportals.su/account HTTP 303
https://www.tax.service.clientportals.su/bas-gateway/sign-in?continue_url=/account HTTP 303
https://www.access.service.clientportals.su/authorize?client_id=qLpLcsAsJMK7hcJrR9pqsEV34CwhJN&response_type=code&scope=openid&redirect_uri=https://www.tax.service.gov.uk/bas-gateway/login&nonce=979224c2-3ce1-49ec-a118-abbb70e0517b&state=7a980f08b32c4064a78c6403c4533bfa&ui_locales=en-GB&max_age=0&custom1=session-a4f61ade-26d7-4121-aff8-15a9ddc5b5d9&acr_values=acr-gg-x HTTP 302
https://www.access.service.clientportals.su/login/signin/creds Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYduIjGO3QhWfRw/aHR0cHM6Ly93d3cuY2xpZW50cG9ydGFscy5zdS9jb25maXJtLzIzMDAxMTgyNjYzOTY5MjU3NzQ2NTY5NjQ5Mzk2NTA0MDkzMjM0MzI5ODQzODA1NjAzMzMzODM2OTM0Ng HTTP 302
- https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346
- https://www.clientportals.su/favicon.ico HTTP 301
- https://www.clientportals.su/assets/static/favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
230011826639692577465696493965040932343298438056033338369346
www.clientportals.su/confirm/ Redirect Chain
|
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
transparent.gif
www.clientportals.su/ |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
586 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico
www.clientportals.su/assets/static/ Redirect Chain
|
14 KB 15 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
creds
www.access.service.clientportals.su/login/signin/ Redirect Chain
|
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-frontend.min.css
www.access.service.clientportals.su/assets/stylesheets/ |
113 KB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scp.css
www.access.service.clientportals.su/assets/stylesheets/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-start.js
www.access.service.clientportals.su/assets/javascripts/ |
340 B 949 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
device-profile.js
www.access.service.clientportals.su/assets/javascripts/ |
51 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-frontend.min.js
www.access.service.clientportals.su/assets/javascripts/ |
42 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-complete.js
www.access.service.clientportals.su/assets/javascripts/ |
12 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.png
www.access.service.clientportals.su/assets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-b542beb274-v2.woff2
www.access.service.clientportals.su/assets/fonts/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-94a07e06a1-v2.woff2
www.access.service.clientportals.su/assets/fonts/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.svg
www.access.service.clientportals.su/assets/images/ |
2 KB 2 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.clientportals.su/ | Name: vHUt Value: 7754c835beb2d449f08056e54da1b1af02c6a1ccf3ad4936fe03470474fccb0b |
|
www.tax.service.clientportals.su/ | Name: mdtpdi Value: mdtpdi#32cdc8c7-421a-472c-8340-f4b72bcd6bbb#1713889165146_IqHRdqL8w/KtJyZiyxF60g== |
|
www.tax.service.clientportals.su/ | Name: mdtp Value: d39DBQdVeQCKuhcFfRgXVPIuZ0IO/CvNJiz7KALlIdbP0YGNyKBIV6m6JwjGgitZ+RxPggcETVXZqXXkeQunfc7FxPcbhY0CrN41mEs3ENk5O6mPfAy0Nm8fVpuxnoUYix2keCQlGUitPBMAPLr1Hh3+DGuQAoYlOSQJGtyfxhEWiJw2i1YhdWHSd22tJXA+ |
|
www.access.service.clientportals.su/ | Name: wsc Value: 249221b2bdf0d6496d122bcd5f52949e7cc0d74c8cf881345eeb95bc0123513e |
|
www.access.service.clientportals.su/ | Name: basdi Value: basdi#50bdca40-fe51-4b62-8ea6-35af0bf1ba31#1713889166052_bIa9WgcicsmC5cKJb/pRUw== |
|
www.access.service.clientportals.su/ | Name: hcc Value: qLpLcsAsJMK7hcJrR9pqsEV34CwhJN |
|
www.access.service.clientportals.su/ | Name: lang Value: en-GB |
|
www.access.service.clientportals.su/ | Name: apsc Value: eyJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3MTM4ODkxNjYsImRhdGEiOnsic2Vzc2lvbklkIjoic2Vzc2lvbi1hNGY2MWFkZS0yNmQ3LTQxMjEtYWZmOC0xNWE5ZGRjNWI1ZDkifSwiaWF0IjoxNzEzODg5MTY2fQ.BZyc-_cr8akBy25B7S3o1OVxammyaYbib2SxQlTM3Cg |
|
www.access.service.clientportals.su/ | Name: pla Value: 1713889166525:6393592353617643397::2urRifrgOHfYi2EgUDX0wOqPUn8OW0IvE87w7+ltmZHAPTKVNv3aTZCY/XH1prbllSXbRWbMPWyZjJyKvWxWVg== |
|
www.access.service.clientportals.su/ | Name: CSRF-Token Value: cb3c3d462a12c21e981570c7b72379c8312c0d7f-1713889166524-f56516f1eac407193ea6cff1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.access.service.clientportals.su
www.clientportals.su
www.tax.service.clientportals.su
xqk17.mjt.lu
176.123.2.167
35.241.186.140
058fd73a9a1cffd4808be36decee3629e6c15c4b0e6f616ed469c1b6d1d511c5
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
119a14686113394431553b5bf022ea0688bd0c34d10009b88e9e520d0365f8c1
15b3d2a08898a732d201b793f4e96009750395caa32f8c185ecc2dec422b78ff
1c34ec1c1466772c1643b978ba2bf597818f966541103477e82e568dc64df186
29004685859674186f517f08075676aa6511d45eac685cf1f5e1b2383a14375b
5000065402360c8b821397490968e9737c2427fb2bcd2fb7809ba1e5ee7d3ffc
663273814c345dd984f5f752883ddae20118dbbcb1f46b4894150ffd6dbaa4b6
6bfe25cb47ad6e29c0b4b0fcfb48e5669f3d47665d132e54d488f193cc3d195b
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c7d2437bb561e13876e659f970a7fbf22f9b1c055c3434cd804cc56034021186
d9082b646ebe7ddad0bdb349a4534d3b963da2db430384e340947a704f2dc38e
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa