Report - lloyds-payeesupport.com/Login.php

Report Overview

Submitted URL
lloyds-payeesupport.com/Login.php
IP
103.61.22.95
ASN
#26658 HENGTONG-IDC-LLC
Submitted
2024-03-29 10:29:46
Access
public
Website Title
濮阳浩岳新能源有限公司
Final URL
www.lloyds-payeesupport.com/Login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lloyds-payeesupport.com	unknown	2023-03-24	2021-04-20	2024-02-16	403 B	208 B	103.61.22.95
www.lloyds-payeesupport.com	unknown	2023-03-24	2021-05-22	2023-08-20	1.5 kB	4.3 kB	103.61.22.95
push.zhanzhang.baidu.com	57139	1999-10-11	2015-07-22	2024-03-28	336 B	750 B	182.61.244.229
api.tongjiniao.com	unknown	2022-12-22	2023-02-01	2024-03-28	1.6 kB	9.5 kB	43.248.141.220
api.share.baidu.com	44629	1999-10-11	2013-04-25	2024-03-28	398 B	114 B	182.61.201.93
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-03-28	2.3 kB	24 kB	103.235.46.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-29	medium	lloyds-payeesupport.com	Sinkholed
2024-03-29	medium	lloyds-payeesupport.com	Sinkholed
2024-03-29	medium	lloyds-payeesupport.com	Sinkholed
2024-03-29	medium	lloyds-payeesupport.com	Sinkholed
2024-03-29	medium	lloyds-payeesupport.com	Sinkholed
2024-03-29	medium	tongjiniao.com	Sinkholed
2024-03-29	medium	tongjiniao.com	Sinkholed
2024-03-29	medium	tongjiniao.com	Sinkholed
2024-03-29	medium	tongjiniao.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	unknown	37 B	2023-04-11	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-04-29 06:58:59 Times Seen22012 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	366 B	2024-03-29	2024-03-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen1 Hash 8c090a37651522157d2fac9b439eeffd 2d12c93fe80e72b22fc32f27d53d518f734eb318 af7071875a105456bfbf04ad4314456cfeeb7232c78e31e957e3c99c51655b24 Loading...

	www.lloyds-payeesupport.com/Login.php	0 B	2023-03-07	2024-04-29
Pretty URL www.lloyds-payeesupport.com/Login.php IP 103.61.22.95 ASN #26658 HENGTONG-IDC-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-29 07:42:04 Times Seen37174063 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-29
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.244.229 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-29 06:58:59 Times Seen19058 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	api.tongjiniao.com/c?_=630381606453088256	11 kB	2024-03-29	2024-03-29
Pretty URL api.tongjiniao.com/c?_=630381606453088256 IP 43.248.141.220 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen2 Hash 041ce4dbe81ba574c3519b5228743e25 36ecc62e5aad6a172c8eae0dc17411331750e3fb 4562d83e9dedb8f2230fb92d7a53e58205bf65ace18971af4e9ab0eae814a699 Loading...

	unknown	26 B	2023-04-11	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:13:06 Last Seen2024-04-29 07:22:58 Times Seen115952 Hash 1c862db5f2555377c2dc1e62ed7b3981 c29e6dc25c08a70995127ec13ded6f80d9a36174 27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac Loading...

	hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e	30 kB	2024-03-29	2024-03-29
Pretty URL hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen2 Hash f0f968515d45ae217ed740555dc6a1c7 e55f8f02cbfde6b42a7d9dbba2ae59a3ed4be649 177f0b38c8aa1ec3e5afdf94d020e4fa0fbf5009d12914167294e76f572a096c Loading...

	www.lloyds-payeesupport.com/tj.js	1.7 kB	2024-03-29	2024-04-08
Pretty URL www.lloyds-payeesupport.com/tj.js IP 103.61.22.95 ASN #26658 HENGTONG-IDC-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-04-08 07:18:26 Times Seen6 Hash 5bfd0dda4f0f3b75ddd19e651d4f5ce7 b98efb39fc287b3ce0f3fa1d8f4fb420722874a4 fcfcb6d5b1f4bb15fb55a4b64564d7ff26ebace18fc2118c22d440894eabaf6e Loading...

