www.access.service.clientportals.su Open in urlscan Pro
176.123.2.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYd...
Effective URL:
https://www.access.service.clientportals.su/login/signin/creds
Submission: On April 23 via manual (April 23rd 2024, 4:19:28 pm UTC) from IN — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 176.123.2.167, located in Chisinau, Moldova and belongs to ALEXHOST, MD. The main domain is www.access.service.clientportals.su.
TLS certificate: Issued by R3 on March 14th 2024. Valid for: 3 months.

This is the only time www.access.service.clientportals.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.241.186.140 35.241.186.140	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 19	176.123.2.167 176.123.2.167	200019 (ALEXHOST) (ALEXHOST)
14	2

1 35.241.186.140 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 140.186.241.35.bc.googleusercontent.com

xqk17.mjt.lu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 176.123.2.167 (Chisinau, Moldova) 5 redirects

ASN200019 (ALEXHOST, MD)
PTR: mygame

www.clientportals.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.tax.service.clientportals.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.access.service.clientportals.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	clientportals.su 5 redirects www.clientportals.su www.tax.service.clientportals.su www.access.service.clientportals.su	350 KB
1	mjt.lu 1 redirects xqk17.mjt.lu	175 B
14	2

	Domain	Requested by
12	www.access.service.clientportals.su	1 redirects www.clientportals.su www.access.service.clientportals.su
5	www.clientportals.su	2 redirects www.clientportals.su
2	www.tax.service.clientportals.su	2 redirects
1	xqk17.mjt.lu	1 redirects
14	4

This site contains no links.

Subject Issuer	Validity	Valid
www.clientportals.su R3	`2024-03-14` - `2024-06-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.access.service.clientportals.su/login/signin/creds
Frame ID: A79841B168CE28BFA880078F886F2E14
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gH... HTTP 302
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Page URL
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346?Q=3xsHCLU HTTP 302
https://www.tax.service.clientportals.su/account HTTP 303
https://www.tax.service.clientportals.su/bas-gateway/sign-in?continue_url=/account HTTP 303
https://www.access.service.clientportals.su/authorize?client_id=qLpLcsAsJMK7hcJrR9pqsEV34CwhJN&response_type=code&scope=... HTTP 302
https://www.access.service.clientportals.su/login/signin/creds Page URL

Detected technologies

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

govuk-frontend(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

14
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

2
IPs

2
Countries

346 kB
Transfer

338 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYduIjGO3QhWfRw/aHR0cHM6Ly93d3cuY2xpZW50cG9ydGFscy5zdS9jb25maXJtLzIzMDAxMTgyNjYzOTY5MjU3NzQ2NTY5NjQ5Mzk2NTA0MDkzMjM0MzI5ODQzODA1NjAzMzMzODM2OTM0Ng HTTP 302
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Page URL
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346?Q=3xsHCLU HTTP 302
https://www.tax.service.clientportals.su/account HTTP 303
https://www.tax.service.clientportals.su/bas-gateway/sign-in?continue_url=/account HTTP 303
https://www.access.service.clientportals.su/authorize?client_id=qLpLcsAsJMK7hcJrR9pqsEV34CwhJN&response_type=code&scope=openid&redirect_uri=https://www.tax.service.gov.uk/bas-gateway/login&nonce=979224c2-3ce1-49ec-a118-abbb70e0517b&state=7a980f08b32c4064a78c6403c4533bfa&ui_locales=en-GB&max_age=0&custom1=session-a4f61ade-26d7-4121-aff8-15a9ddc5b5d9&acr_values=acr-gg-x HTTP 302
https://www.access.service.clientportals.su/login/signin/creds Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYduIjGO3QhWfRw/aHR0cHM6Ly93d3cuY2xpZW50cG9ydGFscy5zdS9jb25maXJtLzIzMDAxMTgyNjYzOTY5MjU3NzQ2NTY5NjQ5Mzk2NTA0MDkzMjM0MzI5ODQzODA1NjAzMzMzODM2OTM0Ng HTTP 302
https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346

Request Chain 3

https://www.clientportals.su/favicon.ico HTTP 301
https://www.clientportals.su/assets/static/favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	230011826639692577465696493965040932343298438056033338369346 Show response www.clientportals.su/confirm/ Redirect Chain https://xqk17.mjt.lu/lnk/AV8AAD4f4NsAAAAAAAAAAIj3bVsAAAAAGLAAAAAAABaNOgBmJ7mkqfUU0IxSSkOqi--db_gHWQASowQ/1/rpSG6bInYduIjGO3QhWfRw/aHR0cHM6Ly93d3cuY2xpZW50cG9ydGFscy5zdS9jb25maXJtLzIzMDAxMTgyNjYzOTY... https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346	14 KB 14 KB	291ms 190ms	Document text/html	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software / Resource Hash `c7d2437bb561e13876e659f970a7fbf22f9b1c055c3434cd804cc56034021186` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection close Content-Type text/html Transfer-Encoding chunked Redirect headers content-length 120 content-type text/html; charset=utf-8 date Tue, 23 Apr 2024 16:19:23 GMT location https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346
GET H/1.1	404 Not Found	transparent.gif www.clientportals.su/	4 KB 4 KB	411ms 319ms	Image text/html	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Show image Full URL https://www.clientportals.su/transparent.gif Requested by Host: www.clientportals.su URL: https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software nginx / Resource Hash `1c34ec1c1466772c1643b978ba2bf597818f966541103477e82e568dc64df186` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 16:19:23 GMT Via 1.1 varnish Age 28 Transfer-Encoding chunked X-Cache HIT Connection close Alt-Svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 X-Served-By cache-fra-eddf8230100-FRA Server nginx Fastly-Backend-Name origin X-Timer S1713889164.774835,VS0,VE0 Vary Accept-Encoding Content-Type text/html; charset=utf-8 Cache-Control public, max-age=30 Accept-Ranges bytes X-Cache-Hits 2
GET DATA	200 OK	truncated /	586 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico www.clientportals.su/assets/static/ Redirect Chain https://www.clientportals.su/favicon.ico https://www.clientportals.su/assets/static/favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico	14 KB 15 KB	609ms 291ms	Other image/vnd.microsoft.icon	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.clientportals.su/assets/static/favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico Protocol HTTP/1.1 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Date Tue, 23 Apr 2024 16:19:24 GMT Via 1.1 varnish Age 1522508 Transfer-Encoding chunked X-Cache HIT Connection close Alt-Svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 X-Served-By cache-fra-eddf8230100-FRA Last-Modified Mon, 19 Feb 2024 11:44:03 GMT Server nginx Fastly-Backend-Name origin X-Timer S1713889165.802535,VS0,VE0 Etag "a90776c99cc9bf3d9dbe593284d6bbf6" Vary Accept-Encoding Access-Control-Allow-Methods GET, OPTIONS Content-Type image/vnd.microsoft.icon Access-Control-Allow-Origin * Cache-Control max-age=31536000, public, immutable Accept-Ranges bytes Access-Control-Allow-Headers origin, authorization X-Cache-Hits 64 Redirect headers Date Tue, 23 Apr 2024 16:19:24 GMT Via 1.1 router, 1.1 varnish X-Permitted-Cross-Domain-Policies none Age 38906 Transfer-Encoding chunked X-Cache HIT Connection close Alt-Svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 X-Request-Id 68630394-60f0-4daa-aac5-e615bdf0f4c4 X-Served-By cache-fra-eddf8230100-FRA X-Runtime 0.001335 Referrer-Policy strict-origin-when-cross-origin Server nginx Fastly-Backend-Name origin X-Timer S1713889164.201317,VS0,VE0 Content-Type text/html; charset=utf-8 Location https://www.clientportals.su/assets/static/favicon-f54816fc15997bd42cd90e4c50b896a1fc098c0c32957d4e5effbfa9f9b35e53.ico Cache-Control max-age=86400, public Permissions-Policy interest-cohort=(), interest-cohort=() Accept-Ranges bytes X-Cache-Hits 63
GET H/1.1	200 OK	Primary Request creds Show response www.access.service.clientportals.su/login/signin/ Redirect Chain https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346?Q=3xsHCLU https://www.tax.service.clientportals.su/account https://www.tax.service.clientportals.su/bas-gateway/sign-in?continue_url=/account https://www.access.service.clientportals.su/authorize?client_id=qLpLcsAsJMK7hcJrR9pqsEV34CwhJN&response_type=code&scope=openid&redirect_uri=https://www.tax.service.gov.uk/bas-gateway/login&nonce=97... https://www.access.service.clientportals.su/login/signin/creds	14 KB 15 KB	472ms 350ms	Document text/html	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/login/signin/creds Requested by Host: www.clientportals.su URL: https://www.clientportals.su/confirm/230011826639692577465696493965040932343298438056033338369346 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `663273814c345dd984f5f752883ddae20118dbbcb1f46b4894150ffd6dbaa4b6` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://www.clientportals.su/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control no-store Connection close Content-Type text/html; charset=UTF-8 Date Tue, 23 Apr 2024 16:19:26 GMT Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Server istio-envoy Transfer-Encoding chunked Vary Accept-Encoding Via 1.1 f395b3b1f28e353bed930ec878c96af2.cloudfront.net (CloudFront) X-Amz-Cf-Id KQezT512aW4QQz-KaaynrS92lpIJpDUf0s7cCdnRcfD0JFb3JVZUcw== X-Amz-Cf-Pop WAW51-P4 X-Cache Miss from cloudfront X-Envoy-Upstream-Service-Time 11 X-Permitted-Cross-Domain-Policies master-only X-Robots-Tag none Redirect headers Cache-Control no-store Connection close Date Tue, 23 Apr 2024 16:19:26 GMT Location https://www.access.service.clientportals.su/login/signin/creds Pragma no-cache Server istio-envoy Transfer-Encoding chunked Via 1.1 eff30373f0d8693ef685afd11931510e.cloudfront.net (CloudFront) X-Amz-Cf-Id hqkNnVuXWD1OQvCpvKJ0VnbWLZrlmuNM-Pxl6EU5vudR_4Wq0kepWA== X-Amz-Cf-Pop WAW51-P4 X-Cache Miss from cloudfront X-Envoy-Upstream-Service-Time 36
GET H/1.1	200 OK	govuk-frontend.min.css www.access.service.clientportals.su/assets/stylesheets/	113 KB 114 KB	431ms 317ms	Stylesheet text/css	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/stylesheets/govuk-frontend.min.css?v=1.122.0 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `d9082b646ebe7ddad0bdb349a4534d3b963da2db430384e340947a704f2dc38e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 f395b3b1f28e353bed930ec878c96af2.cloudfront.net (CloudFront) Age 21440 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 2 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-1c4f3" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id 0GybqhLVyCvHHEV7qjI16gZKNOmFRFciLRmB5-yVhNPSwLDoW5EuyA==
GET H/1.1	200 OK	scp.css www.access.service.clientportals.su/assets/stylesheets/	5 KB 5 KB	372ms 258ms	Stylesheet text/css	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/stylesheets/scp.css?v=1.122.0 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `5000065402360c8b821397490968e9737c2427fb2bcd2fb7809ba1e5ee7d3ffc` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 f395b3b1f28e353bed930ec878c96af2.cloudfront.net (CloudFront) Age 21440 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 5 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Thu, 18 Apr 2024 07:53:37 GMT Server istio-envoy Etag "6620d181-1257" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id uCkqTarNHUa_dicIBoV7a1PMKIOq9zCPr82244flZeBQKzfwKKwzUg==
GET H/1.1	200 OK	page-start.js Show response www.access.service.clientportals.su/assets/javascripts/	340 B 949 B	432ms 315ms	Script application/javascript	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/javascripts/page-start.js?v=1.122.0 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `6bfe25cb47ad6e29c0b4b0fcfb48e5669f3d47665d132e54d488f193cc3d195b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 9f886054ff6f095f177ce8fc0f0175ee.cloudfront.net (CloudFront) Age 21441 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 3 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Thu, 18 Apr 2024 07:53:14 GMT Server istio-envoy Etag "6620d16a-154" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id nd3WoXku785iMLKqXtQ5UoSWPj7NHBzzp7Aq6xrkHOmshzM9EsfJOQ==
GET H/1.1	200 OK	device-profile.js Show response www.access.service.clientportals.su/assets/javascripts/	51 KB 51 KB	467ms 351ms	Script application/javascript	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/javascripts/device-profile.js Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `119a14686113394431553b5bf022ea0688bd0c34d10009b88e9e520d0365f8c1` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 cba85c100a294e3d2360b9852eb535fc.cloudfront.net (CloudFront) Age 21441 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 3 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Thu, 18 Apr 2024 07:53:14 GMT Server istio-envoy Etag "6620d16a-cb6a" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id fxboOv7nCO45r-TN6gIapC2RQXw1cZa3GRh-3yjNCKgYSkYk01fxzA==
