lloyds-payeesupport.com/Login.php
103.61.22.95 0 B URL User Request GET lloyds-payeesupport.com/Login.php
IP 103.61.22.95:0
ASN #26658 HENGTONG-IDC-LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /Login.php HTTP/1.1
Host: lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 29 Mar 2024 10:29:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.lloyds-payeesupport.com/Login.php
www.lloyds-payeesupport.com/Login.php
103.61.22.95200 OK 783 B URL User Request GET HTTP/1.1 www.lloyds-payeesupport.com/Login.php
IP 103.61.22.95:80
ASN #26658 HENGTONG-IDC-LLC
File type JavaScript source, ISO-8859 text, with CRLF line terminators
Hash afb00ba8f06f03728100caafec1974d1
a9aa55573f0db9577cb57ce49de3f3868ed34949
2a94d9211e24ea39ce23bcfc67e29ff2a767aa5399cbd9b8929e4c81d88d1c4e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /Login.php HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: text/html
Content-Length: 783
Connection: keep-alive
www.lloyds-payeesupport.com/tj.js
103.61.22.95200 OK 599 B URL GET HTTP/1.1 www.lloyds-payeesupport.com/tj.js
IP 103.61.22.95:80
ASN #26658 HENGTONG-IDC-LLC
Requested by http://www.lloyds-payeesupport.com/Login.php
File type JavaScript source, ASCII text, with very long lines (363), with CRLF line terminators
Hash 5bfd0dda4f0f3b75ddd19e651d4f5ce7
b98efb39fc287b3ce0f3fa1d8f4fb420722874a4
fcfcb6d5b1f4bb15fb55a4b64564d7ff26ebace18fc2118c22d440894eabaf6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tj.js HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.lloyds-payeesupport.com/common.js
103.61.22.95200 OK 919 B URL GET HTTP/1.1 www.lloyds-payeesupport.com/common.js
IP 103.61.22.95:80
ASN #26658 HENGTONG-IDC-LLC
Requested by http://www.lloyds-payeesupport.com/Login.php
File type JavaScript source, ASCII text, with very long lines (448), with CRLF line terminators
Hash e0baeecb34448bb66a2f9912d259eb06
9805d7fa9e1d2b0b127f1224f0c2da59e755481c
4b32f9da113323e7c29b789b507c1d925b0d071475c61618a683a9dc26837d53
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common.js HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.zhanzhang.baidu.com/push.js
182.61.244.229200 OK 227 B URL GET HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.244.229:80
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
File type ASCII text, with no line terminators
Hash 1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 29 Mar 2024 10:29:23 GMT
Etag: "4078521116"
Expires: Sat, 29 Mar 2025 10:29:23 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=977FF896ECD544DCFA8A38E8DCED2C54:FG=1; max-age=31536000; expires=Sat, 29-Mar-25 10:29:23 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
www.lloyds-payeesupport.com/favicon.ico
103.61.22.95200 OK 1.2 kB URL GET HTTP/1.1 www.lloyds-payeesupport.com/favicon.ico
IP 103.61.22.95:80
ASN #26658 HENGTONG-IDC-LLC
Requested by http://www.lloyds-payeesupport.com/Login.php
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:22 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 03 Apr 2024 10:29:22 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
api.tongjiniao.com/c?_=630382903562600448
43.248.141.220 3.9 kB URL GET api.tongjiniao.com/c?_=630382903562600448
IP 43.248.141.220:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Requested by http://www.lloyds-payeesupport.com/Login.php
File type JavaScript source, ASCII text, with CRLF line terminators
Hash b8841d84ee233df7e97e65307136cd17
3e4b1f8b3a0305833cb1b94695392090fb753c92
f2e0f589a5d30d359b7d743b53766a9e3f8d7101c8de5c67ba275daea3fa4358
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c?_=630382903562600448 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 3888
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache
api.tongjiniao.com/c?_=630381606453088256
43.248.141.220 3.9 kB URL GET api.tongjiniao.com/c?_=630381606453088256
IP 43.248.141.220:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Requested by http://www.lloyds-payeesupport.com/Login.php
File type JavaScript source, ASCII text, with CRLF line terminators
Hash 041ce4dbe81ba574c3519b5228743e25
36ecc62e5aad6a172c8eae0dc17411331750e3fb
4562d83e9dedb8f2230fb92d7a53e58205bf65ace18971af4e9ab0eae814a699
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /c?_=630381606453088256 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 3889
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache
api.tongjiniao.com/r?t=1711708163&p=632283625850769408
43.248.141.220200 OK 59 B URL POST HTTP/1.1 api.tongjiniao.com/r?t=1711708163&p=632283625850769408
IP 43.248.141.220:80
ASN #23650 AS Number for CHINANET jiangsu province backbone
Requested by http://www.lloyds-payeesupport.com/Login.php
Hash fcbac133817d51d3f86a5eb50129c1d6
1ae6444e39a7fa0bce6ed462c5dbbfac95a3167c
17d23d0db7da15eb43d6534270daf62f55b786837fac25daec2b5d8c9638840b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /r?t=1711708163&p=632283625850769408 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
Origin: http://www.lloyds-payeesupport.com
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 59
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache
api.tongjiniao.com/r?t=1711708163&p=632283625863340032
43.248.141.220200 OK 59 B URL POST HTTP/1.1 api.tongjiniao.com/r?t=1711708163&p=632283625863340032
IP 43.248.141.220:80
ASN #23650 AS Number for CHINANET jiangsu province backbone
Requested by http://www.lloyds-payeesupport.com/Login.php
Hash fcbac133817d51d3f86a5eb50129c1d6
1ae6444e39a7fa0bce6ed462c5dbbfac95a3167c
17d23d0db7da15eb43d6534270daf62f55b786837fac25daec2b5d8c9638840b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /r?t=1711708163&p=632283625863340032 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
Origin: http://www.lloyds-payeesupport.com
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 59
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache
api.share.baidu.com/s.gif?l=http://www.lloyds-payeesupport.com/Login.php
182.61.201.93200 OK 0 B URL GET HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.lloyds-payeesupport.com/Login.php
IP 182.61.201.93:80
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.lloyds-payeesupport.com/Login.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 29 Mar 2024 10:29:24 GMT
hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e
103.235.46.191200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (620)
Hash 1545282d43a2abd0e21dc3fc4e469a0d
8e72c269321a65112d38bbcae9f454a0c6892dea
9f5676ddf276e51498b61dee338dc08ba8303f2d7e344c877669be7a72f5d86d
GET /hm.js?7d1a73b69d2a37cacfb2269e2028042e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 10:29:24 GMT
Etag: 381bbeca15c3c90ff76152278e3c95db
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D544C099C9BBCF9F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e
103.235.46.191200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (620)
Hash f0f968515d45ae217ed740555dc6a1c7
e55f8f02cbfde6b42a7d9dbba2ae59a3ed4be649
177f0b38c8aa1ec3e5afdf94d020e4fa0fbf5009d12914167294e76f572a096c
GET /hm.js?0b22e3ab72a30f15311e5dc5950f263e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 10:29:24 GMT
Etag: d8de2e42387bf96367cf4c5220b04d25
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B231CE79832DF0A9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 10:29:24 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=6B606A5AC2ADBA77; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.lloyds-payeesupport.com/Login.php
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 10:29:25 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=52A567BA6805D8BD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff