![](/screenshots/a3e34a7a-0ec5-4e2e-92ad-024280b24a90.png)
lpg-lpgintegration-csl-identity.azurewebsites.net
Open in
urlscan Pro
51.140.84.145
Malicious Activity!
Public Scan
Effective URL: https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Submission: On February 25 via api from US — Scanned from US
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 01 on January 26th 2024. Valid for: 5 months.
This is the only time lpg-lpgintegration-csl-identity.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 8 | 51.140.84.145 51.140.84.145 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 2606:2800:11f... 2606:2800:11f:17a5:191a:18d5:537:22f9 | 15133 (EDGECAST) (EDGECAST) | |
6 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
lpg-lpgintegration-csl-identity.azurewebsites.net | |
integration.learn.civilservice.gov.uk |
ASN15133 (EDGECAST, US)
int-identity-assets.azureedge.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
azurewebsites.net
3 redirects
lpg-lpgintegration-csl-identity.azurewebsites.net |
9 KB |
4 |
azureedge.net
int-identity-assets.azureedge.net |
373 KB |
3 |
civilservice.gov.uk
3 redirects
integration.learn.civilservice.gov.uk |
4 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
5 | lpg-lpgintegration-csl-identity.azurewebsites.net |
3 redirects
lpg-lpgintegration-csl-identity.azurewebsites.net
|
4 | int-identity-assets.azureedge.net |
lpg-lpgintegration-csl-identity.azurewebsites.net
int-identity-assets.azureedge.net |
3 | integration.learn.civilservice.gov.uk | 3 redirects |
6 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
learn.civilservice.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net Microsoft Azure TLS Issuing CA 01 |
2024-01-26 - 2024-06-27 |
5 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2023-05-05 - 2024-04-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login
Frame ID: 014AD2822A57A66096147B540865F7A2
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/a3e34a7a-0ec5-4e2e-92ad-024280b24a90.png)
Page Title
Sign in - Civil Service LearningPage URL History Show full URLs
-
https://lpg-lpgintegration-csl-identity.azurewebsites.net/
HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login HTTP 302
https://integration.learn.civilservice.gov.uk/ HTTP 302
https://integration.learn.civilservice.gov.uk/sign-in HTTP 302
https://integration.learn.civilservice.gov.uk/authenticate HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fintegration.l... HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login Page URL
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Cookies
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Accessibility statement
Search URL Search Domain Scan URL
Title: Open Government Licence
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lpg-lpgintegration-csl-identity.azurewebsites.net/
HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login HTTP 302
https://integration.learn.civilservice.gov.uk/ HTTP 302
https://integration.learn.civilservice.gov.uk/sign-in HTTP 302
https://integration.learn.civilservice.gov.uk/authenticate HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fintegration.learn.civilservice.gov.uk%2Fauthenticate&client_id=9fbd4ae2-2db3-44c8-9544-88e80255b56e HTTP 302
https://lpg-lpgintegration-csl-identity.azurewebsites.net/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
lpg-lpgintegration-csl-identity.azurewebsites.net/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
int-identity-assets.azureedge.net/assets/css/ |
367 KB 367 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gov.uk_logotype_crown_invert_trans.png
lpg-lpgintegration-csl-identity.azurewebsites.net/assets/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown.png
int-identity-assets.azureedge.net/assets/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-government-licence.png
int-identity-assets.azureedge.net/assets/img/ |
761 B 812 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest.png
int-identity-assets.azureedge.net/assets/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 94 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 71 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lpg-lpgintegration-csl-identity.azurewebsites.net/ | Name: SESSION Value: ODlkZTdhY2MtNWU4MS00ZDEzLWE5YWItMGRkODc5YzE3YWI1 |
|
integration.learn.civilservice.gov.uk/ | Name: lpg-ui Value: s%3AkjPpL5yxj7wYYXHS0Yk83OKOOK80cUF0.22ntzJNFTE1P1pyx59KSYpNvfuNUgcuFm0HlDGxoKDc |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 ; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
int-identity-assets.azureedge.net
integration.learn.civilservice.gov.uk
lpg-lpgintegration-csl-identity.azurewebsites.net
2606:2800:11f:17a5:191a:18d5:537:22f9
51.140.84.145
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
70280c5a3aed397ad675ac8e53806c4f280f37d58a5ec75993dfd03dc2289980
b6590fad79a49a8f4f4b7b1a32e6ea66b9f44f221b5a46c45a93e05fb3cc71f4
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e