	unknown	333 B	2024-03-29	2024-04-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-04-08 07:18:26 Times Seen3 Hash 0e0be4599c7e559035278c9ea080b5f9 fc345d04bc4e6029eb24e9b7a98775dbe4af24ee e66f4bda4e12ac88de75aed0403194365772c50acd3e951795647023258bb6d3 Loading...

	www.lloyds-payeesupport.com/common.js	2.1 kB	2024-03-29	2024-04-08
Pretty URL www.lloyds-payeesupport.com/common.js IP 103.61.22.95 ASN #26658 HENGTONG-IDC-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 09:15:58 Last Seen2024-04-08 07:18:26 Times Seen8 Hash e0baeecb34448bb66a2f9912d259eb06 9805d7fa9e1d2b0b127f1224f0c2da59e755481c 4b32f9da113323e7c29b789b507c1d925b0d071475c61618a683a9dc26837d53 Loading...

	api.tongjiniao.com/c?_=630382903562600448	11 kB	2024-03-29	2024-03-29
Pretty URL api.tongjiniao.com/c?_=630382903562600448 IP 43.248.141.220 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen2 Hash b8841d84ee233df7e97e65307136cd17 3e4b1f8b3a0305833cb1b94695392090fb753c92 f2e0f589a5d30d359b7d743b53766a9e3f8d7101c8de5c67ba275daea3fa4358 Loading...

	unknown	333 B	2024-03-29	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 06:37:47 Last Seen2024-04-18 08:40:26 Times Seen23 Hash 7494754b31e88980fca87798503abf9a 245b16f6f2c83bf66dce1599bad53f10725874a3 d025205f783ea5f72115f61cfa682d9abb01e2afcf2965b0daa4aee3c0ac962c Loading...

	hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e	30 kB	2024-03-29	2024-03-29
Pretty URL hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen2 Hash 1545282d43a2abd0e21dc3fc4e469a0d 8e72c269321a65112d38bbcae9f454a0c6892dea 9f5676ddf276e51498b61dee338dc08ba8303f2d7e344c877669be7a72f5d86d Loading...

	unknown	366 B	2024-03-29	2024-03-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-03-29 11:29:47 Last Seen2024-03-29 11:29:47 Times Seen1 Hash 77ba1bf232c3192bbe4fa16ce4501731 a322cdb7c8e9f49b8d8baf7d7f87d1c7f7dabe1f 7012251c3fa44e5bf167f56a90361fa9368dcf8db4dd9b6379fdb0024574c17c Loading...

		Size	First Seen	Last Seen
	#1 Write - 8c442a03b2abb20ec370e9ffc44a0b9e	331 B	2024-03-29	2024-04-18
Pretty Observations First Seen2024-03-29 06:37:47 Last Seen2024-04-18 08:40:26 Times Seen23 Hash 8c442a03b2abb20ec370e9ffc44a0b9e 97db7d0e99221a27051b38830eb9a7956109afea 0b6a1c081072a7b9ae86ed75598f82ad1b74f6b6471b981ac170beea6038fb0c Loading...

	#2 Write - 53f191d55be0d30fe28f1bee8f6a4bdd	331 B	2024-03-29	2024-04-08
Pretty Observations First Seen2024-03-29 11:29:47 Last Seen2024-04-08 07:18:26 Times Seen3 Hash 53f191d55be0d30fe28f1bee8f6a4bdd 9a8731c1a5f12ba27a3478952cf0a52539bd288b f39c2b86b8b4f81ffa899c62a7e2ea9f7dcef70a1d400c306104178a54560ef0 Loading...

HTTP Transactions (15)

URL IP Response Size

lloyds-payeesupport.com/Login.php

103.61.22.95

0 B

URL User Request GET
lloyds-payeesupport.com/Login.php
IP
103.61.22.95:0
ASN
#26658 HENGTONG-IDC-LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Login.php HTTP/1.1
Host: lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 29 Mar 2024 10:29:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.lloyds-payeesupport.com/Login.php

www.lloyds-payeesupport.com/Login.php

103.61.22.95

200 OK

783 B

URL User Request GET HTTP/1.1
www.lloyds-payeesupport.com/Login.php
IP
103.61.22.95:80
ASN
#26658 HENGTONG-IDC-LLC

File type
JavaScript source, ISO-8859 text, with CRLF line terminators
Size
783 B (783 bytes)
Hash
afb00ba8f06f03728100caafec1974d1
a9aa55573f0db9577cb57ce49de3f3868ed34949
2a94d9211e24ea39ce23bcfc67e29ff2a767aa5399cbd9b8929e4c81d88d1c4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Login.php HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: text/html
Content-Length: 783
Connection: keep-alive

www.lloyds-payeesupport.com/tj.js

103.61.22.95

200 OK

599 B

URL GET HTTP/1.1
www.lloyds-payeesupport.com/tj.js
IP
103.61.22.95:80
ASN
#26658 HENGTONG-IDC-LLC

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JavaScript source, ASCII text, with very long lines (363), with CRLF line terminators
Size
599 B (599 bytes)
Hash
5bfd0dda4f0f3b75ddd19e651d4f5ce7
b98efb39fc287b3ce0f3fa1d8f4fb420722874a4
fcfcb6d5b1f4bb15fb55a4b64564d7ff26ebace18fc2118c22d440894eabaf6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.lloyds-payeesupport.com/common.js

103.61.22.95

200 OK

919 B

URL GET HTTP/1.1
www.lloyds-payeesupport.com/common.js
IP
103.61.22.95:80
ASN
#26658 HENGTONG-IDC-LLC

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JavaScript source, ASCII text, with very long lines (448), with CRLF line terminators
Size
919 B (919 bytes)
Hash
e0baeecb34448bb66a2f9912d259eb06
9805d7fa9e1d2b0b127f1224f0c2da59e755481c
4b32f9da113323e7c29b789b507c1d925b0d071475c61618a683a9dc26837d53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common.js HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.zhanzhang.baidu.com/push.js

182.61.244.229

200 OK

227 B

URL GET HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.244.229:80
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 29 Mar 2024 10:29:23 GMT
Etag: "4078521116"
Expires: Sat, 29 Mar 2025 10:29:23 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=977FF896ECD544DCFA8A38E8DCED2C54:FG=1; max-age=31536000; expires=Sat, 29-Mar-25 10:29:23 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

www.lloyds-payeesupport.com/favicon.ico

103.61.22.95

200 OK

1.2 kB

URL GET HTTP/1.1
www.lloyds-payeesupport.com/favicon.ico
IP
103.61.22.95:80
ASN
#26658 HENGTONG-IDC-LLC

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.lloyds-payeesupport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/Login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:22 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 03 Apr 2024 10:29:22 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

api.tongjiniao.com/c?_=630382903562600448

43.248.141.220

3.9 kB

URL GET
api.tongjiniao.com/c?_=630382903562600448
IP
43.248.141.220:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.9 kB (3888 bytes)
Hash
b8841d84ee233df7e97e65307136cd17
3e4b1f8b3a0305833cb1b94695392090fb753c92
f2e0f589a5d30d359b7d743b53766a9e3f8d7101c8de5c67ba275daea3fa4358

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c?_=630382903562600448 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 3888
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache

api.tongjiniao.com/c?_=630381606453088256

43.248.141.220

3.9 kB

URL GET
api.tongjiniao.com/c?_=630381606453088256
IP
43.248.141.220:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.9 kB (3889 bytes)
Hash
041ce4dbe81ba574c3519b5228743e25
36ecc62e5aad6a172c8eae0dc17411331750e3fb
4562d83e9dedb8f2230fb92d7a53e58205bf65ace18971af4e9ab0eae814a699

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c?_=630381606453088256 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:23 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 3889
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache

api.tongjiniao.com/r?t=1711708163&p=632283625850769408

43.248.141.220

200 OK

59 B

URL POST HTTP/1.1
api.tongjiniao.com/r?t=1711708163&p=632283625850769408
IP
43.248.141.220:80
ASN
#23650 AS Number for CHINANET jiangsu province backbone

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JSON text data
Size
59 B (59 bytes)
Hash
fcbac133817d51d3f86a5eb50129c1d6
1ae6444e39a7fa0bce6ed462c5dbbfac95a3167c
17d23d0db7da15eb43d6534270daf62f55b786837fac25daec2b5d8c9638840b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /r?t=1711708163&p=632283625850769408 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
Origin: http://www.lloyds-payeesupport.com
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 59
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache

api.tongjiniao.com/r?t=1711708163&p=632283625863340032

43.248.141.220

200 OK

59 B

URL POST HTTP/1.1
api.tongjiniao.com/r?t=1711708163&p=632283625863340032
IP
43.248.141.220:80
ASN
#23650 AS Number for CHINANET jiangsu province backbone

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type
JSON text data
Size
59 B (59 bytes)
Hash
fcbac133817d51d3f86a5eb50129c1d6
1ae6444e39a7fa0bce6ed462c5dbbfac95a3167c
17d23d0db7da15eb43d6534270daf62f55b786837fac25daec2b5d8c9638840b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /r?t=1711708163&p=632283625863340032 HTTP/1.1
Host: api.tongjiniao.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
Origin: http://www.lloyds-payeesupport.com
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Mar 2024 10:29:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 59
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization
Content-Encoding: gzip
Cache-Control: no-cache,no-store, no-cache

api.share.baidu.com/s.gif?l=http://www.lloyds-payeesupport.com/Login.php

182.61.201.93

200 OK

0 B

URL GET HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.lloyds-payeesupport.com/Login.php
IP
182.61.201.93:80
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.lloyds-payeesupport.com/Login.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 29 Mar 2024 10:29:24 GMT

hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?7d1a73b69d2a37cacfb2269e2028042e
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
1545282d43a2abd0e21dc3fc4e469a0d
8e72c269321a65112d38bbcae9f454a0c6892dea
9f5676ddf276e51498b61dee338dc08ba8303f2d7e344c877669be7a72f5d86d

HTTP Headers

GET /hm.js?7d1a73b69d2a37cacfb2269e2028042e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 10:29:24 GMT
Etag: 381bbeca15c3c90ff76152278e3c95db
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D544C099C9BBCF9F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?0b22e3ab72a30f15311e5dc5950f263e
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (620)
Size
11 kB (11258 bytes)
Hash
f0f968515d45ae217ed740555dc6a1c7
e55f8f02cbfde6b42a7d9dbba2ae59a3ed4be649
177f0b38c8aa1ec3e5afdf94d020e4fa0fbf5009d12914167294e76f572a096c

HTTP Headers

GET /hm.js?0b22e3ab72a30f15311e5dc5950f263e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11258
Content-Type: application/javascript
Date: Fri, 29 Mar 2024 10:29:24 GMT
Etag: d8de2e42387bf96367cf4c5220b04d25
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B231CE79832DF0A9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1855044225&si=7d1a73b69d2a37cacfb2269e2028042e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 10:29:24 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=6B606A5AC2ADBA77; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://www.lloyds-payeesupport.com/Login.php
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1827834742&si=0b22e3ab72a30f15311e5dc5950f263e&v=1.3.0&lv=1&sn=65035&r=0&ww=1280&u=http%3A%2F%2Fwww.lloyds-payeesupport.com%2FLogin.php&tt=%E6%BF%AE%E9%98%B3%E6%B5%A9%E5%B2%B3%E6%96%B0%E8%83%BD%E6%BA%90%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.lloyds-payeesupport.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 29 Mar 2024 10:29:25 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=52A567BA6805D8BD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN