urlscan.io logo urlscan.io
SecurityTrails logo

lpg-lpgintegration-csl-identity.azurewebsites.net Open in urlscan Pro
51.140.84.145  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lpg-lpgintegration-csl-identity.azurewebsites.net/
Effective URL: https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Submission: On February 25 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 51.140.84.145, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is lpg-lpgintegration-csl-identity.azurewebsites.net.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 01 on January 26th 2024. Valid for: 5 months.
This is the only time lpg-lpgintegration-csl-identity.azurewebsites.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

IP Address AS Autonomous System
6 8 51.140.84.145 8075 (MICROSOFT...)
4 2606:2800:11f... 15133 (EDGECAST)
6 3
Domain Requested by
5 lpg-lpgintegration-csl-identity.azurewebsites.net 3 redirects lpg-lpgintegration-csl-identity.azurewebsites.net
4 int-identity-assets.azureedge.net lpg-lpgintegration-csl-identity.azurewebsites.net
int-identity-assets.azureedge.net
3 integration.learn.civilservice.gov.uk 3 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
learn.civilservice.gov.uk
www.nationalarchives.gov.uk
Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft Azure TLS Issuing CA 01		 2024-01-26 -
2024-06-27		 5 months crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2023-05-05 -
2024-04-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Frame ID: 014AD2822A57A66096147B540865F7A2
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in - Civil Service Learning

Page URL History Show full URLs

  1. https://lpg-lpgintegration-csl-identity.azurewebsites.net/ HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/login HTTP 302
    https://integration.learn.civilservice.gov.uk/ HTTP 302
    https://integration.learn.civilservice.gov.uk/sign-in HTTP 302
    https://integration.learn.civilservice.gov.uk/authenticate HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fintegration.l... HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/login Page URL

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

544 kB
Transfer

543 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lpg-lpgintegration-csl-identity.azurewebsites.net/ HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/login HTTP 302
    https://integration.learn.civilservice.gov.uk/ HTTP 302
    https://integration.learn.civilservice.gov.uk/sign-in HTTP 302
    https://integration.learn.civilservice.gov.uk/authenticate HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fintegration.learn.civilservice.gov.uk%2Fauthenticate&client_id=9fbd4ae2-2db3-44c8-9544-88e80255b56e HTTP 302
    https://lpg-lpgintegration-csl-identity.azurewebsites.net/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
lpg-lpgintegration-csl-identity.azurewebsites.net/
Redirect Chain
  • https://lpg-lpgintegration-csl-identity.azurewebsites.net/
  • https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
  • https://integration.learn.civilservice.gov.uk/
  • https://integration.learn.civilservice.gov.uk/sign-in
  • https://integration.learn.civilservice.gov.uk/authenticate
  • https://lpg-lpgintegration-csl-identity.azurewebsites.net/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fintegration.learn.civilservice.gov.uk%2Fauthenticate&client_id=9fbd4ae2-2db3...
  • https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.140.84.145 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
70280c5a3aed397ad675ac8e53806c4f280f37d58a5ec75993dfd03dc2289980
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Content-Language
en-US
Content-Type
text/html;charset=UTF-8
Date
Sun, 25 Feb 2024 14:00:44 GMT
Expires
0
Pragma
no-cache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
0

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Content-Length
0
Date
Sun, 25 Feb 2024 14:00:44 GMT
Expires
0
Location
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Pragma
no-cache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
0
main.css
int-identity-assets.azureedge.net/assets/css/ 		367 KB
367 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://int-identity-assets.azureedge.net/assets/css/main.css
Requested by
Host: lpg-lpgintegration-csl-identity.azurewebsites.net
URL: https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/79D1) /
Resource Hash
b6590fad79a49a8f4f4b7b1a32e6ea66b9f44f221b5a46c45a93e05fb3cc71f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://lpg-lpgintegration-csl-identity.azurewebsites.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Sun, 25 Feb 2024 14:00:46 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Feb 2024 08:48:49 GMT
server
ECAcc (nya/79D1)
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
content-length
375305
x-xss-protection
1; mode=block
request-context
appId=80a08ef3-e77a-4366-8be1-9eb04d85d5df
gov.uk_logotype_crown_invert_trans.png
lpg-lpgintegration-csl-identity.azurewebsites.net/assets/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpg-lpgintegration-csl-identity.azurewebsites.net/assets/img/gov.uk_logotype_crown_invert_trans.png
Requested by
Host: lpg-lpgintegration-csl-identity.azurewebsites.net
URL: https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.140.84.145 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 25 Feb 2024 14:00:45 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 22 Feb 2024 13:45:58 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges
bytes
Content-Length
1049
X-XSS-Protection
0
Expires
0
gov.uk_logotype_crown.png
int-identity-assets.azureedge.net/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://int-identity-assets.azureedge.net/assets/img/gov.uk_logotype_crown.png
Requested by
Host: int-identity-assets.azureedge.net
URL: https://int-identity-assets.azureedge.net/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/788A) /
Resource Hash
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://int-identity-assets.azureedge.net/assets/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Sun, 25 Feb 2024 14:00:47 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Feb 2024 08:48:49 GMT
server
ECAcc (nya/788A)
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
content-length
1415
x-xss-protection
1; mode=block
request-context
appId=80a08ef3-e77a-4366-8be1-9eb04d85d5df
open-government-licence.png
int-identity-assets.azureedge.net/assets/img/ 		761 B
812 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://int-identity-assets.azureedge.net/assets/img/open-government-licence.png
Requested by
Host: int-identity-assets.azureedge.net
URL: https://int-identity-assets.azureedge.net/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/1C74) /
Resource Hash
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://int-identity-assets.azureedge.net/assets/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Sun, 25 Feb 2024 14:00:47 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Feb 2024 08:48:49 GMT
server
ECAcc (nya/1C74)
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
content-length
761
x-xss-protection
1; mode=block
request-context
appId=80a08ef3-e77a-4366-8be1-9eb04d85d5df
govuk-crest.png
int-identity-assets.azureedge.net/assets/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://int-identity-assets.azureedge.net/assets/img/govuk-crest.png
Requested by
Host: int-identity-assets.azureedge.net
URL: https://int-identity-assets.azureedge.net/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:11f:17a5:191a:18d5:537:22f9 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nya/7888) /
Resource Hash
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://int-identity-assets.azureedge.net/assets/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Sun, 25 Feb 2024 14:00:47 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Feb 2024 08:48:49 GMT
server
ECAcc (nya/7888)
x-frame-options
DENY
content-type
image/png
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
content-length
3584
x-xss-protection
1; mode=block
request-context
appId=80a08ef3-e77a-4366-8be1-9eb04d85d5df
truncated
/ 		94 KB
94 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30

Request headers

Referer
Origin
https://lpg-lpgintegration-csl-identity.azurewebsites.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		71 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba

Request headers

Referer
Origin
https://lpg-lpgintegration-csl-identity.azurewebsites.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
lpg-lpgintegration-csl-identity.azurewebsites.net/ Name: SESSION
Value: ODlkZTdhY2MtNWU4MS00ZDEzLWE5YWItMGRkODc5YzE3YWI1
integration.learn.civilservice.gov.uk/ Name: lpg-ui
Value: s%3AkjPpL5yxj7wYYXHS0Yk83OKOOK80cUF0.22ntzJNFTE1P1pyx59KSYpNvfuNUgcuFm0HlDGxoKDc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0