Report - liveflo.qxlva.io/home/signin/

Report Overview

Submitted URL
liveflo.qxlva.io/home/signin/
IP
172.64.148.197
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 03:49:40
Access
public
Website Title
- Apply for a tree felling licence
Final URL
liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
liveflo.qxlva.io	unknown	2019-12-24	2023-07-27	2024-04-18	8.5 kB	289 kB	104.18.39.59
liveflo.b2clogin.com	unknown	unknown	No data	No data	13 kB	71 kB	20.190.177.147
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-23	449 B	4.8 kB	151.101.65.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	liveflo.qxlva.io/home/signin/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js	11 kB	2024-03-23	2024-04-24
Pretty URL cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:47 Times Seen6 Hash f08851c17deb20a2664ed852ba749c21 681b6700f1230eeebaa5f913f46d8477086ccec5 f56700d1f4addde549b8c8328ad1a6b912bf73ce9b65ecef2dc01c54c596e36b Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	3.1 kB	2024-04-24	2024-04-24
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.147 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:49:46 Last Seen2024-04-24 05:49:46 Times Seen1 Hash 693c980eff5a331c9bf15fc3591f61a4 8d36bca1e460d423c0d59b8a6bf0df8cb6760492 76e4f22b816d0bbd8ac7163d029168e425ca93cb3c97cd009c2beabd10808932 Loading...

	unknown	1.5 kB	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 7015b235183a676b9c71c9e01c07338d 0a6b16df43c50cd176e14e5154a208f0ad475b14 d327eab3491b1d7c58fad93f3d52181be3e1f7839859228985f84deebf6507e2 Loading...

	unknown	9 B	2023-03-07	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-06 05:37:45 Times Seen16306 Hash 5e543256c480ac577d30f76f9120eb74 d5d4cd07616a542891b7ec2d0257b3a24b69856e eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	186 B	2024-04-24	2024-04-24
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.147 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:49:24 Last Seen2024-04-24 05:49:46 Times Seen2 Hash c4847bcc2b9ffdb27024e66554827896 feaa87950b23440a4a9d144653096d2917703aed 85d78caded2fc2f45fade446e66c2147d7c83146f686b1f930e694c2cc160dee Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	161 kB	2023-04-11	2024-05-01
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.147 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 18:05:12 Last Seen2024-05-01 08:44:42 Times Seen15 Hash b0678285be79ec7730021bc3079c7328 a52aa331c415e25fa3f9e58f59eabc3f354d056f b49c513fff542744651d538fbbbd3dc50ed1d1aa9aa53dbcd7dea402d03856ba Loading...

	unknown	133 B	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 9fcbd747ce03933f14abc88f9a3f1657 405e942df06ccdc7d9b7e7e1479ef55027545bc6 0ad41278ea89c953c7dc5e5647010821a5d91f153cb12c5373d5fa813254055f Loading...

	unknown	247 B	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:46 Last Seen2024-04-24 05:49:46 Times Seen1 Hash 0567f26a28a0cb08edbbd3d6ad23411d 87c321ac329c0455b836949267e19caa8a54bc84 8650b74b3721d68da20d171f3a450bd78ce7f5caaf9539fe05a200c34af76244 Loading...

	liveflo.qxlva.io/js/site.js	1.9 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/site.js IP 172.64.148.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 180a6a46cf2f9faaca597e260763a538 12a005c5ea119385c8f97ce1e9b29aafed496396 b8662f55dcef6424fff34a26c51744a573d65f032a4b62a27aa487a1f91560c6 Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	157 B	2023-03-10	2024-05-03
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.147 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:38:16 Last Seen2024-05-03 23:39:30 Times Seen86 Hash 962b28e9f8133cc633b34f157319a734 b1e076e2501f602eacd091354c44dfd9df7eaa33 323f8b86e5da480dd2f2ea9b757ce8d6fbe9601b80a8ea2f191c43aca3495919 Loading...

	unknown	15 kB	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:24 Last Seen2024-04-24 05:49:46 Times Seen2 Hash 54a72945797f34d514acc87ef97b5fcf e2592e690605d092fadfbaad5fb54277de7db1a4 234ead89c062937876bf80cab4ab4b49b2a8b6eac2b8a8585d55ca2d0171fdbf Loading...

	unknown	1.1 kB	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:46 Last Seen2024-04-24 05:49:46 Times Seen1 Hash 445732dddbc472eabfcd601d62d1d6ae 2464599c09b5058484cd05c3197db7efa525f805 0cc24e440b924d4217dd0f3be7885283bef846ef5f04585bfdf4e86665340d1b Loading...

	liveflo.qxlva.io/js/moj-frontend.min.js	31 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/moj-frontend.min.js IP 172.64.148.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen4 Hash e6e51f8fb81b0362bb78ff4da1d175c7 1aec630ce50d1f96d45a2e113dc8b9dfc870c002 093ca0401e75e6572bec9e035c3bd02babe5b2848d700da42bf0598d5b06cb8a Loading...

	liveflo.qxlva.io/lib/jquery/dist/jquery.min.js	90 kB	2023-03-07	2024-05-06
Pretty URL liveflo.qxlva.io/lib/jquery/dist/jquery.min.js IP 172.64.148.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 08:09:27 Times Seen141668 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	204 B	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 626f7e620781fc2dbc42221574a973bd 3a41a91ea8df24feb8169be4d72a0748003f2cf9 97fb64bad75f3be69db853006fe9ac3cc86955d35c7d468355ef63d4bfbe9596 Loading...

	liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js	39 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js IP 172.64.148.197 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:47 Times Seen6 Hash a625c8222f9fac4ca8b579c17a1411dd 4a6f58702dc50a7238814b162b4e9ad69e294a20 85ca59ddf7b2f1b42772ffd59947d82c727ddcbd9d0d7c10388902ae08a9843c Loading...

HTTP Transactions (21)

URL IP Response Size

liveflo.qxlva.io/home/signin/

104.18.39.59

302 Found

0 B

URL User Request GET HTTP/2
liveflo.qxlva.io/home/signin/
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /home/signin/ HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 24 Apr 2024 03:49:14 GMT
content-length: 0
location: https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
cf-cache-status: DYNAMIC
set-cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8CdLu1jFNypLthy6difoZ0HksX401yFO74j-OHs3Eb05uAxB0dWof3DJInY2dS7PfEtNxMrr1U3mI9p1RPBhqfV4QciiGqpbidzlXJCSicKF_4V_LD0DGz4LKO6PEUZEzmhwPu0x9_f4kVETzA-HRXEXEMFXtiJBCZKAQI_e06YX8oFtdVMhUFNCS8SLQ1zbC32DH5VZS5iRc6cVog8s2p2cCYdmuGZndwxeP4Cyh1Re_lqVGEeaaIWSWRv4p32wjo9m8knzCIT3J3_ln2UCvGI=N; expires=Wed, 24 Apr 2024 04:04:14 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.HwyrCc3d3LCwQkMhMZCBgxej6JnV_FAdp2dM3XYmVpk=N; expires=Wed, 24 Apr 2024 04:04:14 GMT; path=/signin-oidc; secure; samesite=none; httponly
__cf_bm=Jp0e0_zXkFCjb0iLvpaiu3HROm2zDs.CiPSsC9QiOOU-1713930554-1.0.1.1-1pwoeNhW5E2iEO3llHFKzQZmgZQNxA8XctcqMgv_VDlVslPJ3v0g_Rc9B5Ru3U06TzUpLI.ndF1qUlEu4FTruA; path=/; expires=Wed, 24-Apr-24 04:19:14 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931f4c5ba4b4fa-OSL
X-Firefox-Spdy: h2

liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0

20.190.177.147

200 OK

66 kB

URL User Request GET HTTP/1.1
liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
IP
20.190.177.147:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (61642), with CRLF, LF line terminators
Size
66 kB (66347 bytes)
Hash
d84a1683657d677c734015ed88e6b474
78d252893471b34a5709e80f6e2c01e2be3a1156
f63950f9203e40302a50ee20e8b54a069ffb954ccdacb84202cd5afde9b4a2ee

HTTP Headers

GET /liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
x-ms-gateway-requestid: 94a99c9d-02c2-43d7-9e17-b1638c8ce6f7
X-UA-Compatible: IE=edge
X-Request-ID: 0dd23951-1f47-4e98-b25f-aea0a983f904
X-Build: 1.1.128.0
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.T0PLRCWpkNIi+ZHk.onXOmbgrfxkrzz0hxdO5dQ==.0.2kNi+qdGYTFVcner+FRpxWlycZIzqv2yiZMi8HhQtDvJG+bKfXL/1buWV1H9jUNBUiB+GRH895R4nFhxj3JHq5SzoaSpQE+hfbfCfzWOI88ZeU9VhTuxniKjPrqxU7yl1P53LVKIXW5lnn/w+w1sZRWiU3s6926QjxXorK7sU+teWZJGLk+C9GZ+3212zrglBph8l0jZhEHu/DL1Wj0fHRw8h2nXtSJKfzaqX/kJNM6YkpSQMDS0fGCGHthVP5urBxzMByJgP6PyU79yjQsmdtdfFHnPxnBiBnOYt+hNWJ1VZ2oKS7vjEu+bW7PwG3AqxVC68RP7hHuiyIhPbd7hdGXhKRWRz6vezQ==; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-csrf=dnlVWXBlbGZBVTBLQjg4b3NnbGdVN2VJejVuU3hvTnF0bnk5b3dXV1drM1BobnVhWWRienFWQVZta29mMFpmMUlneHMrUEVsSTJoU0VwYi9ENW9LdFE9PTsyMDI0LTA0LTI0VDAzOjQ5OjE0LjYzMjY0NDNaO01nMDZEU1g4QWNNWGk3TG5tS1MxR1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-cache|utnsducfme6yx66gqyp5ba_0=m1.mPtgvSwpigWnuqlp.odtR8PCSrnfkV2/3E8C2Lw==.0.oiwFz1CyrH7SLivcfQDPpnLWZ1iiv56UlWJlP/Fx2u4bu/n2EfvFDNJCvQJDRje4vRvAix16R4+eI7OD+BJgyBss2zyIPqXTquxEQQeN7XUhuuY2/utcbC0XV1kLxT5UrFYZsho2byuLb2W6WVNtDgzhkIbihg0yEzJ/yKfyolhFP0xt4DMuSDNoJA6O3sndCyUriHZ5pmO5g3/mvEjBG269qIWp2RQNZli6Wsl4yO/KRnM8LX1aoAelqTIytDDUz5hMYAfhrohJS2PEM+V8GzNJQSTQ0sM2cGKj+saK7qxEBszHD3xRndMhLcpJRagtYqosCgGknq/Tl70rNVSbN0UWfoO6fx7ryIo7hCy5/ezIZOLkqbCS4T2ix9BQYB7zOe3cS5wQDmUjb5IELeQJ1vaVkTerUjxe/r+76Uhobvy1mdeTzAyB491H6ckQZYJMVG6co6k5L+5iigrObAhPx4Rt2jFLsR296LlorwYF5LOsiWwdYvfqxQ+kJfDY5ZNaTrtpbT7uQCaMIOPAn2lx/fybl3NKlWC/LRPhpKhctXL7zyBdHWpFLrVq/Z6CfED7bYt21yk0Pn+p20aZxMhzFdWK/cqRs8lZRtjEM7eaWVQm+yiB2Mk9SyAE1SJTTU3JQECXp9y+o6rCVsJoH4k1osHC2MXU497NS4RqL627nbPjygf66TePmvoFMrLOSXWvSg8IsdBj4wUP5o8cbm2BjLhbtZlRWjSZW5dD2a74lls5i1nfjR0TkLHEliGDyhDbKNjtmAZqthNFi9K8I/zAOlrsh08WlDasF1ghpzks00O5l8ctS8ffNW1vRW3/wsrqhLr2z+aDIDSjrLrf3W3MC7riAZSHx+lX+HMeE4UlEhAEBFZ77BrBcCcEWt6wJLf7rm7jhrluolRhOKq9AdQhfXnUoCDH2ctyiNwVjAZXA06xiSwbICseM2F2XDeRAFUKF4pPazoap+fEueYU76DsjVRFxBxp6YVhaxkO9Dy2gYj4ZkMpycwEYFtmj5dsLxXVcyXsOC1mMaDDYbRiGrqxgW++XsKBcDoL20X5D06GRalFgxMnw6jcrgdLQnSzF8gCy+2WnbRaaE7LDKktcSaowwjQ/SVRz/8nY6KYLmlvxnXJ3fgTMDiCYphwhLUSw0+y7HqbrpbiUi61OB+fZuWOL8td7M4Ivx6zRi38wZNi67dUhJyzyNtcBJ49jeB2jo7e5XSAKdYuRlrx9WT5CxVS6NA12u/K1LmYZI/Kkp276HqEYewH/ovfqat+/PYQnYPs5CMCiqOC3e//5ZSJ14MAXFcrXsql5JozL4j7ld8XOtcYX3ubaDKW1XXzB+KX2DC6rFzgh/rv5R/XpvrbzN8Rf4xWoczETGZNmJe3zfNetnb2Cynq6fDY+BSggkfIyxEkNvQs7uWmbAy4vOVdgKXIS1poVMjD8h+VMHT2+dykvsZCIeS/7ZK4n5f7bnsisMZSUZGZ9x34aCNwGJx1VTKd7X2f2DlRcuaaggym4OGLjTwkZ3BIAfmyAOUFsAdXIz/F8IjCflCRx/sr8OK9kdqZMlsHmEbt9g==; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCJ9; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Wed, 24 Apr 2024 03:49:14 GMT
Content-Length: 66347

liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png

172.64.148.197

200 OK

3.5 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: image/png
content-length: 3503
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880baf"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
accept-ranges: bytes
set-cookie: __cf_bm=CldgLVXXS9vz.lkCB7SW0VgfjozI82KZDsMeEW_2KLA-1713930555-1.0.1.1-Na8L6RLutXCj4jCPw3ccyI4AMMHiAk2r5.F6d7uYqFTAMiYy.1DyYOhyWj2Vj2.Mr5YlGB.tgQV6_BWAP.XTMw; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f52c8a77130-OSL
X-Firefox-Spdy: h2

liveflo.b2clogin.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

20.190.177.147

404 Not Found

103 B

URL GET HTTP/1.1
liveflo.b2clogin.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
20.190.177.147:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.T0PLRCWpkNIi+ZHk.onXOmbgrfxkrzz0hxdO5dQ==.0.2kNi+qdGYTFVcner+FRpxWlycZIzqv2yiZMi8HhQtDvJG+bKfXL/1buWV1H9jUNBUiB+GRH895R4nFhxj3JHq5SzoaSpQE+hfbfCfzWOI88ZeU9VhTuxniKjPrqxU7yl1P53LVKIXW5lnn/w+w1sZRWiU3s6926QjxXorK7sU+teWZJGLk+C9GZ+3212zrglBph8l0jZhEHu/DL1Wj0fHRw8h2nXtSJKfzaqX/kJNM6YkpSQMDS0fGCGHthVP5urBxzMByJgP6PyU79yjQsmdtdfFHnPxnBiBnOYt+hNWJ1VZ2oKS7vjEu+bW7PwG3AqxVC68RP7hHuiyIhPbd7hdGXhKRWRz6vezQ==; x-ms-cpim-csrf=dnlVWXBlbGZBVTBLQjg4b3NnbGdVN2VJejVuU3hvTnF0bnk5b3dXV1drM1BobnVhWWRienFWQVZta29mMFpmMUlneHMrUEVsSTJoU0VwYi9ENW9LdFE9PTsyMDI0LTA0LTI0VDAzOjQ5OjE0LjYzMjY0NDNaO01nMDZEU1g4QWNNWGk3TG5tS1MxR1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|utnsducfme6yx66gqyp5ba_0=m1.mPtgvSwpigWnuqlp.odtR8PCSrnfkV2/3E8C2Lw==.0.oiwFz1CyrH7SLivcfQDPpnLWZ1iiv56UlWJlP/Fx2u4bu/n2EfvFDNJCvQJDRje4vRvAix16R4+eI7OD+BJgyBss2zyIPqXTquxEQQeN7XUhuuY2/utcbC0XV1kLxT5UrFYZsho2byuLb2W6WVNtDgzhkIbihg0yEzJ/yKfyolhFP0xt4DMuSDNoJA6O3sndCyUriHZ5pmO5g3/mvEjBG269qIWp2RQNZli6Wsl4yO/KRnM8LX1aoAelqTIytDDUz5hMYAfhrohJS2PEM+V8GzNJQSTQ0sM2cGKj+saK7qxEBszHD3xRndMhLcpJRagtYqosCgGknq/Tl70rNVSbN0UWfoO6fx7ryIo7hCy5/ezIZOLkqbCS4T2ix9BQYB7zOe3cS5wQDmUjb5IELeQJ1vaVkTerUjxe/r+76Uhobvy1mdeTzAyB491H6ckQZYJMVG6co6k5L+5iigrObAhPx4Rt2jFLsR296LlorwYF5LOsiWwdYvfqxQ+kJfDY5ZNaTrtpbT7uQCaMIOPAn2lx/fybl3NKlWC/LRPhpKhctXL7zyBdHWpFLrVq/Z6CfED7bYt21yk0Pn+p20aZxMhzFdWK/cqRs8lZRtjEM7eaWVQm+yiB2Mk9SyAE1SJTTU3JQECXp9y+o6rCVsJoH4k1osHC2MXU497NS4RqL627nbPjygf66TePmvoFMrLOSXWvSg8IsdBj4wUP5o8cbm2BjLhbtZlRWjSZW5dD2a74lls5i1nfjR0TkLHEliGDyhDbKNjtmAZqthNFi9K8I/zAOlrsh08WlDasF1ghpzks00O5l8ctS8ffNW1vRW3/wsrqhLr2z+aDIDSjrLrf3W3MC7riAZSHx+lX+HMeE4UlEhAEBFZ77BrBcCcEWt6wJLf7rm7jhrluolRhOKq9AdQhfXnUoCDH2ctyiNwVjAZXA06xiSwbICseM2F2XDeRAFUKF4pPazoap+fEueYU76DsjVRFxBxp6YVhaxkO9Dy2gYj4ZkMpycwEYFtmj5dsLxXVcyXsOC1mMaDDYbRiGrqxgW++XsKBcDoL20X5D06GRalFgxMnw6jcrgdLQnSzF8gCy+2WnbRaaE7LDKktcSaowwjQ/SVRz/8nY6KYLmlvxnXJ3fgTMDiCYphwhLUSw0+y7HqbrpbiUi61OB+fZuWOL8td7M4Ivx6zRi38wZNi67dUhJyzyNtcBJ49jeB2jo7e5XSAKdYuRlrx9WT5CxVS6NA12u/K1LmYZI/Kkp276HqEYewH/ovfqat+/PYQnYPs5CMCiqOC3e//5ZSJ14MAXFcrXsql5JozL4j7ld8XOtcYX3ubaDKW1XXzB+KX2DC6rFzgh/rv5R/XpvrbzN8Rf4xWoczETGZNmJe3zfNetnb2Cynq6fDY+BSggkfIyxEkNvQs7uWmbAy4vOVdgKXIS1poVMjD8h+VMHT2+dykvsZCIeS/7ZK4n5f7bnsisMZSUZGZ9x34aCNwGJx1VTKd7X2f2DlRcuaaggym4OGLjTwkZ3BIAfmyAOUFsAdXIz/F8IjCflCRx/sr8OK9kdqZMlsHmEbt9g==; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCJ9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Wed, 24 Apr 2024 03:49:14 GMT
Content-Length: 103

liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png

172.64.148.197

200 OK

3.5 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: image/png
content-length: 3503
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880baf"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5338c57130-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/lib/jquery/dist/jquery.min.js

172.64.148.197

200 OK

34 kB

URL GET HTTP/2
liveflo.qxlva.io/lib/jquery/dist/jquery.min.js
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
34 kB (34486 bytes)
Hash
35d8e42df99031103b749606a3d678b7
8bd1ecd74c841d50990781bf17017eda3986ad45
f9bb1a41a0bf6d035190fb8adfbc648a4aacfad5bdf1975ec664310cf164f249

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /lib/jquery/dist/jquery.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452521c104"
last-modified: Mon, 06 Mar 2023 16:03:09 GMT
cf-cache-status: HIT
age: 23
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5358d57130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/js/moj-frontend.min.js

172.64.148.197

200 OK

39 kB

URL GET HTTP/2
liveflo.qxlva.io/js/moj-frontend.min.js
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
39 kB (38831 bytes)
Hash
00b799ba28b431ee018aab34ebde7fd3
67020619e2c38dc9a384d6c5a9095a7d2b783040
f511e600fa2ae8c4b0fe66fb87d64b016f9a7ef8e4fc6bd88d6b485a6c737eb8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/moj-frontend.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524887e1d"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5348cf7130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/fonts/light-94a07e06a1-v2.woff2

172.64.148.197

200 OK

33 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/fonts/light-94a07e06a1-v2.woff2
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33382, version 1.131
Size
33 kB (33382 bytes)
Hash
94a07e06a104e76fe40583f74b204aee
3202361735eb0c59277c2140c34dd77879df43de
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/fonts/light-94a07e06a1-v2.woff2 HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/font-woff2
content-length: 33382
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524888466"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 23
accept-ranges: bytes
set-cookie: __cf_bm=NT.03wo4lfLVX7s5oCI1vditYROyCfd4LPeSZOP8a88-1713930555-1.0.1.1-frjuUsqr0sUxde4Peqhc1K_qMKo645OhhMF_VPpdNGIBo4Aq76c2jbaUPTrlwFKT5vrwDpBlFPE8EySz30xFlw; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931f539f305697-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/images/favicon.ico

172.64.148.197

2.7 kB

URL GET
liveflo.qxlva.io/assets/images/favicon.ico
IP
172.64.148.197:0
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
2.7 kB (2695 bytes)
Hash
2b92681928806580779a40063b5b4846
40f778cea26e9a14c8158f737d02459450232887
bf9a289a241229c5e14c4ee79b82eced240017063a3accf15d0f06517b192a55

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: image/x-icon
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524881eae"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5338c77130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js

151.101.65.229

200 OK

4.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (10935)
Size
4.0 kB (3993 bytes)
Hash
f08851c17deb20a2664ed852ba749c21
681b6700f1230eeebaa5f913f46d8477086ccec5
f56700d1f4addde549b8c8328ad1a6b912bf73ce9b65ecef2dc01c54c596e36b

HTTP Headers

GET /npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.1.4
x-jsd-version-type: version
etag: W/"2b6e-aBtnAPEjDu66pfkT9G2EdwhszsU"
content-encoding: br
accept-ranges: bytes
date: Wed, 24 Apr 2024 03:49:15 GMT
age: 670307
x-served-by: cache-fra-eddf8230038-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3993
X-Firefox-Spdy: h2

liveflo.b2clogin.com/liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZGQyMzk1MS0xZjQ3LTRlOTgtYjI1Zi1hZWEwYTk4M2Y5MDQifQ&p=B2C_1_FLO_V2_Signup_Signin

20.190.177.147

200 OK

0 B

URL POST HTTP/1.1
liveflo.b2clogin.com/liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZGQyMzk1MS0xZjQ3LTRlOTgtYjI1Zi1hZWEwYTk4M2Y5MDQifQ&p=B2C_1_FLO_V2_Signup_Signin
IP
20.190.177.147:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZGQyMzk1MS0xZjQ3LTRlOTgtYjI1Zi1hZWEwYTk4M2Y5MDQifQ&p=B2C_1_FLO_V2_Signup_Signin HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
X-CSRF-TOKEN: dnlVWXBlbGZBVTBLQjg4b3NnbGdVN2VJejVuU3hvTnF0bnk5b3dXV1drM1BobnVhWWRienFWQVZta29mMFpmMUlneHMrUEVsSTJoU0VwYi9ENW9LdFE9PTsyMDI0LTA0LTI0VDAzOjQ5OjE0LjYzMjY0NDNaO01nMDZEU1g4QWNNWGk3TG5tS1MxR1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
X-Requested-With: XMLHttpRequest
Content-Length: 9641
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.T0PLRCWpkNIi+ZHk.onXOmbgrfxkrzz0hxdO5dQ==.0.2kNi+qdGYTFVcner+FRpxWlycZIzqv2yiZMi8HhQtDvJG+bKfXL/1buWV1H9jUNBUiB+GRH895R4nFhxj3JHq5SzoaSpQE+hfbfCfzWOI88ZeU9VhTuxniKjPrqxU7yl1P53LVKIXW5lnn/w+w1sZRWiU3s6926QjxXorK7sU+teWZJGLk+C9GZ+3212zrglBph8l0jZhEHu/DL1Wj0fHRw8h2nXtSJKfzaqX/kJNM6YkpSQMDS0fGCGHthVP5urBxzMByJgP6PyU79yjQsmdtdfFHnPxnBiBnOYt+hNWJ1VZ2oKS7vjEu+bW7PwG3AqxVC68RP7hHuiyIhPbd7hdGXhKRWRz6vezQ==; x-ms-cpim-csrf=dnlVWXBlbGZBVTBLQjg4b3NnbGdVN2VJejVuU3hvTnF0bnk5b3dXV1drM1BobnVhWWRienFWQVZta29mMFpmMUlneHMrUEVsSTJoU0VwYi9ENW9LdFE9PTsyMDI0LTA0LTI0VDAzOjQ5OjE0LjYzMjY0NDNaO01nMDZEU1g4QWNNWGk3TG5tS1MxR1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|utnsducfme6yx66gqyp5ba_0=m1.mPtgvSwpigWnuqlp.odtR8PCSrnfkV2/3E8C2Lw==.0.oiwFz1CyrH7SLivcfQDPpnLWZ1iiv56UlWJlP/Fx2u4bu/n2EfvFDNJCvQJDRje4vRvAix16R4+eI7OD+BJgyBss2zyIPqXTquxEQQeN7XUhuuY2/utcbC0XV1kLxT5UrFYZsho2byuLb2W6WVNtDgzhkIbihg0yEzJ/yKfyolhFP0xt4DMuSDNoJA6O3sndCyUriHZ5pmO5g3/mvEjBG269qIWp2RQNZli6Wsl4yO/KRnM8LX1aoAelqTIytDDUz5hMYAfhrohJS2PEM+V8GzNJQSTQ0sM2cGKj+saK7qxEBszHD3xRndMhLcpJRagtYqosCgGknq/Tl70rNVSbN0UWfoO6fx7ryIo7hCy5/ezIZOLkqbCS4T2ix9BQYB7zOe3cS5wQDmUjb5IELeQJ1vaVkTerUjxe/r+76Uhobvy1mdeTzAyB491H6ckQZYJMVG6co6k5L+5iigrObAhPx4Rt2jFLsR296LlorwYF5LOsiWwdYvfqxQ+kJfDY5ZNaTrtpbT7uQCaMIOPAn2lx/fybl3NKlWC/LRPhpKhctXL7zyBdHWpFLrVq/Z6CfED7bYt21yk0Pn+p20aZxMhzFdWK/cqRs8lZRtjEM7eaWVQm+yiB2Mk9SyAE1SJTTU3JQECXp9y+o6rCVsJoH4k1osHC2MXU497NS4RqL627nbPjygf66TePmvoFMrLOSXWvSg8IsdBj4wUP5o8cbm2BjLhbtZlRWjSZW5dD2a74lls5i1nfjR0TkLHEliGDyhDbKNjtmAZqthNFi9K8I/zAOlrsh08WlDasF1ghpzks00O5l8ctS8ffNW1vRW3/wsrqhLr2z+aDIDSjrLrf3W3MC7riAZSHx+lX+HMeE4UlEhAEBFZ77BrBcCcEWt6wJLf7rm7jhrluolRhOKq9AdQhfXnUoCDH2ctyiNwVjAZXA06xiSwbICseM2F2XDeRAFUKF4pPazoap+fEueYU76DsjVRFxBxp6YVhaxkO9Dy2gYj4ZkMpycwEYFtmj5dsLxXVcyXsOC1mMaDDYbRiGrqxgW++XsKBcDoL20X5D06GRalFgxMnw6jcrgdLQnSzF8gCy+2WnbRaaE7LDKktcSaowwjQ/SVRz/8nY6KYLmlvxnXJ3fgTMDiCYphwhLUSw0+y7HqbrpbiUi61OB+fZuWOL8td7M4Ivx6zRi38wZNi67dUhJyzyNtcBJ49jeB2jo7e5XSAKdYuRlrx9WT5CxVS6NA12u/K1LmYZI/Kkp276HqEYewH/ovfqat+/PYQnYPs5CMCiqOC3e//5ZSJ14MAXFcrXsql5JozL4j7ld8XOtcYX3ubaDKW1XXzB+KX2DC6rFzgh/rv5R/XpvrbzN8Rf4xWoczETGZNmJe3zfNetnb2Cynq6fDY+BSggkfIyxEkNvQs7uWmbAy4vOVdgKXIS1poVMjD8h+VMHT2+dykvsZCIeS/7ZK4n5f7bnsisMZSUZGZ9x34aCNwGJx1VTKd7X2f2DlRcuaaggym4OGLjTwkZ3BIAfmyAOUFsAdXIz/F8IjCflCRx/sr8OK9kdqZMlsHmEbt9g==; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCJ9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
x-ms-gateway-requestid: dc6b625e-bbf1-40b1-a352-01ac667a3cb2
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Wed, 24 Apr 2024 03:49:15 GMT
Content-Length: 0

liveflo.qxlva.io/js/site.js

172.64.148.197

200 OK

5.7 kB

URL GET HTTP/2
liveflo.qxlva.io/js/site.js
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
5.7 kB (5747 bytes)
Hash
acb054feeace0e61b6039f42d4bea02c
07a6388a2e92bdb4875b017aa1dce8766902017b
ebfd97793d02f28bfaa90ae5209e50ec9c92b708d6bce0e622a06cd85d56b261

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/site.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452488014f"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5358d77130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css

172.64.148.197

200 OK

19 kB

URL GET HTTP/2
liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
19 kB (18927 bytes)
Hash
d94b6d1d5c6296886b6129358fbdbe4b
3828303c2eb9188e7004483adbfdd3505f779160
df3c4bad26d308aab881036da9ca0553edf7a315de5159cec0eabbd5e7778acc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/govuk-frontend-4.2.0.min.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452489ab16"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
set-cookie: __cf_bm=NDNiNXwBiotwo05hkyqkvcp4HI2Xx5pfsjb1JF_RjkI-1713930555-1.0.1.1-IpewoRAOmrld5A4lfsavehyJ45u3kUrxY7iGF4.MIRAk4lOy.0hBIg.TK9Ie7iBTDb9_hziRQVzaURd16.s02A; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f52e8b07130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/moj-frontend.min.css

172.64.148.197

200 OK

20 kB

URL GET HTTP/2
liveflo.qxlva.io/css/moj-frontend.min.css
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
20 kB (19545 bytes)
Hash
197584f86a5c3d64b995452e3c44e2fa
bcc3307a772dd1b3d689316cea5a6fcf3b56ba68
4ccf430387ab619dc3ce42d9738ef01fc600c1b2827397a5ff6d37acd9a1ff9e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/moj-frontend.min.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452488d483"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
set-cookie: __cf_bm=9a0SydxLuPcCUParGUW7zy.4Eqkny_tXeh_cu3H9UmY-1713930555-1.0.1.1-5APvhEmlVTFDUD1YoUxZzwCHxxKl0lVPspmL5nkPQ9HN0T2hqiSQTf6ZpIZ2olNliiDDatjRW7544au37TzFVA; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f52f8b17130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/Home/Login

172.64.148.197

200 OK

31 kB

URL GET HTTP/2
liveflo.qxlva.io/Home/Login
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type

Size
31 kB (31351 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /Home/Login HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
vary: Origin
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=O8kENCDASbCiyi93_XPnRcl5aVoGV.I5aHzB1gRm.yE-1713930555-1.0.1.1-MwuNy5NQTJvAqDWMcYHxMVuFg7vb7xCAb5XLmbBf6yuz2c9b3f8S5_w9.N4rirAhDYCIWGGu3boxWZWK6X2NIQ; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931f514e4d5697-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/images/govuk-crest.png

172.64.148.197

200 OK

3.6 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-crest.png
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 125 x 102, 8-bit colormap, non-interlaced
Size
3.6 kB (3584 bytes)
Hash
bcd5768bd7721641ee71ba103bb38900
42a8d445a3446dee17cc6684ea055703e490bf5e
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-crest.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: image/png
content-length: 3584
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880800"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5388e77130-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/fonts/bold-b542beb274-v2.woff2

172.64.148.197

200 OK

32 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/fonts/bold-b542beb274-v2.woff2
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31480, version 1.0
Size
32 kB (31480 bytes)
Hash
b542beb2746ca0e4a5a9aa7ea7767df7
edd7531eb22a9e4c7c17045d9ba5ec87e4c731d2
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/fonts/bold-b542beb274-v2.woff2 HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/font-woff2
content-length: 31480
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524887cf8"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 23
accept-ranges: bytes
set-cookie: __cf_bm=K8qjfJ_HA2X.apXSqSxfk6wZ.R8cmpdbp5ZOMe_Qrjo-1713930555-1.0.1.1-R1Db9AaM9PaTYRsQOazm4KYuF4xbf2meSv7U59ylKaevNYrGemo4OuyS8FKf1rrH.9HkRCJVTOTM4Ho7ruQzkQ; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931f538f2d5697-OSL
X-Firefox-Spdy: h2

liveflo.b2clogin.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

20.190.177.147

404 Not Found

0 B

URL GET HTTP/1.1
liveflo.b2clogin.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
20.190.177.147:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.T0PLRCWpkNIi+ZHk.onXOmbgrfxkrzz0hxdO5dQ==.0.2kNi+qdGYTFVcner+FRpxWlycZIzqv2yiZMi8HhQtDvJG+bKfXL/1buWV1H9jUNBUiB+GRH895R4nFhxj3JHq5SzoaSpQE+hfbfCfzWOI88ZeU9VhTuxniKjPrqxU7yl1P53LVKIXW5lnn/w+w1sZRWiU3s6926QjxXorK7sU+teWZJGLk+C9GZ+3212zrglBph8l0jZhEHu/DL1Wj0fHRw8h2nXtSJKfzaqX/kJNM6YkpSQMDS0fGCGHthVP5urBxzMByJgP6PyU79yjQsmdtdfFHnPxnBiBnOYt+hNWJ1VZ2oKS7vjEu+bW7PwG3AqxVC68RP7hHuiyIhPbd7hdGXhKRWRz6vezQ==; x-ms-cpim-csrf=dnlVWXBlbGZBVTBLQjg4b3NnbGdVN2VJejVuU3hvTnF0bnk5b3dXV1drM1BobnVhWWRienFWQVZta29mMFpmMUlneHMrUEVsSTJoU0VwYi9ENW9LdFE9PTsyMDI0LTA0LTI0VDAzOjQ5OjE0LjYzMjY0NDNaO01nMDZEU1g4QWNNWGk3TG5tS1MxR1E9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|utnsducfme6yx66gqyp5ba_0=m1.mPtgvSwpigWnuqlp.odtR8PCSrnfkV2/3E8C2Lw==.0.oiwFz1CyrH7SLivcfQDPpnLWZ1iiv56UlWJlP/Fx2u4bu/n2EfvFDNJCvQJDRje4vRvAix16R4+eI7OD+BJgyBss2zyIPqXTquxEQQeN7XUhuuY2/utcbC0XV1kLxT5UrFYZsho2byuLb2W6WVNtDgzhkIbihg0yEzJ/yKfyolhFP0xt4DMuSDNoJA6O3sndCyUriHZ5pmO5g3/mvEjBG269qIWp2RQNZli6Wsl4yO/KRnM8LX1aoAelqTIytDDUz5hMYAfhrohJS2PEM+V8GzNJQSTQ0sM2cGKj+saK7qxEBszHD3xRndMhLcpJRagtYqosCgGknq/Tl70rNVSbN0UWfoO6fx7ryIo7hCy5/ezIZOLkqbCS4T2ix9BQYB7zOe3cS5wQDmUjb5IELeQJ1vaVkTerUjxe/r+76Uhobvy1mdeTzAyB491H6ckQZYJMVG6co6k5L+5iigrObAhPx4Rt2jFLsR296LlorwYF5LOsiWwdYvfqxQ+kJfDY5ZNaTrtpbT7uQCaMIOPAn2lx/fybl3NKlWC/LRPhpKhctXL7zyBdHWpFLrVq/Z6CfED7bYt21yk0Pn+p20aZxMhzFdWK/cqRs8lZRtjEM7eaWVQm+yiB2Mk9SyAE1SJTTU3JQECXp9y+o6rCVsJoH4k1osHC2MXU497NS4RqL627nbPjygf66TePmvoFMrLOSXWvSg8IsdBj4wUP5o8cbm2BjLhbtZlRWjSZW5dD2a74lls5i1nfjR0TkLHEliGDyhDbKNjtmAZqthNFi9K8I/zAOlrsh08WlDasF1ghpzks00O5l8ctS8ffNW1vRW3/wsrqhLr2z+aDIDSjrLrf3W3MC7riAZSHx+lX+HMeE4UlEhAEBFZ77BrBcCcEWt6wJLf7rm7jhrluolRhOKq9AdQhfXnUoCDH2ctyiNwVjAZXA06xiSwbICseM2F2XDeRAFUKF4pPazoap+fEueYU76DsjVRFxBxp6YVhaxkO9Dy2gYj4ZkMpycwEYFtmj5dsLxXVcyXsOC1mMaDDYbRiGrqxgW++XsKBcDoL20X5D06GRalFgxMnw6jcrgdLQnSzF8gCy+2WnbRaaE7LDKktcSaowwjQ/SVRz/8nY6KYLmlvxnXJ3fgTMDiCYphwhLUSw0+y7HqbrpbiUi61OB+fZuWOL8td7M4Ivx6zRi38wZNi67dUhJyzyNtcBJ49jeB2jo7e5XSAKdYuRlrx9WT5CxVS6NA12u/K1LmYZI/Kkp276HqEYewH/ovfqat+/PYQnYPs5CMCiqOC3e//5ZSJ14MAXFcrXsql5JozL4j7ld8XOtcYX3ubaDKW1XXzB+KX2DC6rFzgh/rv5R/XpvrbzN8Rf4xWoczETGZNmJe3zfNetnb2Cynq6fDY+BSggkfIyxEkNvQs7uWmbAy4vOVdgKXIS1poVMjD8h+VMHT2+dykvsZCIeS/7ZK4n5f7bnsisMZSUZGZ9x34aCNwGJx1VTKd7X2f2DlRcuaaggym4OGLjTwkZ3BIAfmyAOUFsAdXIz/F8IjCflCRx/sr8OK9kdqZMlsHmEbt9g==; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkZDIzOTUxLTFmNDctNGU5OC1iMjVmLWFlYTBhOTgzZjkwNCJ9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Wed, 24 Apr 2024 03:49:15 GMT
Content-Length: 103

liveflo.qxlva.io/css/patterns.css

172.64.148.197

200 OK

2.7 kB

URL GET HTTP/2
liveflo.qxlva.io/css/patterns.css
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
ASCII text, with very long lines (2803), with no line terminators
Size
2.7 kB (2652 bytes)
Hash
a9e724ee68c6f09727b3a9992182e492
b0e05c2c2a51fd369e11696b47a888d549d4301d
6b868b42838b6c5a124ba9a10eddc3395fb73469cd85c835e577a8a6a2ffb912

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/patterns.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524880c5c"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
set-cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f52f8b37130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/site.css

172.64.148.197

200 OK

2.4 kB

URL GET HTTP/2
liveflo.qxlva.io/css/site.css
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
ASCII text, with very long lines (2563), with no line terminators
Size
2.4 kB (2379 bytes)
Hash
34932459b6be678d5c7014bedae25fa1
b3e7005c987e20259c67a43c25bffe7fca8c7d8d
6155f31839bc5942017e448af3a7f9c550275a4329ca71b4eba2eba807b581fc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/site.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524880f4b"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
set-cookie: __cf_bm=LSIN0kin_FSObpcas9LtwgpzcGMvEJP46lXoC_5..TM-1713930555-1.0.1.1-V6sy1RXn.T0tH_40qFmn7v2fozkMjtLZZ9BNiADZJP2ZujOcOnzvQqhg6id4jXhpCf9n1AB8.RE.g3IK4YU3dg; path=/; expires=Wed, 24-Apr-24 04:19:15 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f52f8b27130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js

172.64.148.197

200 OK

39 kB

URL GET HTTP/2
liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js
IP
172.64.148.197:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495273544055083.Yzg5MzJmYmEtODc3Yy00ZGNkLThhMWMtOGZiMWVjMTIzZjgwZjZmMzMxOTctMDdlZS00MThmLTlkYjgtMDZmY2Y2ZWE4ZmUw&state=CfDJ8CdLu1jFNypLthy6difoZ0G6vlME5hNY5BgbqgSnMRqTsLbHlysN-sFL7Jj2MISd73hEFxi2eAY2bbJK8SnOGVnyOs4n7ndu8hi6oeyOWrToZl79jHK1aNi4BKezRaQlcFybErPiUdDVpVNbMcnjdCNFHCX78OXd8Tucu7rAzq9ky35UqjRz0qk1gw73i-okM2Wi5XqfPzo4GNuFNDdfEwQZBG2Zt6DpJKd1iKBhTP3NSCmkmfiRz0kGSCf3-WTBvU6LN4TTbgoI516yovghiBPtjoAMcX78_25pujNDESK05AAM-rON4QYgBtqsBt-Nbw&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
JavaScript source, ASCII text, with very long lines (39289)
Size
39 kB (39290 bytes)
Hash
a625c8222f9fac4ca8b579c17a1411dd
4a6f58702dc50a7238814b162b4e9ad69e294a20
85ca59ddf7b2f1b42772ffd59947d82c727ddcbd9d0d7c10388902ae08a9843c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/govuk-frontend-4.2.0.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=HKZUeSr9tUp5Js0LIHMBgnNMwHz369pPeczp.yl7DfI-1713930555-1.0.1.1-gUvV8iMSweVxI_1YpsPU9xN3VL411uROxAGCIsrXCIe0iHlzCaXWfUZ7m7h.3R9gntSE8l0oDBVxDYTCcbGz1g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:49:15 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524889f7a"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 23
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931f5348cd7130-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN