ScanMalware.com

Security Scan Report: clientservices-ert.hrblock.com

Redirected to: https://login.microsoftonline.com/3ec4eda1-a5d1-433d-90da-8dc791283d95/oauth2/v2.0/authorize?client_id=c8e1eb7b-5ac5-47f9-8735-02f4b1311a02&scope=https%3A%2F%2Fwc-core.hrblock.com%2Fuser_impersonation%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fclientservices-ert.hrblock.com&client-request-id=019bea45-02c7-734c-995a-54b047d73fb0&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.28.1&client_info=1&code_challenge=KYcGiAOGFdGO2vdHyvOcap_sJ15BLefCRW8Tcg_ZNSc&code_challenge_method=S256&nonce=019bea45-02c7-7346-a169-7fb4b338a6d5&state=eyJpZCI6IjAxOWJlYTQ1LTAyYzctNzc0My04ZTdjLTQ3OGU0MzY3MTc0NSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=true

Submitted: Jan 23, 2026, 9:52:16 AMCompleted: Jan 23, 2026, 9:53:37 AMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 122 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://clientservices-ert.hrblock.com

Effective URL: https://login.microsoftonline.com/3ec4eda1-a5d1-433d-90da-8dc791283d95/oauth2/v2.0/authorize?client_id=c8e1eb7b-5ac5-47f9-8735-02f4b1311a02&scope=https%3A%2F%2Fwc-core.hrblock.com%2Fuser_impersonation%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fclientservices-ert.hrblock.com&client-request-id=019bea45-02c7-734c-995a-54b047d73fb0&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.28.1&client_info=1&code_challenge=KYcGiAOGFdGO2vdHyvOcap_sJ15BLefCRW8Tcg_ZNSc&code_challenge_method=S256&nonce=019bea45-02c7-7346-a169-7fb4b338a6d5&state=eyJpZCI6IjAxOWJlYTQ1LTAyYzctNzc0My04ZTdjLTQ3OGU0MzY3MTc0NSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #90,592 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Phishing page impersonating H&R Block login; do not enter credentials.

Risk Factors
Credential harvesting login form
Brand impersonation on deceptive subdomain
Obfuscated/garbled phishing text
Redirect to unrelated Microsoft login page
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

cryptocurrency blockchain

(77%)

Domain Information

The domain 'clientservices-ert.hrblock.com' uses the commercial generic top-level domain (.com) and includes subdomain 'clientservices-ert'. Its registrable label 'hrblock' stretches across 7 characters holding 1 vowel versus 6 consonants. Tokenizing the label suggests 2 words: hr, block. Median word length is 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://clientservices-ert.hrblock.com

Page Load Overview

12.04s
Total Load Time
94
HTTP Requests
10
Domains
541 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:187 chars
Detector Agreement:67%

Website Classification

Primary Category

cryptocurrency blockchain77% confidence
Type: webapp
Method: ml+structural

All Detected Categories

cryptocurrency blockchain
77%
finance banking
27%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1468.220.41.20San Jose, California, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
102.23.246.74Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
1013.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
10144.24.190.49Frankfurt am Main, Hesse, Germany
AS31898ORACLE-BMC-31898
1020.190.160.131UnknownUnknown
1020.190.159.0UnknownUnknown
1052.230.234.174Des Moines, Iowa, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1020.190.160.128UnknownUnknown
1023.207.210.137Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
949--

Detected Technologies5

X-UA-Compatible
100%
PasswordField
100%
Meta-Refresh-Redirect
100%
HSTS
40%
Ghost
15%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T161634BDABEA22D33878645B5B5B57E026B7A1D035C4CCD64F18CC9882FEA30D8237647

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lC8GLGG+zKyJIrQKV7cOhozTEyqU6MVnvnaloMPbmEmkgDwlwC:Q81LOhXyS2nHC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:71592:UIkAcQ2iCoAxAk4LaMVAZMUFIQdACBAwCwAL9JhWLGkANDaWvBFlRi4AjDgBhIBotiVgbJgUAYCzEWIaRBRAYwCdFtRoo4GK

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010293327273737
Perceptual Hash:8759587666c8993b
Difference Hash:88e0dae7cfcee6e6
Wavelet Hash:00382b37272f373f
Color Hash:#bf7940

Other Hashes

Crop Resistant:88e0dae7cfcee6e6

Scan History

Scan history not available

Unable to load historical scan data