GET H/1.1	200 OK	govuk-frontend.min.js Show response www.access.service.clientportals.su/assets/javascripts/	42 KB 43 KB	477ms 360ms	Script application/javascript	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/javascripts/govuk-frontend.min.js?v=1.122.0 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `29004685859674186f517f08075676aa6511d45eac685cf1f5e1b2383a14375b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Origin https://www.access.service.clientportals.su Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 d8d1b3bd8383f87fb93ff6f6b23c5620.cloudfront.net (CloudFront) Age 21441 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 1 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-a896" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id G5Y1jxnP8s89Mhxe77vQwMDZPn_PW5OuumwYvWCEL7fvnqkRT8KyAQ==
GET H/1.1	200 OK	page-complete.js Show response www.access.service.clientportals.su/assets/javascripts/	12 KB 13 KB	442ms 320ms	Script application/javascript	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/javascripts/page-complete.js?v=1.122.0 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/login/signin/creds Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `15b3d2a08898a732d201b793f4e96009750395caa32f8c185ecc2dec422b78ff` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:08 GMT Via 1.1 a9efd2ba7f7f538e6864c6d2ac364c86.cloudfront.net (CloudFront) Age 21441 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 5 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Thu, 18 Apr 2024 07:53:14 GMT Server istio-envoy Etag "6620d16a-301b" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id uNByJsVn1mJWKu7nDflXpXJz531v23Pj6-Bob6eYPo8fdarnETKDuA==
GET H/1.1	200 OK	govuk-crest.png www.access.service.clientportals.su/assets/images/	4 KB 4 KB	652ms 538ms	Image image/png	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Show image Full URL https://www.access.service.clientportals.su/assets/images/govuk-crest.png Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/assets/stylesheets/govuk-frontend.min.css?v=1.122.0 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/assets/stylesheets/govuk-frontend.min.css?v=1.122.0 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 04:12:36 GMT Via 1.1 eff30373f0d8693ef685afd11931510e.cloudfront.net (CloudFront) Age 43703 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 2 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-e00" Vary Accept-Encoding Content-Type image/png Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id QmY0ROYC2QP_4F4q2cWN6NnWLTrrwfsItaI65xPJ49EvRguXX0iYpA==
GET H/1.1	200 OK	bold-b542beb274-v2.woff2 www.access.service.clientportals.su/assets/fonts/	31 KB 31 KB	354ms 274ms	Font font/woff2	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/fonts/bold-b542beb274-v2.woff2 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/assets/stylesheets/scp.css?v=1.122.0 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/assets/stylesheets/scp.css?v=1.122.0 Origin https://www.access.service.clientportals.su Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 01:34:04 GMT Via 1.1 eff30373f0d8693ef685afd11931510e.cloudfront.net (CloudFront) Age 53123 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 4 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-7af8" Vary Accept-Encoding Content-Type font/woff2 Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id jxW6h5uo-j6xmIO2D0kFrnXwYHIJe1e6IeaPrnOg_KhopH0_eTUB8g==
GET H/1.1	200 OK	light-94a07e06a1-v2.woff2 www.access.service.clientportals.su/assets/fonts/	33 KB 33 KB	360ms 263ms	Font font/woff2	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/fonts/light-94a07e06a1-v2.woff2 Requested by Host: www.access.service.clientportals.su URL: https://www.access.service.clientportals.su/assets/stylesheets/scp.css?v=1.122.0 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/assets/stylesheets/scp.css?v=1.122.0 Origin https://www.access.service.clientportals.su Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 05:39:30 GMT Via 1.1 d46dd2193f1a6fb006e1c1831b3d97a2.cloudfront.net (CloudFront) Age 38397 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 4 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-8266" Vary Accept-Encoding Content-Type font/woff2 Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id _osngXD3MFcHar8xALbgwLpNG7hq7hU2Ggf4sOza9pF0CN89qbuFVA==
GET H/1.1	200 OK	favicon.svg www.access.service.clientportals.su/assets/images/	2 KB 2 KB	388ms 281ms	Other image/svg+xml	176.123.2.167 ALEXHOST
General Check archive.org Show headers Download Go to Full URL https://www.access.service.clientportals.su/assets/images/favicon.svg?v=1.122.0 Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 176.123.2.167 Chisinau, Moldova, ASN200019 (ALEXHOST, MD), Reverse DNS mygame Software istio-envoy / Resource Hash `058fd73a9a1cffd4808be36decee3629e6c15c4b0e6f616ed469c1b6d1d511c5` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://www.access.service.clientportals.su/login/signin/creds Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 23 Apr 2024 10:22:33 GMT Via 1.1 e7829c37bde8b646a09a9e7f4faaa526.cloudfront.net (CloudFront) Age 21441 X-Amz-Cf-Pop WAW51-P4 Transfer-Encoding chunked X-Cache Hit from cloudfront X-Envoy-Upstream-Service-Time 2 Connection close Referrer-Policy strict-origin-when-cross-origin Last-Modified Sat, 26 Oct 1985 08:15:00 GMT Server istio-envoy Etag "1dc09d84-736" Vary Accept-Encoding Content-Type image/svg+xml Cache-Control max-age=86400 Accept-Ranges bytes X-Amz-Cf-Id xxSB3vJ975o_lGJOPH6sJFKHPIacjF-yy961nRSzGsc9qB3LN_6teQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.clientportals.su/	1970-01-20 20:04:52	Name: vHUt Value: 7754c835beb2d449f08056e54da1b1af02c6a1ccf3ad4936fe03470474fccb0b
www.tax.service.clientportals.su/	1970-01-21 05:40:49	Name: mdtpdi Value: mdtpdi#32cdc8c7-421a-472c-8340-f4b72bcd6bbb#1713889165146_IqHRdqL8w/KtJyZiyxF60g==
www.tax.service.clientportals.su/	1969-12-31 23:59:59	Name: mdtp Value: d39DBQdVeQCKuhcFfRgXVPIuZ0IO/CvNJiz7KALlIdbP0YGNyKBIV6m6JwjGgitZ+RxPggcETVXZqXXkeQunfc7FxPcbhY0CrN41mEs3ENk5O6mPfAy0Nm8fVpuxnoUYix2keCQlGUitPBMAPLr1Hh3+DGuQAoYlOSQJGtyfxhEWiJw2i1YhdWHSd22tJXA+
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: wsc Value: 249221b2bdf0d6496d122bcd5f52949e7cc0d74c8cf881345eeb95bc0123513e
www.access.service.clientportals.su/	1970-01-21 05:40:49	Name: basdi Value: basdi#50bdca40-fe51-4b62-8ea6-35af0bf1ba31#1713889166052_bIa9WgcicsmC5cKJb/pRUw==
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: hcc Value: qLpLcsAsJMK7hcJrR9pqsEV34CwhJN
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: lang Value: en-GB
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: apsc Value: eyJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE3MTM4ODkxNjYsImRhdGEiOnsic2Vzc2lvbklkIjoic2Vzc2lvbi1hNGY2MWFkZS0yNmQ3LTQxMjEtYWZmOC0xNWE5ZGRjNWI1ZDkifSwiaWF0IjoxNzEzODg5MTY2fQ.BZyc-_cr8akBy25B7S3o1OVxammyaYbib2SxQlTM3Cg
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: pla Value: 1713889166525:6393592353617643397::2urRifrgOHfYi2EgUDX0wOqPUn8OW0IvE87w7+ltmZHAPTKVNv3aTZCY/XH1prbllSXbRWbMPWyZjJyKvWxWVg==
www.access.service.clientportals.su/	1969-12-31 23:59:59	Name: CSRF-Token Value: cb3c3d462a12c21e981570c7b72379c8312c0d7f-1713889166524-f56516f1eac407193ea6cff1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.clientportals.su/transparent.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.access.service.clientportals.su
www.clientportals.su
www.tax.service.clientportals.su
xqk17.mjt.lu
176.123.2.167
35.241.186.140
058fd73a9a1cffd4808be36decee3629e6c15c4b0e6f616ed469c1b6d1d511c5
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
119a14686113394431553b5bf022ea0688bd0c34d10009b88e9e520d0365f8c1
15b3d2a08898a732d201b793f4e96009750395caa32f8c185ecc2dec422b78ff
1c34ec1c1466772c1643b978ba2bf597818f966541103477e82e568dc64df186
29004685859674186f517f08075676aa6511d45eac685cf1f5e1b2383a14375b
5000065402360c8b821397490968e9737c2427fb2bcd2fb7809ba1e5ee7d3ffc
663273814c345dd984f5f752883ddae20118dbbcb1f46b4894150ffd6dbaa4b6
6bfe25cb47ad6e29c0b4b0fcfb48e5669f3d47665d132e54d488f193cc3d195b
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c7d2437bb561e13876e659f970a7fbf22f9b1c055c3434cd804cc56034021186
d9082b646ebe7ddad0bdb349a4534d3b963da2db430384e340947a704f2dc38e
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

www.access.service.clientportals.su Open in urlscan Pro 176.123.2.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

93 %HTTPS

0 %IPv6

2 Domains

4 Subdomains

2 IPs

2 Countries

346 kBTransfer

338 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

10 Cookies

1 Console Messages

Indicators

www.access.service.clientportals.su Open in urlscan Pro
176.123.2.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

2
IPs

2
Countries

346 kB
Transfer

338 kB
Size

10
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!