Report - liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6

Report Overview

Submitted URL
liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
IP
20.190.177.19
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-24 03:49:17
Access
public
Website Title
- Apply for a tree felling licence
Final URL
liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-23	449 B	4.8 kB	151.101.65.229
liveflo.b2clogin.com	unknown	unknown	No data	No data	13 kB	71 kB	20.190.177.82
liveflo.qxlva.io	unknown	2019-12-24	2023-07-27	2024-04-18	8.4 kB	324 kB	104.18.39.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs
2024-04-22	medium	liveflo.qxlva.io/	HM Revenue & Customs

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	unknown	1.1 kB	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:23 Last Seen2024-04-24 05:49:23 Times Seen1 Hash f57f7509837afee5f3b2454775accc9c 67f1273bf6590f253ce93e03b4539e80323836c0 42599fb9c4a6c918df551379f9b5b6911bd50c9563cd2c55253f8647717c1994 Loading...

	unknown	247 B	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:23 Last Seen2024-04-24 05:49:23 Times Seen1 Hash b1b72c44d98d7ec9b8f4ae663a175899 496c2aee68f0af7ea4e0bd9348c60b8efcc88d66 748d5595c901f3ebcd40a2dd0f6ceb896b2f0734572dc81e76760b1436026213 Loading...

	liveflo.qxlva.io/js/site.js	1.9 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/site.js IP 104.18.39.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 180a6a46cf2f9faaca597e260763a538 12a005c5ea119385c8f97ce1e9b29aafed496396 b8662f55dcef6424fff34a26c51744a573d65f032a4b62a27aa487a1f91560c6 Loading...

	unknown	9 B	2023-03-07	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-06 10:17:02 Times Seen16307 Hash 5e543256c480ac577d30f76f9120eb74 d5d4cd07616a542891b7ec2d0257b3a24b69856e eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	3.1 kB	2024-04-24	2024-04-24
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.82 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:49:23 Last Seen2024-04-24 05:49:23 Times Seen1 Hash 9b3e824c678bbdf559c0e6cf8bff3ce5 534a191a6de799b7994bfab273d66851ada1984f 352721fe89d937226df1bf9f0b00f5ded24453db660c344a49761cc8e0e7338d Loading...

	unknown	133 B	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 9fcbd747ce03933f14abc88f9a3f1657 405e942df06ccdc7d9b7e7e1479ef55027545bc6 0ad41278ea89c953c7dc5e5647010821a5d91f153cb12c5373d5fa813254055f Loading...

	unknown	15 kB	2024-04-24	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 05:49:24 Last Seen2024-04-24 05:49:46 Times Seen2 Hash 54a72945797f34d514acc87ef97b5fcf e2592e690605d092fadfbaad5fb54277de7db1a4 234ead89c062937876bf80cab4ab4b49b2a8b6eac2b8a8585d55ca2d0171fdbf Loading...

	cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js	11 kB	2024-03-23	2024-04-24
Pretty URL cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:47 Times Seen6 Hash f08851c17deb20a2664ed852ba749c21 681b6700f1230eeebaa5f913f46d8477086ccec5 f56700d1f4addde549b8c8328ad1a6b912bf73ce9b65ecef2dc01c54c596e36b Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	186 B	2024-04-24	2024-04-24
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.82 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:49:24 Last Seen2024-04-24 05:49:46 Times Seen2 Hash c4847bcc2b9ffdb27024e66554827896 feaa87950b23440a4a9d144653096d2917703aed 85d78caded2fc2f45fade446e66c2147d7c83146f686b1f930e694c2cc160dee Loading...

	unknown	1.5 kB	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:27 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 7015b235183a676b9c71c9e01c07338d 0a6b16df43c50cd176e14e5154a208f0ad475b14 d327eab3491b1d7c58fad93f3d52181be3e1f7839859228985f84deebf6507e2 Loading...

	unknown	204 B	2024-03-23	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen3 Hash 626f7e620781fc2dbc42221574a973bd 3a41a91ea8df24feb8169be4d72a0748003f2cf9 97fb64bad75f3be69db853006fe9ac3cc86955d35c7d468355ef63d4bfbe9596 Loading...

	liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js	39 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js IP 104.18.39.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:47 Times Seen6 Hash a625c8222f9fac4ca8b579c17a1411dd 4a6f58702dc50a7238814b162b4e9ad69e294a20 85ca59ddf7b2f1b42772ffd59947d82c727ddcbd9d0d7c10388902ae08a9843c Loading...

	liveflo.qxlva.io/js/moj-frontend.min.js	31 kB	2024-03-23	2024-04-24
Pretty URL liveflo.qxlva.io/js/moj-frontend.min.js IP 104.18.39.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-23 18:57:28 Last Seen2024-04-24 05:49:46 Times Seen4 Hash e6e51f8fb81b0362bb78ff4da1d175c7 1aec630ce50d1f96d45a2e113dc8b9dfc870c002 093ca0401e75e6572bec9e035c3bd02babe5b2848d700da42bf0598d5b06cb8a Loading...

	liveflo.qxlva.io/lib/jquery/dist/jquery.min.js	90 kB	2023-03-07	2024-05-06
Pretty URL liveflo.qxlva.io/lib/jquery/dist/jquery.min.js IP 104.18.39.59 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 08:09:27 Times Seen141668 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	161 kB	2023-04-11	2024-05-01
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.82 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 18:05:12 Last Seen2024-05-01 08:44:42 Times Seen15 Hash b0678285be79ec7730021bc3079c7328 a52aa331c415e25fa3f9e58f59eabc3f354d056f b49c513fff542744651d538fbbbd3dc50ed1d1aa9aa53dbcd7dea402d03856ba Loading...

	liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0	157 B	2023-03-10	2024-05-03
Pretty URL liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 IP 20.190.177.82 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:38:16 Last Seen2024-05-03 23:39:30 Times Seen86 Hash 962b28e9f8133cc633b34f157319a734 b1e076e2501f602eacd091354c44dfd9df7eaa33 323f8b86e5da480dd2f2ea9b757ce8d6fbe9601b80a8ea2f191c43aca3495919 Loading...

