Security Scan Report: clientservices-ert.hrblock.com

Redirected to:
https://login.microsoftonline.com/3ec4eda1-a5d1-433d-90da-8dc791283d95...
Submitted: Jan 23, 2026, 9:52:16 AMCompleted: Jan 23, 2026, 9:53:37 AMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 122 HTTP transactions. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://clientservices-ert.hrblock.com

Effective URL: https://login.microsoftonline.com/3ec4eda1-a5d1-433d-90da-8dc791283d95/oauth2/v2.0/authorize?client_id=c8e1eb7b-5ac5-47f9-8735-02f4b1311a02&scope=https%3A%2F%2Fwc-core.hrblock.com%2Fuser_impersonation%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fclientservices-ert.hrblock.com&client-request-id=019bea45-02c7-734c-995a-54b047d73fb0&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.28.1&client_info=1&code_challenge=KYcGiAOGFdGO2vdHyvOcap_sJ15BLefCRW8Tcg_ZNSc&code_challenge_method=S256&nonce=019bea45-02c7-7346-a169-7fb4b338a6d5&state=eyJpZCI6IjAxOWJlYTQ1LTAyYzctNzc0My04ZTdjLTQ3OGU0MzY3MTc0NSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #90,592 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 78%

2
Risk Score

Page hosts a credential‑collecting login form on a well‑known brand subdomain with highly obfuscated JavaScript, indicating a high‑risk phishing attempt.

Risk Factors
Credential collection form on brand domain
High JavaScript obfuscation score
Garbage phishing‑style text in page content
Safety Factors
Domain age 8749 days (well‑established)
No Indicators of Compromise matches
No YARA malware detections
No network IDS alerts
Cross‑origin form appears to be a legitimate Microsoft SSO flow
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 7 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

cryptocurrency blockchain

(77%)

Domain Information

The domain 'clientservices-ert.hrblock.com' uses the commercial generic top-level domain (.com) and includes subdomain 'clientservices-ert'. Its registrable label 'hrblock' stretches across 7 characters holding 1 vowel versus 6 consonants. Tokenizing the label suggests 2 words: hr, block. Median word length is 3.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://clientservices-ert.hrblock.com

Page Load Overview

12.04s
Total Load Time
94
HTTP Requests
10
Domains
541 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:187 chars
Detector Agreement:67%

Website Classification

Primary Category

cryptocurrency blockchain77% confidence
Type: webapp
Method: ml+structural

All Detected Categories

cryptocurrency blockchain
77%
finance banking
27%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1468.220.41.20San Jose, California, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
102.23.246.74Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
1013.107.246.44United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
10144.24.190.49Frankfurt am Main, Hesse, Germany
AS31898ORACLE-BMC-31898
1020.190.160.131UnknownUnknown
1020.190.159.0UnknownUnknown
1052.230.234.174Des Moines, Iowa, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1020.190.160.128UnknownUnknown
1023.207.210.137Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
949--

Detected Technologies5

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T161634BDABEA22D33878645B5B5B57E026B7A1D035C4CCD64F18CC9882FEA30D8237647

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:lC8GLGG+zKyJIrQKV7cOhozTEyqU6MVnvnaloMPbmEmkgDwlwC:Q81LOhXyS2nHC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:71592:UIkAcQ2iCoAxAk4LaMVAZMUFIQdACBAwCwAL9JhWLGkANDaWvBFlRi4AjDgBhIBotiVgbJgUAYCzEWIaRBRAYwCdFtRoo4GK

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0010293327273737
Perceptual Hash:8759587666c8993b
Difference Hash:88e0dae7cfcee6e6
Wavelet Hash:00382b37272f373f
Color Hash:#bf7940

Other Hashes

Crop Resistant:88e0dae7cfcee6e6

Scan History

Scan history not available

Unable to load historical scan data