HTTP Transactions (21)

URL IP Response Size

liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0

20.190.177.82

200 OK

66 kB

URL User Request GET HTTP/1.1
liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
IP
20.190.177.82:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (61642), with CRLF, LF line terminators
Size
66 kB (66344 bytes)
Hash
fcfd4e2e5032a58507427bb7b7441d26
c1862e66ee3a6a162ad3b49a5b8d1aad6ad33ee5
d2afb37a0a2880f3e4746e44bab66c31ed8ad1c25f88635c844353348b333fcf

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0 HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
x-ms-gateway-requestid: 0eff140b-d80b-43a5-8fd5-067c50ef3fb4
X-UA-Compatible: IE=edge
X-Request-ID: 0d065d63-a793-4431-8d8b-12d4a21f99e4
X-Build: 1.1.128.0
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.eTmRaSkqBIfin7Ox.Wg+oh6GsuYZe+U7/hqSq+g==.0.pJDAuKP7rqF+/yTsaeJsidObHXSoMPKREFOcP+OMN9nO1qkb85iWKiPAF1sY3iZskcgky1Xj8WjzmyexDiJC0tzRkuknD+GVJPvi8bJ+C/YTxbgjxzwio+FvkZMQOt2kx2d9chcpgBf6/CdqDsu3T39iZvXK/f358fwn/SO1lAMZeMsGMoEviF+z8V3iMHRtPHXRZk/xBZ6as8GjL/oVz3C8BRNd6Jy9HBKJMRvJ4I2nosQDvFf8Z+ZCi0Rs8B9W4FhWtgDFvup88T+3g0UJQIYnPq17H4weo34WuX9dOtkuqpTa+erl2g5fgbxZZX2io6XET5yJgKshW6CinYZYRN/Uiyv+; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-csrf=TEJLSVB3RHQza0Y2a0gyTlhuUkNFbHo1VzU0eVQ0dm5Manh3bjVCL3lueVNSZ3pKRkVYN2Q3VHpTQ0Jkekt2TldZYS85WS9tcmJYdmUvWFJ6NXdvV2c9PTsyMDI0LTA0LTI0VDAzOjQ4OjUxLjU5MzIxOTdaO3JhQkQ0VnFHVyttUlhnUWZlMEZrR3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-cache|y10gdzonmusnixluoh-z5a_0=m1.uT+TOTyi/QAMfWmd.l/U9By4IZzLG6KjkzNyd2g==.0.6q779Gw7zyQB1u1j5iLp5VFlFigPkN4i+pq6JFpn3PSfNL6OiC/adT7t6OpxYPKv+enZlmdK+luGX7n2nrabhw7MReRbHTSog39Oq9ypDMpKjVHxeHpkB+qanwW3Xgpknxu+HhIxFRoL4ZTSLA9BOEUbQmqW0eGhPpe4UOHGvLJ2i8okbKJRPBLr3vUuu6is/1h8GYHw57rP7O+R/womjW07vigwTmVMAdXr8at9nx5NN9nFmbIFotFM4zKHsMn6CbrdGdc9SJtxIBVmmTv+Zm2KKBED9hlibRprm+14zJvV95PhsRD7mcey/VWHFDTPowJjV3UID+y6L/gAIjWcdhTNOfAGaHlOvqZ+mz9osdENCLwRtOypLHLigr5W0qM6C6ahm2avrj6yP27DScMCilgFxbBPq0AsKMQaiQER0tKGEgnjvhB5zRSx0LXQoa5QLQ9WI+sF/dzmZP0Zdu1ua/yqw5ZovCZfudLqeL6Y2UqHvwJuzX3VMikhoU6FabqM9QWcXILg4L/NQAdAHvud0mHJ91BOTO7dU/J0Ktoq1pWf6dg1i4SXmOvvLnKcQ5DYvpODqsKyPwo1Za0WiOcjDgjx8NlXv+pQC/j7yUBVvYQqkRxj4VaF8J5SVrL5xYg05PTD6QhKnQ0NoNEEtIuYGjsM+DvEioNsS399HRi3FHgRkSwSHXuOvKZ88g+pFxhYSbO6oikbze0T7v46iQERp+1BqFHb7a3SFsy56Gu9xg+D446/KfkRRSGwFlA52utyIAmz6LDsuYbOM43B/fU9m8pSzGm9h/zA3FVq7yOlUtRkpa02hk2BBLqDxcp5TA5gWaGFxtWazjDEa6l1tddQssmlg9ohOG7kAeUqVfrWEluJsLBJnphiXcQDBEl5DZACPc6T2vZVUfERMk/VqBq2GPvqn1B6056LK1nKmsBAsIai7RKGim3Gt6w5KLZC0KPSce0RKPKsTncJFB1Xb+E5F73TjWSIrzo2r4bkZkA157rgjH2CsszIvYQvr53hiIgzrXZcPGef72esb38iebqibfGNcUnGFu+RfpojaJKpVWQtHW49N/SiHxO5ijQXPlJa2gpqesJhP0czAJF94R8piPW5fD+6iTxpxqd4rPtwYUfD70EykqJBOvER3QVDd8leCMpYzkY7ytPFHYfLb3lNrYyGP+CI1TvqMyAt2bYEy1TC3M11Y/21gH9LQLt0BInWkSdLYUpu7XgXPkb2JUEk5ldpszgZH0Vt4n3aJ42ZHMXWAraqEmehZP4dMkWhEFjw+Wy9nnCRSVHIUmynDUlnmDm6Ckxh3OfRgl5WTIXiyIzuW4JPuYBtAQuqVM5G3nln8DN2ddHEUwsHuiLl1mSyiRr3v0kp+CwLNS2vjB+ivXb+TNntEr/TMAnabvCoelCF5zRTTwEnvi9srIUwRTGqDY1bl/+ZnhtVKkZAjN1rsH6x7y32bGNgLBYniJOTyJdVnbf4dK5daGGtT/0YYNF399/ZN6x7DsYSy9pXQBTRowf85BBF4Vs8TWDGxvypHTvCNqwnGDAn+ecE9adCTrsUXQNG5uSBNhIdwBSi; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCJ9; domain=liveflo.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Wed, 24 Apr 2024 03:48:50 GMT
Content-Length: 66344

liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png

104.18.39.59

200 OK

3.5 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: image/png
content-length: 3503
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880baf"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=i8g58zRlWGqBmY07HMeeluEuwvtavdmUXWTWcSuxeSg-1713930532-1.0.1.1-keJCrQUV0S2zG7LQvgBkhIX5AvZ97yJnOyyd4rQlgNUFn1ToBSuvaG4aLFD60lxsfwUNUy3GAMklE0.AXQ2S5w; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec3fd017128-OSL
X-Firefox-Spdy: h2

liveflo.b2clogin.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

20.190.177.82

404 Not Found

103 B

URL GET HTTP/1.1
liveflo.b2clogin.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
20.190.177.82:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.eTmRaSkqBIfin7Ox.Wg+oh6GsuYZe+U7/hqSq+g==.0.pJDAuKP7rqF+/yTsaeJsidObHXSoMPKREFOcP+OMN9nO1qkb85iWKiPAF1sY3iZskcgky1Xj8WjzmyexDiJC0tzRkuknD+GVJPvi8bJ+C/YTxbgjxzwio+FvkZMQOt2kx2d9chcpgBf6/CdqDsu3T39iZvXK/f358fwn/SO1lAMZeMsGMoEviF+z8V3iMHRtPHXRZk/xBZ6as8GjL/oVz3C8BRNd6Jy9HBKJMRvJ4I2nosQDvFf8Z+ZCi0Rs8B9W4FhWtgDFvup88T+3g0UJQIYnPq17H4weo34WuX9dOtkuqpTa+erl2g5fgbxZZX2io6XET5yJgKshW6CinYZYRN/Uiyv+; x-ms-cpim-csrf=TEJLSVB3RHQza0Y2a0gyTlhuUkNFbHo1VzU0eVQ0dm5Manh3bjVCL3lueVNSZ3pKRkVYN2Q3VHpTQ0Jkekt2TldZYS85WS9tcmJYdmUvWFJ6NXdvV2c9PTsyMDI0LTA0LTI0VDAzOjQ4OjUxLjU5MzIxOTdaO3JhQkQ0VnFHVyttUlhnUWZlMEZrR3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|y10gdzonmusnixluoh-z5a_0=m1.uT+TOTyi/QAMfWmd.l/U9By4IZzLG6KjkzNyd2g==.0.6q779Gw7zyQB1u1j5iLp5VFlFigPkN4i+pq6JFpn3PSfNL6OiC/adT7t6OpxYPKv+enZlmdK+luGX7n2nrabhw7MReRbHTSog39Oq9ypDMpKjVHxeHpkB+qanwW3Xgpknxu+HhIxFRoL4ZTSLA9BOEUbQmqW0eGhPpe4UOHGvLJ2i8okbKJRPBLr3vUuu6is/1h8GYHw57rP7O+R/womjW07vigwTmVMAdXr8at9nx5NN9nFmbIFotFM4zKHsMn6CbrdGdc9SJtxIBVmmTv+Zm2KKBED9hlibRprm+14zJvV95PhsRD7mcey/VWHFDTPowJjV3UID+y6L/gAIjWcdhTNOfAGaHlOvqZ+mz9osdENCLwRtOypLHLigr5W0qM6C6ahm2avrj6yP27DScMCilgFxbBPq0AsKMQaiQER0tKGEgnjvhB5zRSx0LXQoa5QLQ9WI+sF/dzmZP0Zdu1ua/yqw5ZovCZfudLqeL6Y2UqHvwJuzX3VMikhoU6FabqM9QWcXILg4L/NQAdAHvud0mHJ91BOTO7dU/J0Ktoq1pWf6dg1i4SXmOvvLnKcQ5DYvpODqsKyPwo1Za0WiOcjDgjx8NlXv+pQC/j7yUBVvYQqkRxj4VaF8J5SVrL5xYg05PTD6QhKnQ0NoNEEtIuYGjsM+DvEioNsS399HRi3FHgRkSwSHXuOvKZ88g+pFxhYSbO6oikbze0T7v46iQERp+1BqFHb7a3SFsy56Gu9xg+D446/KfkRRSGwFlA52utyIAmz6LDsuYbOM43B/fU9m8pSzGm9h/zA3FVq7yOlUtRkpa02hk2BBLqDxcp5TA5gWaGFxtWazjDEa6l1tddQssmlg9ohOG7kAeUqVfrWEluJsLBJnphiXcQDBEl5DZACPc6T2vZVUfERMk/VqBq2GPvqn1B6056LK1nKmsBAsIai7RKGim3Gt6w5KLZC0KPSce0RKPKsTncJFB1Xb+E5F73TjWSIrzo2r4bkZkA157rgjH2CsszIvYQvr53hiIgzrXZcPGef72esb38iebqibfGNcUnGFu+RfpojaJKpVWQtHW49N/SiHxO5ijQXPlJa2gpqesJhP0czAJF94R8piPW5fD+6iTxpxqd4rPtwYUfD70EykqJBOvER3QVDd8leCMpYzkY7ytPFHYfLb3lNrYyGP+CI1TvqMyAt2bYEy1TC3M11Y/21gH9LQLt0BInWkSdLYUpu7XgXPkb2JUEk5ldpszgZH0Vt4n3aJ42ZHMXWAraqEmehZP4dMkWhEFjw+Wy9nnCRSVHIUmynDUlnmDm6Ckxh3OfRgl5WTIXiyIzuW4JPuYBtAQuqVM5G3nln8DN2ddHEUwsHuiLl1mSyiRr3v0kp+CwLNS2vjB+ivXb+TNntEr/TMAnabvCoelCF5zRTTwEnvi9srIUwRTGqDY1bl/+ZnhtVKkZAjN1rsH6x7y32bGNgLBYniJOTyJdVnbf4dK5daGGtT/0YYNF399/ZN6x7DsYSy9pXQBTRowf85BBF4Vs8TWDGxvypHTvCNqwnGDAn+ecE9adCTrsUXQNG5uSBNhIdwBSi; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCJ9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Wed, 24 Apr 2024 03:48:51 GMT
Content-Length: 103

cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js

151.101.65.229

200 OK

4.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (10935)
Size
4.0 kB (3993 bytes)
Hash
f08851c17deb20a2664ed852ba749c21
681b6700f1230eeebaa5f913f46d8477086ccec5
f56700d1f4addde549b8c8328ad1a6b912bf73ce9b65ecef2dc01c54c596e36b

HTTP Headers

GET /npm/signature_pad@4.1.4/dist/signature_pad.umd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.1.4
x-jsd-version-type: version
etag: W/"2b6e-aBtnAPEjDu66pfkT9G2EdwhszsU"
content-encoding: br
accept-ranges: bytes
date: Wed, 24 Apr 2024 03:48:52 GMT
age: 670284
x-served-by: cache-fra-eddf8230038-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3993
X-Firefox-Spdy: h2

liveflo.b2clogin.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

20.190.177.82

404 Not Found

103 B

URL GET HTTP/1.1
liveflo.b2clogin.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
20.190.177.82:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.eTmRaSkqBIfin7Ox.Wg+oh6GsuYZe+U7/hqSq+g==.0.pJDAuKP7rqF+/yTsaeJsidObHXSoMPKREFOcP+OMN9nO1qkb85iWKiPAF1sY3iZskcgky1Xj8WjzmyexDiJC0tzRkuknD+GVJPvi8bJ+C/YTxbgjxzwio+FvkZMQOt2kx2d9chcpgBf6/CdqDsu3T39iZvXK/f358fwn/SO1lAMZeMsGMoEviF+z8V3iMHRtPHXRZk/xBZ6as8GjL/oVz3C8BRNd6Jy9HBKJMRvJ4I2nosQDvFf8Z+ZCi0Rs8B9W4FhWtgDFvup88T+3g0UJQIYnPq17H4weo34WuX9dOtkuqpTa+erl2g5fgbxZZX2io6XET5yJgKshW6CinYZYRN/Uiyv+; x-ms-cpim-csrf=TEJLSVB3RHQza0Y2a0gyTlhuUkNFbHo1VzU0eVQ0dm5Manh3bjVCL3lueVNSZ3pKRkVYN2Q3VHpTQ0Jkekt2TldZYS85WS9tcmJYdmUvWFJ6NXdvV2c9PTsyMDI0LTA0LTI0VDAzOjQ4OjUxLjU5MzIxOTdaO3JhQkQ0VnFHVyttUlhnUWZlMEZrR3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|y10gdzonmusnixluoh-z5a_0=m1.uT+TOTyi/QAMfWmd.l/U9By4IZzLG6KjkzNyd2g==.0.6q779Gw7zyQB1u1j5iLp5VFlFigPkN4i+pq6JFpn3PSfNL6OiC/adT7t6OpxYPKv+enZlmdK+luGX7n2nrabhw7MReRbHTSog39Oq9ypDMpKjVHxeHpkB+qanwW3Xgpknxu+HhIxFRoL4ZTSLA9BOEUbQmqW0eGhPpe4UOHGvLJ2i8okbKJRPBLr3vUuu6is/1h8GYHw57rP7O+R/womjW07vigwTmVMAdXr8at9nx5NN9nFmbIFotFM4zKHsMn6CbrdGdc9SJtxIBVmmTv+Zm2KKBED9hlibRprm+14zJvV95PhsRD7mcey/VWHFDTPowJjV3UID+y6L/gAIjWcdhTNOfAGaHlOvqZ+mz9osdENCLwRtOypLHLigr5W0qM6C6ahm2avrj6yP27DScMCilgFxbBPq0AsKMQaiQER0tKGEgnjvhB5zRSx0LXQoa5QLQ9WI+sF/dzmZP0Zdu1ua/yqw5ZovCZfudLqeL6Y2UqHvwJuzX3VMikhoU6FabqM9QWcXILg4L/NQAdAHvud0mHJ91BOTO7dU/J0Ktoq1pWf6dg1i4SXmOvvLnKcQ5DYvpODqsKyPwo1Za0WiOcjDgjx8NlXv+pQC/j7yUBVvYQqkRxj4VaF8J5SVrL5xYg05PTD6QhKnQ0NoNEEtIuYGjsM+DvEioNsS399HRi3FHgRkSwSHXuOvKZ88g+pFxhYSbO6oikbze0T7v46iQERp+1BqFHb7a3SFsy56Gu9xg+D446/KfkRRSGwFlA52utyIAmz6LDsuYbOM43B/fU9m8pSzGm9h/zA3FVq7yOlUtRkpa02hk2BBLqDxcp5TA5gWaGFxtWazjDEa6l1tddQssmlg9ohOG7kAeUqVfrWEluJsLBJnphiXcQDBEl5DZACPc6T2vZVUfERMk/VqBq2GPvqn1B6056LK1nKmsBAsIai7RKGim3Gt6w5KLZC0KPSce0RKPKsTncJFB1Xb+E5F73TjWSIrzo2r4bkZkA157rgjH2CsszIvYQvr53hiIgzrXZcPGef72esb38iebqibfGNcUnGFu+RfpojaJKpVWQtHW49N/SiHxO5ijQXPlJa2gpqesJhP0czAJF94R8piPW5fD+6iTxpxqd4rPtwYUfD70EykqJBOvER3QVDd8leCMpYzkY7ytPFHYfLb3lNrYyGP+CI1TvqMyAt2bYEy1TC3M11Y/21gH9LQLt0BInWkSdLYUpu7XgXPkb2JUEk5ldpszgZH0Vt4n3aJ42ZHMXWAraqEmehZP4dMkWhEFjw+Wy9nnCRSVHIUmynDUlnmDm6Ckxh3OfRgl5WTIXiyIzuW4JPuYBtAQuqVM5G3nln8DN2ddHEUwsHuiLl1mSyiRr3v0kp+CwLNS2vjB+ivXb+TNntEr/TMAnabvCoelCF5zRTTwEnvi9srIUwRTGqDY1bl/+ZnhtVKkZAjN1rsH6x7y32bGNgLBYniJOTyJdVnbf4dK5daGGtT/0YYNF399/ZN6x7DsYSy9pXQBTRowf85BBF4Vs8TWDGxvypHTvCNqwnGDAn+ecE9adCTrsUXQNG5uSBNhIdwBSi; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCJ9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Wed, 24 Apr 2024 03:48:51 GMT
Content-Length: 103

liveflo.qxlva.io/assets/images/govuk-crest.png

104.18.39.59

200 OK

3.6 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-crest.png
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 125 x 102, 8-bit colormap, non-interlaced
Size
3.6 kB (3584 bytes)
Hash
bcd5768bd7721641ee71ba103bb38900
42a8d445a3446dee17cc6684ea055703e490bf5e
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-crest.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css
Cookie: __cf_bm=O3d.Sp6GVAKhcMutHpmOhMWrr4Dgh50b5SYMmYLHcd8-1713930532-1.0.1.1-s90wmdbTeTk38kTLWVII9ZuizZOWq3b5EWfGv8gep3yvnREWIwcVFi4K6tkzmTm6H3yaLG5ITFJn0tjUL6fSsw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: image/png
content-length: 3584
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880800"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec57d807128-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/fonts/light-94a07e06a1-v2.woff2

104.18.39.59

200 OK

33 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/fonts/light-94a07e06a1-v2.woff2
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33382, version 1.131
Size
33 kB (33382 bytes)
Hash
94a07e06a104e76fe40583f74b204aee
3202361735eb0c59277c2140c34dd77879df43de
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/fonts/light-94a07e06a1-v2.woff2 HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/font-woff2
content-length: 33382
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524888466"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=cjltgSHWKa62ME7Rqwzf4skX6_H.Y6TT0X8ra33rE_E-1713930532-1.0.1.1-VLLfjLuBloQDAKgpIKhOvHIiglMqMIWeop90U9Ews0kLEwMEcRSLrTHBGkMhx6ceTUxG2cePPgnezVhb.QV5nw; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931ec57d3756bf-OSL
X-Firefox-Spdy: h2

liveflo.b2clogin.com/liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZDA2NWQ2My1hNzkzLTQ0MzEtOGQ4Yi0xMmQ0YTIxZjk5ZTQifQ&p=B2C_1_FLO_V2_Signup_Signin

20.190.177.83

200 OK

0 B

URL POST HTTP/1.1
liveflo.b2clogin.com/liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZDA2NWQ2My1hNzkzLTQ0MzEtOGQ4Yi0xMmQ0YTIxZjk5ZTQifQ&p=B2C_1_FLO_V2_Signup_Signin
IP
20.190.177.83:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintA1:AB:1F:86:66:CB:8E:63:92:58:C2:0E:EF:93:6E:CF:DA:AF:FE:DD
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 08 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /liveflo.onmicrosoft.com/B2C_1_FLO_V2_Signup_Signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIwZDA2NWQ2My1hNzkzLTQ0MzEtOGQ4Yi0xMmQ0YTIxZjk5ZTQifQ&p=B2C_1_FLO_V2_Signup_Signin HTTP/1.1
Host: liveflo.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
X-CSRF-TOKEN: TEJLSVB3RHQza0Y2a0gyTlhuUkNFbHo1VzU0eVQ0dm5Manh3bjVCL3lueVNSZ3pKRkVYN2Q3VHpTQ0Jkekt2TldZYS85WS9tcmJYdmUvWFJ6NXdvV2c9PTsyMDI0LTA0LTI0VDAzOjQ4OjUxLjU5MzIxOTdaO3JhQkQ0VnFHVyttUlhnUWZlMEZrR3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==
X-Requested-With: XMLHttpRequest
Content-Length: 5483
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Cookie: x-ms-cpim-sso:liveflo.onmicrosoft.com_0=m1.eTmRaSkqBIfin7Ox.Wg+oh6GsuYZe+U7/hqSq+g==.0.pJDAuKP7rqF+/yTsaeJsidObHXSoMPKREFOcP+OMN9nO1qkb85iWKiPAF1sY3iZskcgky1Xj8WjzmyexDiJC0tzRkuknD+GVJPvi8bJ+C/YTxbgjxzwio+FvkZMQOt2kx2d9chcpgBf6/CdqDsu3T39iZvXK/f358fwn/SO1lAMZeMsGMoEviF+z8V3iMHRtPHXRZk/xBZ6as8GjL/oVz3C8BRNd6Jy9HBKJMRvJ4I2nosQDvFf8Z+ZCi0Rs8B9W4FhWtgDFvup88T+3g0UJQIYnPq17H4weo34WuX9dOtkuqpTa+erl2g5fgbxZZX2io6XET5yJgKshW6CinYZYRN/Uiyv+; x-ms-cpim-csrf=TEJLSVB3RHQza0Y2a0gyTlhuUkNFbHo1VzU0eVQ0dm5Manh3bjVCL3lueVNSZ3pKRkVYN2Q3VHpTQ0Jkekt2TldZYS85WS9tcmJYdmUvWFJ6NXdvV2c9PTsyMDI0LTA0LTI0VDAzOjQ4OjUxLjU5MzIxOTdaO3JhQkQ0VnFHVyttUlhnUWZlMEZrR3c9PTt7Ik9yY2hlc3RyYXRpb25TdGVwIjoxfQ==; x-ms-cpim-cache|y10gdzonmusnixluoh-z5a_0=m1.uT+TOTyi/QAMfWmd.l/U9By4IZzLG6KjkzNyd2g==.0.6q779Gw7zyQB1u1j5iLp5VFlFigPkN4i+pq6JFpn3PSfNL6OiC/adT7t6OpxYPKv+enZlmdK+luGX7n2nrabhw7MReRbHTSog39Oq9ypDMpKjVHxeHpkB+qanwW3Xgpknxu+HhIxFRoL4ZTSLA9BOEUbQmqW0eGhPpe4UOHGvLJ2i8okbKJRPBLr3vUuu6is/1h8GYHw57rP7O+R/womjW07vigwTmVMAdXr8at9nx5NN9nFmbIFotFM4zKHsMn6CbrdGdc9SJtxIBVmmTv+Zm2KKBED9hlibRprm+14zJvV95PhsRD7mcey/VWHFDTPowJjV3UID+y6L/gAIjWcdhTNOfAGaHlOvqZ+mz9osdENCLwRtOypLHLigr5W0qM6C6ahm2avrj6yP27DScMCilgFxbBPq0AsKMQaiQER0tKGEgnjvhB5zRSx0LXQoa5QLQ9WI+sF/dzmZP0Zdu1ua/yqw5ZovCZfudLqeL6Y2UqHvwJuzX3VMikhoU6FabqM9QWcXILg4L/NQAdAHvud0mHJ91BOTO7dU/J0Ktoq1pWf6dg1i4SXmOvvLnKcQ5DYvpODqsKyPwo1Za0WiOcjDgjx8NlXv+pQC/j7yUBVvYQqkRxj4VaF8J5SVrL5xYg05PTD6QhKnQ0NoNEEtIuYGjsM+DvEioNsS399HRi3FHgRkSwSHXuOvKZ88g+pFxhYSbO6oikbze0T7v46iQERp+1BqFHb7a3SFsy56Gu9xg+D446/KfkRRSGwFlA52utyIAmz6LDsuYbOM43B/fU9m8pSzGm9h/zA3FVq7yOlUtRkpa02hk2BBLqDxcp5TA5gWaGFxtWazjDEa6l1tddQssmlg9ohOG7kAeUqVfrWEluJsLBJnphiXcQDBEl5DZACPc6T2vZVUfERMk/VqBq2GPvqn1B6056LK1nKmsBAsIai7RKGim3Gt6w5KLZC0KPSce0RKPKsTncJFB1Xb+E5F73TjWSIrzo2r4bkZkA157rgjH2CsszIvYQvr53hiIgzrXZcPGef72esb38iebqibfGNcUnGFu+RfpojaJKpVWQtHW49N/SiHxO5ijQXPlJa2gpqesJhP0czAJF94R8piPW5fD+6iTxpxqd4rPtwYUfD70EykqJBOvER3QVDd8leCMpYzkY7ytPFHYfLb3lNrYyGP+CI1TvqMyAt2bYEy1TC3M11Y/21gH9LQLt0BInWkSdLYUpu7XgXPkb2JUEk5ldpszgZH0Vt4n3aJ42ZHMXWAraqEmehZP4dMkWhEFjw+Wy9nnCRSVHIUmynDUlnmDm6Ckxh3OfRgl5WTIXiyIzuW4JPuYBtAQuqVM5G3nln8DN2ddHEUwsHuiLl1mSyiRr3v0kp+CwLNS2vjB+ivXb+TNntEr/TMAnabvCoelCF5zRTTwEnvi9srIUwRTGqDY1bl/+ZnhtVKkZAjN1rsH6x7y32bGNgLBYniJOTyJdVnbf4dK5daGGtT/0YYNF399/ZN6x7DsYSy9pXQBTRowf85BBF4Vs8TWDGxvypHTvCNqwnGDAn+ecE9adCTrsUXQNG5uSBNhIdwBSi; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCIsIlQiOiJsaXZlZmxvLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9mbG9fdjJfc2lnbnVwX3NpZ25pbiIsIkMiOiJiYzUwNGFhOC04YmFjLTQzOGMtYjU5ZS05OTY3MTMzZDQzYjEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjBkMDY1ZDYzLWE3OTMtNDQzMS04ZDhiLTEyZDRhMjFmOTllNCJ9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
x-ms-gateway-requestid: 773dc12c-8879-43f3-bce2-97630aafcfa5
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Wed, 24 Apr 2024 03:48:51 GMT
Content-Length: 0

liveflo.qxlva.io/assets/fonts/bold-b542beb274-v2.woff2

104.18.39.59

200 OK

32 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/fonts/bold-b542beb274-v2.woff2
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 31480, version 1.0
Size
32 kB (31480 bytes)
Hash
b542beb2746ca0e4a5a9aa7ea7767df7
edd7531eb22a9e4c7c17045d9ba5ec87e4c731d2
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/fonts/bold-b542beb274-v2.woff2 HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.qxlva.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/font-woff2
content-length: 31480
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524887cf8"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=ylBQ8YcKnWvdgJ8PEMlJXFbVK4c72AGQxNi5pWebpc8-1713930532-1.0.1.1-ahoMwJ4tKzcn_aCCEA2smncCUP5_sJBNWPrNiXE4jr61YtH2ncL3LK89HnGnRNGVc8AMRex3TPTz0N5UqlKVPA; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931ec57d3456bf-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png

104.18.39.59

200 OK

3.5 kB

URL GET HTTP/2
liveflo.qxlva.io/assets/images/govuk-apple-touch-icon-180x180.png
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=O3d.Sp6GVAKhcMutHpmOhMWrr4Dgh50b5SYMmYLHcd8-1713930532-1.0.1.1-s90wmdbTeTk38kTLWVII9ZuizZOWq3b5EWfGv8gep3yvnREWIwcVFi4K6tkzmTm6H3yaLG5ITFJn0tjUL6fSsw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: image/png
content-length: 3503
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: "1d9504524880baf"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 0
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec67ddc7128-OSL
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css

104.18.39.59

200 OK

14 kB

URL GET HTTP/2
liveflo.qxlva.io/css/govuk-frontend-4.2.0.min.css
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
14 kB (13479 bytes)
Hash
f96abf5e7879802a0d9a5e5ea0b9c4af
ab858a1e415cb31098aa6f9a82ede8f55085917b
b92b08e898f181c45b1cf1e0e6c45a4015ac5300115bef8ffc2545ff78a53f41

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/govuk-frontend-4.2.0.min.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452489ab16"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
set-cookie: __cf_bm=O3d.Sp6GVAKhcMutHpmOhMWrr4Dgh50b5SYMmYLHcd8-1713930532-1.0.1.1-s90wmdbTeTk38kTLWVII9ZuizZOWq3b5EWfGv8gep3yvnREWIwcVFi4K6tkzmTm6H3yaLG5ITFJn0tjUL6fSsw; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec41d0f7128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/site.css

104.18.39.59

200 OK

1.4 kB

URL GET HTTP/2
liveflo.qxlva.io/css/site.css
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
1.4 kB (1387 bytes)
Hash
379d1f2f0e7bd4e0e70a1fe31d651660
70df32c4b1b537244e51e63a732c58bdfe833d8e
229476ee5343fe1a9fd8cf24ac1e16662d047f017dafe37ca277a4ce9a7cc030

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/site.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524880f4b"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
set-cookie: __cf_bm=q83d4ruCzWKltMQshSUVmBa0TIdhJ_O6R9uE8HQlB4Y-1713930532-1.0.1.1-n469.Cq6ACTKUBvdDl5.7aDtjuXiLnaK4zC5Wa5wGhUolb4uCUyo.V_7kUeiqcgCx2ObXcdQlgahfXmJtchsiA; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec41d0d7128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/patterns.css

104.18.39.59

200 OK

11 kB

URL GET HTTP/2
liveflo.qxlva.io/css/patterns.css
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10670 bytes)
Hash
3e8fb31916bd15259fe1c52d8559a500
3d6b68262d1ead43666d4f11eb2cb92887d52883
cfe8ed7390c47cc496e93e076f360d143630802c1ca74a662f33346478bbe54d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/patterns.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524880c5c"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
set-cookie: __cf_bm=muR.FSatwi79jGQMElAXbRe7mCOu1R1YPqWZ.MSopJA-1713930532-1.0.1.1-YxK8oNO4.v3BPwrN9I7sEgrBnD7C9STb2Ln_o7fc1FfvqWhbBKv5zrmoJJBVo6Lie8CQf0H6o117Pwdo25Fk_Q; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec40d097128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/css/moj-frontend.min.css

104.18.39.59

200 OK

14 kB

URL GET HTTP/2
liveflo.qxlva.io/css/moj-frontend.min.css
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
gzip compressed data, from Unix
Size
14 kB (13531 bytes)
Hash
893b9ecdd16cd3c505b2138228c7b043
d4cc804164220946fce2d430cb77188f0d60ee6b
7dfec88bf013ea62bf594b3c0b9a1a37f8a05f9ef7e37569ab79b01fe3bb87cc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /css/moj-frontend.min.css HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: text/css
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452488d483"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
set-cookie: __cf_bm=IHsJlBAIaLkH3nfRmHQej818CD3khxDvlzaBx06I4BA-1713930532-1.0.1.1-BD9o7fG.rKsms6XGLrwGToF78hospNOV9nfmpYYrYO6HKqjQYFyKTeam2_uceHrIiqnnprfOVUbvhRSLXTxHUQ; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec3fd037128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/images/favicon.ico

0.0.0.0

0 B

URL GET
liveflo.qxlva.io/assets/images/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=O3d.Sp6GVAKhcMutHpmOhMWrr4Dgh50b5SYMmYLHcd8-1713930532-1.0.1.1-s90wmdbTeTk38kTLWVII9ZuizZOWq3b5EWfGv8gep3yvnREWIwcVFi4K6tkzmTm6H3yaLG5ITFJn0tjUL6fSsw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: image/x-icon
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524881eae"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec67ddd7128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/js/moj-frontend.min.js

104.18.39.59

200 OK

31 kB

URL GET HTTP/2
liveflo.qxlva.io/js/moj-frontend.min.js
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
JavaScript source, ASCII text, with very long lines (30749), with no line terminators
Size
31 kB (30749 bytes)
Hash
e6e51f8fb81b0362bb78ff4da1d175c7
1aec630ce50d1f96d45a2e113dc8b9dfc870c002
093ca0401e75e6572bec9e035c3bd02babe5b2848d700da42bf0598d5b06cb8a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/moj-frontend.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=q83d4ruCzWKltMQshSUVmBa0TIdhJ_O6R9uE8HQlB4Y-1713930532-1.0.1.1-n469.Cq6ACTKUBvdDl5.7aDtjuXiLnaK4zC5Wa5wGhUolb4uCUyo.V_7kUeiqcgCx2ObXcdQlgahfXmJtchsiA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524887e1d"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec48d267128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/lib/jquery/dist/jquery.min.js

104.18.39.59

200 OK

90 kB

URL GET HTTP/2
liveflo.qxlva.io/lib/jquery/dist/jquery.min.js
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /lib/jquery/dist/jquery.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=q83d4ruCzWKltMQshSUVmBa0TIdhJ_O6R9uE8HQlB4Y-1713930532-1.0.1.1-n469.Cq6ACTKUBvdDl5.7aDtjuXiLnaK4zC5Wa5wGhUolb4uCUyo.V_7kUeiqcgCx2ObXcdQlgahfXmJtchsiA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452521c104"
last-modified: Mon, 06 Mar 2023 16:03:09 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec49d2c7128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js

104.18.39.59

200 OK

39 kB

URL GET HTTP/2
liveflo.qxlva.io/js/govuk-frontend-4.2.0.min.js
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
JavaScript source, ASCII text, with very long lines (39289)
Size
39 kB (39290 bytes)
Hash
a625c8222f9fac4ca8b579c17a1411dd
4a6f58702dc50a7238814b162b4e9ad69e294a20
85ca59ddf7b2f1b42772ffd59947d82c727ddcbd9d0d7c10388902ae08a9843c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/govuk-frontend-4.2.0.min.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=q83d4ruCzWKltMQshSUVmBa0TIdhJ_O6R9uE8HQlB4Y-1713930532-1.0.1.1-n469.Cq6ACTKUBvdDl5.7aDtjuXiLnaK4zC5Wa5wGhUolb4uCUyo.V_7kUeiqcgCx2ObXcdQlgahfXmJtchsiA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524889f7a"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec48d257128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/js/site.js

104.18.39.59

200 OK

1.9 kB

URL GET HTTP/2
liveflo.qxlva.io/js/site.js
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type
JavaScript source, ASCII text, with very long lines (1932), with no line terminators
Size
1.9 kB (1871 bytes)
Hash
163c5b10d6caf428ffeb3d047a685332
77066dbd2d2771a390ccaed9bf0c8f21c0489864
29060213467e169961857b3bdb8b39213ee4996e77d03e35812bb4d9f5e638a5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /js/site.js HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Cookie: __cf_bm=q83d4ruCzWKltMQshSUVmBa0TIdhJ_O6R9uE8HQlB4Y-1713930532-1.0.1.1-n469.Cq6ACTKUBvdDl5.7aDtjuXiLnaK4zC5Wa5wGhUolb4uCUyo.V_7kUeiqcgCx2ObXcdQlgahfXmJtchsiA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: application/javascript
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d950452488014f"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec49d2f7128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/Home/Login

104.18.39.59

200 OK

31 kB

URL GET HTTP/2
liveflo.qxlva.io/Home/Login
IP
104.18.39.59:443
ASN
#13335 CLOUDFLARENET

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type

Size
31 kB (31351 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /Home/Login HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://liveflo.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://liveflo.b2clogin.com
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
vary: Origin
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=m_7izshPUzntpQwVDazByPRHsil2eP9KJ6piab5rUFE-1713930532-1.0.1.1-iHFgwHhoNKQngesmXL6l6qEQu1rblzyy6Fomw4hYymTQzjWsd7xOcchWemtfb4BbVTN7Msla9b0.Dqqb1JDI_w; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87931ec28bcf56bf-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

liveflo.qxlva.io/assets/images/favicon.ico

0.0.0.0

0 B

URL GET
liveflo.qxlva.io/assets/images/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://liveflo.b2clogin.com/liveflo.onmicrosoft.com/b2c_1_flo_v2_signup_signin/oauth2/v2.0/authorize?client_id=bc504aa8-8bac-438c-b59e-9967133d43b1&redirect_uri=https%3A%2F%2Fliveflo.qxlva.io%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&nonce=638495109179844532.MTI0Y2E2ZDYtZDMyMS00ZTlkLThmYWEtODUwMjI0OWQ2ZDJhNzQ1ZTIxMDEtNGQzYS00NDY5LTk3NTUtMzFmN2UxNTBkM2Qx&state=CfDJ8CdLu1jFNypLthy6difoZ0Fkf9uKs0LciErvu4-m5QRKOsXCvF3lI7Ws_YVUirG-1EAGqb8pFTxeKWMuy8qInP2nyOV3d62vJ4nHA4EAAz2xRbpw9utFq2rVxu5F4UEALW2h9wocD50gUNO2LOSppMPGOv533U8P7OLlI97e-cDIq9mNZQLXJFblHIOti9059m43KH8QO7fFWYhAmFgzQdJ3jaL4qjruQvMUEJ28dtkCXIE8GXB93aSeoW1gPRG-7Bx7KGNIXRHx0I8d26teWJUcPEAhl1KszJxZUE4wl6YZ1BieyJpGtEhBwOw5sopdxQ&x-client-SKU=ID_NET6_0&x-client-ver=6.20.0.0
Certificate
IssuerLet's Encrypt
Subjectliveflo.qxlva.io
FingerprintAB:7D:DA:7D:E8:53:D3:D7:1C:B0:FA:62:C4:57:9C:8D:D0:E2:E6:1A
ValidityTue, 19 Mar 2024 18:42:12 GMT - Mon, 17 Jun 2024 18:42:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	HM Revenue & Customs

HTTP Headers

GET /assets/images/favicon.ico HTTP/1.1
Host: liveflo.qxlva.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://liveflo.b2clogin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 03:48:52 GMT
content-type: image/x-icon
content-security-policy: default-src 'self'; script-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://*.usersnap.com https://*.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://liveflo.qxlva.io https://*.datatables.net https://fonts.googleapis.com 'unsafe-inline'; font-src https://liveflo.qxlva.io https://fonts.gstatic.com; worker-src  blob: https://liveflo.qxlva.io; connect-src https://*.qxlva.io https://*.arcgis.com https://*.usersnap.com; img-src 'self' https://*.qxlva.io https://*.arcgis.com data:;
etag: W/"1d9504524881eae"
last-modified: Mon, 06 Mar 2023 16:03:08 GMT
cf-cache-status: HIT
set-cookie: __cf_bm=a2CnWz7ICjCn2cq5IV_guF0_GNM0XaKpnsZX69fWl48-1713930532-1.0.1.1-4kccCq.fmLd_CGYik.Qb0fXc3OUanLMioZHtvN8eisOzM4ldmxU85khDlCu9fCJRLBbz58mOUu19xRlm1xqJVw; path=/; expires=Wed, 24-Apr-24 04:18:52 GMT; domain=.qxlva.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87931ec3fd047128-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML