Edit tour

Windows Analysis Report
http://hs-login.live/

Overview

General Information

Sample URL:	http://hs-login.live/
Analysis ID:	883742
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Multi AV Scanner detection for submitted file

Antivirus detection for URL or domain

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6056 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,18371599400602385215,15861051455311082120,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6456 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hs-login.live/ MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg

Source: classification engine

Classification label: mal80.phis.win@39/338@50/32

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,18371599400602385215,15861051455311082120,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://hs-login.live/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,18371599400602385215,15861051455311082120,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://hs-login.live/	8%	Virustotal		Browse
http://hs-login.live/	100%	Avira URL Cloud	phishing
http://hs-login.live/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
https://hs-login.live//pages	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
http://col.eum-appdynamics.com	0%	URL Reputation	safe
https://www.askus.hsbc.co.uk/counter-service/embedp2new/init.min.js?v=20220503	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/online/dashboard/	0%	Avira URL Cloud	safe
https://www.business.hsbc.co.uk/	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/front_end_files/common.css	100%	Avira URL Cloud	phishing
https://www.business.hsbc.co.uk/	0%	Virustotal		Browse
https://www.hsbc.co.uk/	0%	Virustotal		Browse
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/social/youtube.svg	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/current-accounts/products/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/favicons/favicon.ico	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/front_end_files/activate-key.css	100%	Avira URL Cloud	phishing
https://www.hsbc.co.uk/current-accounts/products/international-student/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/mortgages/move-your-mortgage/	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/front_end_files/protecting-your-money.jpg	100%	Avira URL Cloud	phishing
https://www.hsbc.co.uk/insurance/products/income-protection/	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/images/icons/customcheckbox.gif	100%	Avira URL Cloud	phishing
https://www.hsbc.co.uk/mortgages/calculators/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/manifest.json	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/current-accounts/products/overdrafts/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/savings/products/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/insurance/products/aspects/claims/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/content/dam/hsbc/ciiom/images/bank-accounts/16-9/1568-holding-child-smiling-together-800x450.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg	0%	Avira URL Cloud	safe
https://www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/t	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/international/travel-money/	0%	Avira URL Cloud	safe
https://hsbccovid.consents.online	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/savings/products/fixed-rate/	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/front_end_files/masthead-ie7.css	100%	Avira URL Cloud	phishing
https://q-aeu1.contentsquare.net/quota?ct=0	0%	Avira URL Cloud	safe
https://www.eu430.p2g.netd2.hsbc.com.hk	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/loans/products/car-loan/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/cookie-notice/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/investments/existing-customers/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/configuration/modals/you-are-leaving-hsbc.modal/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/international/currency-account/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-LtIt.woff	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/wealth/planning/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/credit-cards/rewards-credit-cards/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-all.min.e6658570fe2d0b98f9e6ac373b4e9969.js	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/savings/products/cash-isa/	0%	Avira URL Cloud	safe
https://www.makeaclaim.hsbc.co.uk/HomeClaimOTP/MakeAClaim/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/wealth/planning/	0%	Virustotal		Browse
https://hs-login.live//front_end/front_end_files/images/button/backgrounds/default.gif	100%	Avira URL Cloud	phishing
http://retirementcalculator.hsbc.co.uk	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/savings/products/cash-isa/	0%	Virustotal		Browse
https://www.hsbc.co.uk/insurance/products/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/credit-cards/credit-builder-credit-cards/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/help/banking-made-easy/	0%	Avira URL Cloud	safe
https://hs-login.live//js/shared/loading.js	100%	Avira URL Cloud	phishing
https://hs-login.live//front_end/front_end_files/pageextra.css	100%	Avira URL Cloud	phishing
https://hs-login.live//recover-username.php	100%	Avira URL Cloud	phishing
https://www.hsbc.co.uk/credit-cards/purchase-credit-cards/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/insurance/products/contents/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/insurance/protection-advice/	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/social/twitter.svg	0%	Avira URL Cloud	safe
https://hs-login.live//front_end/front_end_files/masthead-ie8.css	100%	Avira URL Cloud	phishing
https://www.mcmprod.hsbc.co.uk/JavascriptInsert.js	0%	Avira URL Cloud	safe
https://www.askus.hsbc.co.uk/counter-service/embedp2new/ver.js?callback=cvversion&v=1686208943	0%	Avira URL Cloud	safe
https://www.hsbc.co.uk/current-accounts/products/overdraft-calculator/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
visitor-service-eu-west-1.tealiumiq.com	54.74.97.132	true	false	high
hs-login.live	5.42.199.96	true	false	unknown
col.eum-appdynamics.com	44.238.120.8	true	false	unknown
collect-eu-west-1.tealiumiq.com	63.34.46.219	true	false	high
platform.twitter.map.fastly.net	199.232.40.157	true	false	unknown
hsbc.creativevirtual.biz	62.138.155.102	true	false	unknown
scontent.xx.fbcdn.net	157.240.17.15	true	false	high
t.co	104.244.42.5	true	false	high
c.ba.contentsquare.net	52.215.119.116	true	false	unknown
collect.tealiumiq.com	18.159.165.110	true	false	high
lo0.v.liveperson.net	178.249.96.141	true	false	high
cm.g.doubleclick.net	142.250.203.98	true	false	high
www.google.com	142.250.203.100	true	false	high
www.business.hsbc.co.uk.gslb-uk1.hsbc.com	193.108.75.109	true	false	high
star-mini.c10r.facebook.com	157.240.17.35	true	false	high
www.mcmprod.hsbc.co.uk.gslb-uk1.hsbc.com	91.214.5.154	true	false	high
accounts.google.com	142.250.203.109	true	false	high
s.twitter.com	104.244.42.195	true	false	high
aax-eu.amazon-adsystem.com	54.239.33.158	true	false	high
datacloud.tealiumiq.com	3.68.47.209	true	false	high
hsbc.co.uk.prod.eu.dynp.cloud1.vv1865.com	99.84.88.99	true	false	unknown
lo.v.liveperson.net	178.249.97.70	true	false	high
track.omguk.com	63.32.191.187	true	false	high
q-aeu1.contentsquare.net	34.248.149.125	true	false	unknown
cdn.appdynamics.com	108.138.36.89	true	false	high
googleads.g.doubleclick.net	172.217.168.34	true	false	high
k.ba.contentsquare.net	34.250.168.146	true	false	unknown
clients.l.google.com	142.250.203.110	true	false	high
www.google.ch	172.217.168.67	true	false	high
dzfq4ouujrxm8.cloudfront.net	18.66.192.72	true	false	high
lpcdn.lpsnmedia.net	unknown	unknown	false	high
static.ads-twitter.com	unknown	unknown	false	unknown
akamai.tiqcdn.com	unknown	unknown	false	high
askus.business.hsbc.uk	unknown	unknown	false	high
www.hsbc.co.uk	unknown	unknown	false	unknown
zn86n9s5cmkdrsu9l-hsbcdigital.siteintercept.qualtrics.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
www.business.hsbc.uk	unknown	unknown	false	high
www.business.hsbc.co.uk	unknown	unknown	false	unknown
www.facebook.com	unknown	unknown	false	high
www.mcmprod.hsbc.co.uk	unknown	unknown	false	unknown
accdn.lpsnmedia.net	unknown	unknown	false	high
www.security.hsbc.co.uk	unknown	unknown	false	unknown
www.linkedin.com	unknown	unknown	false	high
k-aeu1.contentsquare.net	unknown	unknown	false	unknown
connect.facebook.net	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
www.askus.hsbc.co.uk	unknown	unknown	false	unknown
analytics.twitter.com	unknown	unknown	false	high
c.contentsquare.net	unknown	unknown	false	unknown
tags.tiqcdn.com	unknown	unknown	false	high
dc.ads.linkedin.com	unknown	unknown	false	high
lptag.liveperson.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.hsbc.co.uk/	false	0%, Virustotal, Browse	unknown
https://askus.business.hsbc.uk/commercial-banking/build/images/sprite.png	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.2920.js?utv=ut4.47.202305311809	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.3605.js?utv=ut4.47.202206091620	false		high
https://www.business.hsbc.co.uk/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://lo0.v.liveperson.net/api/js/8181236?&cb=lpCb14998x82551&t=sp&ts=1686208919841&pid=2466703733&tid=2326155737&pt=HSBC%20UK%20-%20Personal%20%26%20Online%20Banking&u=https%3A%2F%2Fwww.hsbc.co.uk%2F&sec=%5B%22%22%5D&df=0&os=0&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22en_gb%22%7D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22page_security_level-0%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%2C%7B%22product%22%3A%7B%22name%22%3A%22site_region-Europe_UK_United_Kingdom_HSBC_Bank_Plc_HSBC%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%5D&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D	false		high
https://www.askus.hsbc.co.uk/counter-service/embedp2new/init.min.js?v=20220503	false	Avira URL Cloud: safe	unknown
https://hs-login.live//front_end/front_end_files/common.css	false	Avira URL Cloud: phishing	unknown
https://tags.tiqcdn.com/utag/hsbc/uk-cmb/prod/utag.sync.js	false		high
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/social/youtube.svg	false	Avira URL Cloud: safe	unknown
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.3702.js?utv=ut4.47.202305311809	false		high
https://hs-login.live//front_end/front_end_files/activate-key.css	false	Avira URL Cloud: phishing	unknown
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.3681.js?utv=ut4.47.202305311809	false		high
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/favicons/favicon.ico	false	Avira URL Cloud: safe	unknown
https://hs-login.live//front_end/front_end_files/protecting-your-money.jpg	false	Avira URL Cloud: phishing	unknown
https://hs-login.live//front_end/images/icons/customcheckbox.gif	false	Avira URL Cloud: phishing	unknown
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/manifest.json	false	Avira URL Cloud: safe	unknown
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=42c5fa4e-3429-4c71-ac41-36f1b7cec648&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=ade9c840-3799-4235-a6fb-20e31b14b13e&tw_document_href=https%3A%2F%2Fwww.hsbc.co.uk%2F&tw_iframe_status=0&txn_id=o4hy4&type=javascript&version=2.3.29	false		high
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/uk-rbwm/202305311808&cb=1686208918107	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.1836.js?utv=ut4.47.202305311809	false		high
https://lo0.v.liveperson.net/api/js/8181236?sid=rWpSRJSuSSG22kZ8u9DWKQ&cb=lpCb9585x39957&t=ip&ts=1686208979093&pid=2466703733&tid=2326155737&vid=NlNDU4ZDMwZTFmZTYyMzdm	false		high
https://www.hsbc.co.uk/content/dam/hsbc/ciiom/images/bank-accounts/16-9/1568-holding-child-smiling-together-800x450.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg	false	Avira URL Cloud: safe	unknown
https://www.google.ch/pagead/1p-user-list/1052819256/?random=1686208973779&cv=11&fst=1686207600000&bg=ffffff&guid=ON&async=1&gtm=45be3650&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.hsbc.co.uk%2F&frm=0&tiba=HSBC%20UK%20-%20Personal%20%26%20Online%20Banking&userId=018899e22632001bd428557dc6180006f001706700918&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&fmt=3&is_vtc=1&random=3638108857&rmt_tld=1&ipr=y	false		high
https://hs-login.live//front_end/front_end_files/masthead-ie7.css	false	Avira URL Cloud: phishing	unknown
https://q-aeu1.contentsquare.net/quota?ct=0	false	Avira URL Cloud: safe	unknown
https://askus.business.hsbc.uk/commercial-banking/build/js/lpChat.min.js?v=1635885343	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-cmb/prod/utag.js	false		high
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.106	false		high
https://www.hsbc.co.uk/configuration/modals/you-are-leaving-hsbc.modal/	false	Avira URL Cloud: safe	unknown
https://lo.v.liveperson.net/api/js/50632853?sid=RxQD5664QHaKKGi6VMn5VQ&cb=lpCb93745x33213&t=uc&ts=1686208982467&pid=9750660254&tid=4816875942&vid=M5NDM1NmFhZGYwNzU5MmM5&sdes=%5B%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22lpButtonDiv-need-help-panel%22%7D%5D	false		high
https://askus.business.hsbc.uk/commercial-banking/build/ver.js?callback=cvversion&v=1686208930	false		high
https://lo0.v.liveperson.net/api/js/8181236?sid=rWpSRJSuSSG22kZ8u9DWKQ&cb=lpCb64805x52147&t=ip&ts=1686208946293&pid=2466703733&tid=2326155737&vid=NlNDU4ZDMwZTFmZTYyMzdm	false		high
https://lo0.v.liveperson.net/api/js/8181236?sid=rWpSRJSuSSG22kZ8u9DWKQ&cb=lpCb81636x89705&t=sp&ts=1686208942136&pid=8941935502&tid=1648545016&vid=NlNDU4ZDMwZTFmZTYyMzdm&rvt=1686176522757&pt=HSBC%20UK%20-%20Personal%20%26%20Online%20Banking&u=https%3A%2F%2Fwww.hsbc.co.uk%2F&sec=%5B%22%22%5D&df=0&os=0&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22en_gb%22%7D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22page_security_level-0%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%2C%7B%22product%22%3A%7B%22name%22%3A%22site_region-Europe_UK_United_Kingdom_HSBC_Bank_Plc_HSBC%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%5D&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D	false		high
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-LtIt.woff	false	Avira URL Cloud: safe	unknown
https://lo0.v.liveperson.net/api/js/8181236?sid=rWpSRJSuSSG22kZ8u9DWKQ&cb=lpCb90758x94084&t=ip&ts=1686208933562&pid=2466703733&tid=2326155737&vid=NlNDU4ZDMwZTFmZTYyMzdm	false		high
https://askus.business.hsbc.uk/commercial-banking/build/js/jquery-ui.mod.min.js?v=1635885343	false		high
https://lo.v.liveperson.net/api/js/50632853?sid=RxQD5664QHaKKGi6VMn5VQ&cb=lpCb5820x31526&t=pl&ts=1686208953486&pid=6677982218&tid=4816875942&vid=M5NDM1NmFhZGYwNzU5MmM5	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.3727.js?utv=ut4.47.202305311809	false		high
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-all.min.e6658570fe2d0b98f9e6ac373b4e9969.js	false	Avira URL Cloud: safe	unknown
https://hs-login.live//front_end/front_end_files/images/button/backgrounds/default.gif	false	Avira URL Cloud: phishing	unknown
https://cdn.appdynamics.com/adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/	false		unknown
https://hs-login.live//js/shared/loading.js	false	Avira URL Cloud: phishing	unknown
https://hs-login.live//front_end/front_end_files/pageextra.css	false	Avira URL Cloud: phishing	unknown
https://hs-login.live//recover-username.php	false	Avira URL Cloud: phishing	unknown
https://www.facebook.com/tr/?id=2547708882206584&ev=PageView&dl=https%3A%2F%2Fwww.hsbc.co.uk%2F&rl=&if=false&ts=1686208971623&cd[base_tracking_type]=track&sw=1280&sh=1024&ud[external_id]=4446463ccf0129df833f577a3bf452563ecedcb69788c07e6df40e2e7f6b5e6a&v=2.9.106&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.2.1686208971621.133298798&it=1686208971331&coo=false&eid=da15a4edfea9d886a39552d005144c4c&tm=1&rqm=GET	false		high
https://tags.tiqcdn.com/utag/hsbc/uk-rbwm/prod/utag.1839.js?utv=ut4.47.202305311809	false		high
https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/social/twitter.svg	false	Avira URL Cloud: safe	unknown
https://hs-login.live//front_end/front_end_files/masthead-ie8.css	false	Avira URL Cloud: phishing	unknown
https://www.mcmprod.hsbc.co.uk/JavascriptInsert.js	false	Avira URL Cloud: safe	unknown
https://www.askus.hsbc.co.uk/counter-service/embedp2new/ver.js?callback=cvversion&v=1686208943	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4	chromecache_450.1.dr	false		high
https://www.hsbc.co.uk/online/dashboard/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/current-accounts/products/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/current-accounts/products/international-student/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/mortgages/move-your-mortgage/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/insurance/products/income-protection/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/mortgages/calculators/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://momentjs.com/guides/#/warnings/zone/	chromecache_328.1.dr	false		high
https://siteintercept.qualtrics.com	chromecache_390.1.dr	false		high
https://www.hsbc.co.uk/current-accounts/products/overdrafts/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/savings/products/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_353.1.dr	false		high
https://my.tealiumiq.com/urest/legacy/tagcompanion/getProfile?utid=	chromecache_474.1.dr	false		high
https://play.google.com/store/apps/details?id	chromecache_360.1.dr	false		high
https://www.hsbc.co.uk/insurance/products/aspects/claims/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.security.hsbc.co.uk/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/t	chromecache_546.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/international/travel-money/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://momentjs.com/timezone/docs/#/data-loading/.	chromecache_328.1.dr	false		high
https://hsbccovid.consents.online	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/savings/products/fixed-rate/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.eu430.p2g.netd2.hsbc.com.hk	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://momentjs.com/guides/#/warnings/min-max/	chromecache_328.1.dr	false		high
https://www.hsbc.co.uk/loans/products/car-loan/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/cookie-notice/	chromecache_474.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.com/our-approach/risk-and-responsibility/modern-slavery-act	chromecache_360.1.dr	false		high
https://www.hsbc.co.uk/investments/existing-customers/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/	chromecache_382.1.dr	false		high
http://code.google.com/p/episodes/	chromecache_604.1.dr, chromecache_392.1.dr	false		high
https://www.hsbc.co.uk/international/currency-account/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/wealth/planning/	chromecache_360.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/credit-cards/rewards-credit-cards/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.eyeem.com/	chromecache_645.1.dr, chromecache_383.1.dr, chromecache_631.1.dr, chromecache_661.1.dr, chromecache_342.1.dr, chromecache_355.1.dr	false		high
https://www.hsbc.co.uk/savings/products/cash-isa/	chromecache_360.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.makeaclaim.hsbc.co.uk/HomeClaimOTP/MakeAClaim/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.com/who-we-are/esg-and-responsible-business/modern-slavery-act	chromecache_360.1.dr	false		high
http://retirementcalculator.hsbc.co.uk	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://col.eum-appdynamics.com	chromecache_412.1.dr, chromecache_322.1.dr	false	URL Reputation: safe	unknown
https://www.business.hsbc.uk/en-gb/everyday-banking/business-accounts/small-business/kinetic	chromecache_538.1.dr	false		high
https://www.hsbc.co.uk/insurance/products/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://caligatio.github.com/jsSHA/	chromecache_640.1.dr	false		high
https://www.hsbc.co.uk/credit-cards/credit-builder-credit-cards/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/help/banking-made-easy/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
http://cdn.appdynamics.com	chromecache_322.1.dr	false		high
http://momentjs.com/guides/#/warnings/dst-shifted/	chromecache_328.1.dr	false		high
https://www.hsbc.co.uk/credit-cards/purchase-credit-cards/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/insurance/products/contents/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/insurance/protection-advice/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown
https://www.hsbc.co.uk/current-accounts/products/overdraft-calculator/	chromecache_360.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
178.249.97.70	lo.v.liveperson.net	United Kingdom	11054	LIVEPERSONUS	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
108.138.36.89	cdn.appdynamics.com	United States	16509	AMAZON-02US	false
157.240.17.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
34.250.168.146	k.ba.contentsquare.net	United States	16509	AMAZON-02US	false
157.240.17.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
172.217.168.67	www.google.ch	United States	15169	GOOGLEUS	false
199.232.40.157	platform.twitter.map.fastly.net	United States	54113	FASTLYUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false
18.159.165.110	collect.tealiumiq.com	United States	16509	AMAZON-02US	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
62.138.155.102	hsbc.creativevirtual.biz	Germany	8972	GD-EMEA-DC-SXB1DE	false
52.215.119.116	c.ba.contentsquare.net	United States	16509	AMAZON-02US	false
91.214.5.154	www.mcmprod.hsbc.co.uk.gslb-uk1.hsbc.com	United Kingdom	20705	HSBC-UKGB	false
63.34.46.219	collect-eu-west-1.tealiumiq.com	United States	16509	AMAZON-02US	false
3.68.47.209	datacloud.tealiumiq.com	United States	16509	AMAZON-02US	false
99.84.88.99	hsbc.co.uk.prod.eu.dynp.cloud1.vv1865.com	United States	16509	AMAZON-02US	false
44.240.153.22	unknown	United States	16509	AMAZON-02US	false
104.244.42.195	s.twitter.com	United States	13414	TWITTERUS	false
104.244.42.5	t.co	United States	13414	TWITTERUS	false
44.238.120.8	col.eum-appdynamics.com	United States	16509	AMAZON-02US	false
178.249.96.141	lo0.v.liveperson.net	United Kingdom	11054	LIVEPERSONUS	false
172.217.168.34	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.248.149.125	q-aeu1.contentsquare.net	United States	16509	AMAZON-02US	false
5.42.199.96	hs-login.live	Iraq	198802	MIDYAIQ	false
18.66.192.72	dzfq4ouujrxm8.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
193.108.75.109	www.business.hsbc.co.uk.gslb-uk1.hsbc.com	United Kingdom	20705	HSBC-UKGB	false
54.74.97.132	visitor-service-eu-west-1.tealiumiq.com	United States	16509	AMAZON-02US	false
54.239.33.158	aax-eu.amazon-adsystem.com	United States	16509	AMAZON-02US	false
63.32.191.187	track.omguk.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	883742
Start date and time:	2023-06-08 00:20:12 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://hs-login.live/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.phis.win@39/338@50/32
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://hs-login.live//recover-username.php Browse: https://www.security.hsbc.co.uk/gsa?idv_cmd=idv.SaaSSecurityCommand# Browse: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#innerPage Browse: https://www.hsbc.co.uk/ Browse: https://www.business.hsbc.co.uk/ Browse: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#countrySelectorContent Browse: https://www.hsbc.co.uk/1/2/personal

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123, 23.52.67.59, 23.52.67.27, 216.58.215.234, 172.217.168.10, 142.250.203.106, 23.214.14.164, 178.249.97.23, 178.249.97.99, 178.249.97.98, 23.0.174.96, 23.0.174.114, 104.109.250.24, 104.109.250.156, 172.217.168.42, 172.217.168.74, 204.79.197.200, 13.107.21.200, 13.107.42.14, 104.17.208.240, 104.17.209.240, 142.250.203.104, 142.250.203.98
Excluded domains from analysis (whitelisted): www-linkedin-com.l-0005.l-msedge.net, www.business.hsbc.uk.edgekey.net, e38336.b.akamaiedge.net, www.googleadservices.com, content-autofill.googleapis.com, e8091.a.akamaiedge.net, dual-a-0001.a-msedge.net, clientservices.googleapis.com, ipv4geo.lpcdn.lpsnmedia.livepersonk.akadns.net, tags.tiqcdn.com.edgekey.net, www.security.hsbc.co.uk.edgekey.net, lptag.liveperson.cotcdb.net.livepersonk.akadns.net, l-0005.l-msedge.net, bat-bing-com.a-0001.a-msedge.net, edgedl.me.gvt1.com, emea.lpcdn.lpsnmedia.livepersonk.akadns.net, www.googletagmanager.com, e25192.dscx.akamaiedge.net, prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net, update.googleapis.com, bat.bing.com, geo.accdn.livepersonk.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26328, version 1.0
Category:	downloaded
Size (bytes):	26328
Entropy (8bit):	7.9830908174476765
Encrypted:	false
SSDEEP:	768:LC79ynLkY7Uf+2qyCTvVEytdMlANpeYlDJ0GRmPZqMWz:LC7UnLZ7lfzV1AlAN4YlDaG3z
MD5:	D20EE0309F4CABBF82F4A3E1BA2347E5
SHA1:	748C720666C0ABF61B35CC65C517700172E7E823
SHA-256:	1FE93D773A537C17456FC95E7DBFB69CBA2914AC73C5F9B01D4DB046667C688E
SHA-512:	7731FB5C4C2A2CF5AF2FDA7012D9692BFF5DA8D440A447B8D78B5004401C1ECBA95B14CF0611D09B234078F305F6562F63E80A8A3BAE450C3E67403A4DE3E61A
Malicious:	false
Reputation:	low
URL:	https://www.hsbc.co.uk/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-Bd.woff
Preview:	wOFF......f.................................OS/2...X...W...`.0..cmap...........Z`.Wcvt ...L...V........fpgm............c...gasp................glyf......E....4....hdmx..P.........U.]head..[....6...6.ltnhhea..[....!...$.l.:hmtx..\.........n.=.loca..^............}maxp..b.... ... ....name..b ..........1.post..d........ ...2prep..e...........\|.x.c`frc......p......../..&n.ff& `n``X.......>.~........w.gc``...K..q...@.?..3(.!...b.r.x.u.iP.U.....HD.....\|.s..q...q..f.KV....H...A.ZB....K.X..k.oe.h...[..9J.."]oGtt..g.=....{.........e.~t..QfU.\|%...S....V...:..).l....v......vG......u.....:........;.Nw'.........k.@..A...c.1...H;...Zo..x..o...t..X......[....T........o....I...8.J_./.......f.Y.&..w..fn..vbMh\|m+..a..\S...l-.aa.Xa<.U..}....j...e...j..4.<JO...%G.P..)[/...i....R..tu&.t.2..^a..c<..G....{..c.0.y\|.\|....a..Y.&V..v..]\|...a/?q..q.?...,..F5..7..2.....*Fu..pv..dQ.H.1.RFs.W.O.?3._x._..o.A9or.\...q&r.I..-N.6.3..w9....T.1........!..F%3..t........q..\g.W..Sn..5\|..,.&_..k...

Source: http://hs-login.live/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://hs-login.live/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://hs-login.live//pages	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://hs-login.live//front_end/front_end_files/common.css	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/activate-key.css	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/protecting-your-money.jpg	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/images/icons/customcheckbox.gif	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/masthead-ie7.css	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/images/button/backgrounds/default.gif	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//js/shared/loading.js	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/pageextra.css	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//recover-username.php	Avira URL Cloud: Label: phishing
Source: https://hs-login.live//front_end/front_end_files/masthead-ie8.css	Avira URL Cloud: Label: phishing

Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Life events Help and support
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Help & Support
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Legal
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Privacy notice
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Accessibility
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Life events Help and support
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Help & Support
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Legal
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Privacy notice
Source: https://hs-login.live//pages	HTTP Parser: Invalid link: Accessibility

Source: https://hs-login.live//pages	HTTP Parser: No favicon
Source: https://hs-login.live//pages	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#innerPage	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#innerPage	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#innerPage	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#innerPage	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#countrySelectorContent	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#countrySelectorContent	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#countrySelectorContent	HTTP Parser: No favicon
Source: https://www.security.hsbc.co.uk/gsa/IDV_SYSTEM_ERROR/#countrySelectorContent	HTTP Parser: No favicon

Source: https://hs-login.live//pages	HTTP Parser: No <meta name="copyright".. found
Source: https://hs-login.live//pages	HTTP Parser: No <meta name="copyright".. found

Source: chromecache_360.1.dr	String found in binary or memory: <a class="social-image social-icon-facebook" id="listing_socialmediafooterlink_1" href="https://www.facebook.com/hsbcuk" rel="noopener noreferrer" data-event-component="other" data-event-name="Facebook Icon" target="_blank"> equals www.facebook.com (Facebook)
Source: chromecache_360.1.dr	String found in binary or memory: <a class="social-image social-icon-youtube" id="listing_socialmediafooterlink_3" href="https://www.youtube.com/user/hsbcuk" rel="noopener noreferrer" data-event-component="other" data-event-name="YouTube logo" target="_blank"> equals www.youtube.com (Youtube)
Source: chromecache_495.1.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func
Source: chromecache_640.1.dr	String found in binary or memory: function Df(a,b){if("1"!=jc[b]){var c=d+"ytEvent"+Xc;window[c]=function(a){Cf(b,a)};try{a.addEventListener("onStateChange","window."+c),jc[b]="1",Xc++}catch(g){B(g,"error adding YouTube state change listener")}}}function ch(a){if(!a)return!1;var b=""+a.data;if(0===b.indexOf("http://www.youtube.com")\|\|0===b.indexOf("https://www.youtube.com"))return!0;a=a.getElementsByTagName("PARAM");for(var c=0;c<a.length;c++)if(b=a[c],"movie"==b.name&&(b=""+b.value,0===b.indexOf("http://www.youtube.com")\|\|0===b.indexOf("https://www.youtube.com")))return!0; equals www.youtube.com (Youtube)
Source: chromecache_382.1.dr	String found in binary or memory: function rA(a,b){var c=this;return b}rA.I="internal.enableAutoEventOnScroll";var dc=ca(["data-gtm-yt-inspected-"]),sA=["www.youtube.com","www.youtube-nocookie.com"],tA,uA=!1; equals www.youtube.com (Youtube)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 07 Jun 2023 22:21:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: closeExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 07 Jun 2023 22:21:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: closeExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 07 Jun 2023 22:21:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: closeExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 07 Jun 2023 22:21:16 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: closeExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 07 Jun 2023 22:21:21 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: closeExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 07 Jun 2023 22:22:53 GMTContent-Type: text/plain; charset=UTF-8Content-Length: 42Connection: close

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2023 00:21:05.794491053 CEST	60625	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:05.794564962 CEST	49302	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:05.815253973 CEST	53	49302	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:05.827953100 CEST	53	60625	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:08.227268934 CEST	60582	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:08.394071102 CEST	53	60582	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:09.522928953 CEST	62050	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:09.555479050 CEST	53	62050	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:10.924135923 CEST	59636	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:25.520982027 CEST	56949	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:25.550034046 CEST	53	56949	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:40.846596003 CEST	63562	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:40.873948097 CEST	53	63562	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:53.315594912 CEST	49166	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:53.353167057 CEST	53	49166	8.8.8.8	192.168.2.3
Jun 8, 2023 00:21:55.920728922 CEST	49874	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:58.804940939 CEST	64602	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:58.815264940 CEST	50784	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:21:58.874578953 CEST	53	64602	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:00.530576944 CEST	64967	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:00.533565044 CEST	60825	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:02.317398071 CEST	60473	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:02.352592945 CEST	59374	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:02.359323025 CEST	53	60473	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:02.390871048 CEST	53	59374	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:02.399097919 CEST	56616	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:02.422432899 CEST	53	56616	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:03.326268911 CEST	57387	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:03.395911932 CEST	53	57387	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:03.600719929 CEST	50228	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:07.232898951 CEST	51105	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:07.282613039 CEST	53	51105	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:09.579943895 CEST	60816	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:09.601840973 CEST	53	60816	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:11.873420954 CEST	55390	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:11.903367996 CEST	53	55390	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:13.509289980 CEST	50622	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:42.578643084 CEST	63688	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:42.620873928 CEST	53	63688	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:49.770032883 CEST	60647	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:49.808207989 CEST	53	60647	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:49.896872997 CEST	52042	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:49.899887085 CEST	59015	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:49.914304972 CEST	53	59015	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:49.933327913 CEST	53	52042	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:50.731158018 CEST	63151	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:50.903060913 CEST	64905	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.251846075 CEST	59780	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.284030914 CEST	53	59780	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:51.425035000 CEST	53502	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.455585003 CEST	53	53502	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:51.577286959 CEST	55057	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.583924055 CEST	51821	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.611289024 CEST	53	55057	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:51.628572941 CEST	53	51821	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:51.638928890 CEST	50156	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.659734964 CEST	57367	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:51.665833950 CEST	53	50156	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.082256079 CEST	61937	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.085977077 CEST	62094	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.114588022 CEST	53	62094	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.118515968 CEST	53	61937	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.193269014 CEST	59220	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.247502089 CEST	53	59220	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.251086950 CEST	50385	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.324769974 CEST	50790	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.353600025 CEST	53	50790	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.371109962 CEST	51340	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.371249914 CEST	54158	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.395323038 CEST	53	54158	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.406946898 CEST	53	51340	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.484708071 CEST	56519	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.518279076 CEST	53	56519	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:52.826773882 CEST	54129	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:52.860888958 CEST	53	54129	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:53.008855104 CEST	55997	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:53.036072969 CEST	53	55997	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:53.507111073 CEST	56366	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:53.545481920 CEST	53	56366	8.8.8.8	192.168.2.3
Jun 8, 2023 00:22:59.074610949 CEST	53552	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:22:59.152396917 CEST	53	53552	8.8.8.8	192.168.2.3
Jun 8, 2023 00:23:02.906977892 CEST	65129	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:23:04.989638090 CEST	61958	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:23:05.018527031 CEST	53	61958	8.8.8.8	192.168.2.3
Jun 8, 2023 00:23:09.632991076 CEST	65292	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:23:09.661732912 CEST	53	65292	8.8.8.8	192.168.2.3
Jun 8, 2023 00:23:14.763866901 CEST	60661	53	192.168.2.3	8.8.8.8
Jun 8, 2023 00:23:14.783564091 CEST	53	60661	8.8.8.8	192.168.2.3

Timestamp	kBytes transferred	Direction	Data
Jun 8, 2023 00:21:08.470643997 CEST	545	OUT	GET / HTTP/1.1 Host: hs-login.live Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 8, 2023 00:21:08.543878078 CEST	545	IN	HTTP/1.1 302 Found Server: nginx/1.18.0 Date: Wed, 07 Jun 2023 22:21:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Set-Cookie: PHPSESSID=un8m7qiq721r2n9eusrken0f2c; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: https://hs-login.live//pages
Jun 8, 2023 00:21:53.547549009 CEST	3236	OUT	Data Raw: 00 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:06 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-06-07 22:21:06 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-06-07 22:21:06 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 07 Jun 2023 22:21:06 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-qvKpSv-PaYfksgXiqr7eXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-06-07 22:21:06 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-06-07 22:21:06 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:06 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-06-07 22:21:06 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-ZaJ9lx6D0SMTDsu7vTBVkw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 07 Jun 2023 22:21:06 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6001 X-Daystart: 55266 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-06-07 22:21:06 UTC	1	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 30 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 35 32 36 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6001" elapsed_seconds="55266"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-06-07 22:21:06 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-06-07 22:21:06 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:09 UTC	266	OUT	GET //front_end/front_end_files/AlertBox.css HTTP/1.1 Host: hs-login.live Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://hs-login.live//front_end/front_end_files/ursula.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=un8m7qiq721r2n9eusrken0f2c
2023-06-07 22:21:09 UTC	269	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 07 Jun 2023 22:21:09 GMT Content-Type: text/css Content-Length: 6119 Connection: close Last-Modified: Wed, 07 Jun 2023 10:44:49 GMT ETag: "17e7-5fd87d336db4d" Accept-Ranges: bytes Vary: Accept-Encoding
2023-06-07 22:21:09 UTC	269	IN	Data Raw: 2e 75 72 73 75 6c 61 20 2e 61 6c 65 72 74 42 6f 78 57 72 61 70 70 65 72 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 75 72 73 75 6c 61 20 2e 63 6f 6e 66 69 72 6d 41 6c 65 72 74 53 65 63 6f 6e 64 61 72 79 20 7b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 7d 0a 2e 75 72 73 75 6c 61 20 2e 61 6c 65 72 74 42 6f 78 20 7b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 2e 75 72 73 75 6c 61 20 2e 61 6c 65 72 74 42 6f 78 20 2e 61 6c 65 72 74 42 6f 78 49 6e 6e 65 72 20 7b 0a 09 62 6f 72 64 65 72 3a 20 33 70 78 20 73 6f 6c 69 64 20 23 46 46 43 42 43 39 3b 0a Data Ascii: .ursula .alertBoxWrapper {display: none;}.ursula .confirmAlertSecondary {width: 100%;position: relative;padding-top: 20px;}.ursula .alertBox {width: 100%;position: relative;}.ursula .alertBox .alertBoxInner {border: 3px solid #FFCBC9;

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:58 UTC	3952	OUT	GET /utag/tiqapp/utag.v.js?a=hsbc/uk-rbwm/202305311808&cb=1686208918107 HTTP/1.1 Host: tags.tiqcdn.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.hsbc.co.uk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-06-07 22:21:58 UTC	3953	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 2 Connection: close Last-Modified: Sat, 11 Mar 2023 06:57:46 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz Accept-Ranges: bytes Server: AmazonS3 Date: Wed, 07 Jun 2023 22:21:58 GMT ETag: "7bc0ee636b3b83484fc3b9348863bd22" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-P1 X-Amz-Cf-Id: eFim84GfQir-2owClY7VU34hKYjpvKuxTlMMo7IA-dte6vQiIGKszw== Age: 218 Cache-Control: max-age=300
2023-06-07 22:21:58 UTC	3954	IN	Data Raw: 2f 2f Data Ascii: //

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:59 UTC	3954	OUT	POST /8456/handler9/session.json HTTP/1.1 Host: www.mcmprod.hsbc.co.uk Connection: keep-alive Content-Length: 449 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://www.hsbc.co.uk Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.hsbc.co.uk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC_16862089180760.973d3895538c4a253189315e0fc2e0ce_8456
2023-06-07 22:21:59 UTC	3955	OUT	Data Raw: 73 65 3d 5f 31 36 38 36 32 30 38 39 31 38 30 37 36 30 2e 39 37 33 64 33 38 39 35 35 33 38 63 34 61 32 35 33 31 38 39 33 31 35 65 30 66 63 32 65 30 63 65 5f 38 34 35 36 26 73 6a 3d 63 73 61 48 53 42 43 26 61 50 3d 5f 31 36 38 36 32 30 38 39 31 38 30 37 36 30 2e 39 37 33 64 33 38 39 35 35 33 38 63 34 61 32 35 33 31 38 39 33 31 35 65 30 66 63 32 65 30 63 65 5f 26 62 64 3d 74 72 75 65 26 73 69 3d 66 61 6c 73 65 26 61 4d 3d 5f 31 36 38 36 32 30 38 39 31 38 30 37 36 30 2e 39 37 33 64 33 38 39 35 35 33 38 63 34 61 32 35 33 31 38 39 33 31 35 65 30 66 63 32 65 30 63 65 5f 26 61 4f 3d 2d 31 26 76 62 3d 33 26 77 61 3d 38 2e 31 38 2e 31 38 34 36 30 26 61 57 3d 5f 31 36 38 36 32 30 38 39 31 38 30 37 36 30 2e 39 37 33 64 33 38 39 35 35 33 38 63 34 61 32 35 33 31 38 39 Data Ascii: se=_16862089180760.973d3895538c4a253189315e0fc2e0ce_8456&sj=csaHSBC&aP=_16862089180760.973d3895538c4a253189315e0fc2e0ce_&bd=true&si=false&aM=_16862089180760.973d3895538c4a253189315e0fc2e0ce_&aO=-1&vb=3&wa=8.18.18460&aW=_16862089180760.973d3895538c4a253189
2023-06-07 22:21:59 UTC	3965	IN	HTTP/1.1 200 OK Date: Wed, 07 Jun 2023 22:21:59 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Access-Control-Allow-Origin: https://www.hsbc.co.uk Access-Control-Allow-Credentials: true Content-Type: application/json X-Content-Type-Options: nosniff Pragma: no-cache Cache-Control: no-store Cache-Control: no-cache P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL" Content-Length: 7251 Set-Cookie: vtz47gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; secure; SameSite=None; path=/; HttpOnly Set-Cookie: csaHSBCCDID=null_2_bab5298f20cf45d183c9bae79258296a; secure; SameSite=None; path=/; HttpOnly Set-Cookie: csaHSBCCDuvt=d810b33dae0d4b9aa0923c91bf7fffb6;expires=Sun, 5 Nov 2023 07:21:58; secure; SameSite=None; path=/; HttpOnly Vary: User-Agent S: LWSMCMRP102UK Connection: close Set-Cookie: MCM-PROD-WDC=3481586442.47873.0000; path=/; Httponly; Secure Set-Cookie: TS01977c0f=0105ea404a694db49acb96b258f317a42d7a86ae422f190e42301c33cc24c608113806cd42e1afff63346fc29103d6ecaa3f038b59; Path=/
2023-06-07 22:21:59 UTC	3966	IN	Data Raw: 7b 22 77 69 6e 64 6f 77 56 61 72 69 61 62 6c 65 73 22 3a 7b 22 63 73 61 48 53 42 43 77 69 64 22 3a 22 32 38 33 34 37 38 31 34 33 39 30 22 2c 22 63 73 61 48 53 42 43 73 6e 22 3a 22 32 38 33 34 37 38 31 36 30 31 22 2c 22 63 73 61 48 53 42 43 63 66 67 22 3a 22 36 30 36 30 38 30 37 31 30 36 37 35 22 2c 22 63 73 61 48 53 42 43 6c 6e 22 3a 22 34 33 35 31 22 2c 22 63 73 61 48 53 42 43 67 65 74 49 6e 70 75 74 73 22 3a 22 31 25 33 46 45 72 72 6f 72 49 74 65 6d 25 33 62 31 25 33 46 66 6f 72 6d 49 6e 6c 69 6e 65 45 72 72 6f 72 25 33 62 31 25 33 46 65 72 72 6f 72 43 6f 6e 74 65 6e 74 73 25 33 62 31 25 33 46 65 72 72 6f 72 73 25 33 62 31 25 33 46 73 63 6d 42 61 6e 6e 65 72 49 6d 61 67 65 25 33 62 30 25 33 46 2a 68 74 73 65 2d 6d 74 67 2d 63 6f 6d 6d 6f 6e 2d 64 65 66 Data Ascii: {"windowVariables":{"csaHSBCwid":"28347814390","csaHSBCsn":"2834781601","csaHSBCcfg":"606080710675","csaHSBCln":"4351","csaHSBCgetInputs":"1%3FErrorItem%3b1%3FformInlineError%3b1%3FerrorContents%3b1%3Ferrors%3b1%3FscmBannerImage%3b0%3F*htse-mtg-common-def

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:59 UTC	3955	OUT	GET /JavascriptInsert.js HTTP/1.1 Host: www.mcmprod.hsbc.co.uk Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.hsbc.co.uk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC_16862089180760.973d3895538c4a253189315e0fc2e0ce_8456
2023-06-07 22:21:59 UTC	3956	IN	HTTP/1.1 200 OK Date: Wed, 07 Jun 2023 22:21:59 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Type: application/x-javascript X-Content-Type-Options: nosniff Last-Modified: Wed, 16 Feb 2022 13:11:36 GMT Cache-Control: max-age=900 Cache-Control: s-maxage=900 ETag: 80efc8401fb7122eb30b0414016a5053 Content-Length: 97382 Vary: Accept-Encoding,User-Agent S: LWSMCMRP103UK Connection: close Set-Cookie: MCM-PROD-WDC=3498363658.47873.0000; path=/; Httponly; Secure Set-Cookie: TS01977c0f=0105ea404aba623627d60f60cab85d7d34cc40ddf3d6c1590b182eaf538e8f58e6ef77d7cfe966f66479c0a22a31d466c20031be7a; Path=/
2023-06-07 22:21:59 UTC	3957	IN	Data Raw: 2f 2a 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 30 30 2d 32 30 32 33 20 43 65 6c 65 62 72 75 73 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 2c 20 61 20 64 69 76 69 73 69 6f 6e 20 6f 66 20 44 34 74 34 20 53 6f 6c 75 74 69 6f 6e 73 20 50 6c 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 2a 2f 0a 77 69 6e 64 6f 77 2e 63 73 61 48 53 42 43 6f 54 50 3d 74 72 75 65 3b 77 69 6e 64 6f 77 2e 63 73 61 48 53 42 43 6f 57 41 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 77 69 6e 64 6f 77 2e 63 73 61 48 53 42 43 77 49 3d 30 3b 77 69 6e 64 6f 77 2e 63 73 61 48 53 42 43 73 57 4f 3d 74 72 75 65 3b 66 75 6e 63 74 69 6f 6e 20 63 73 61 48 53 42 43 69 42 64 28 29 7b 69 66 28 63 73 61 48 53 42 43 42 64 29 63 73 61 48 53 42 43 42 64 28 27 63 73 61 48 53 42 43 27 2c Data Ascii: /Copyright 2000-2023 Celebrus Technologies, a division of D4t4 Solutions Plc. All rights reserved./window.csaHSBCoTP=true;window.csaHSBCoWA=new Array();window.csaHSBCwI=0;window.csaHSBCsWO=true;function csaHSBCiBd(){if(csaHSBCBd)csaHSBCBd('csaHSBC',
2023-06-07 22:21:59 UTC	3973	IN	Data Raw: 6c 2c 6b 3d 72 2e 69 64 56 61 6c 2c 6c 3d 72 2e 63 6c 61 73 73 56 61 6c 2c 74 3d 72 2e 68 72 65 66 56 61 6c 2c 6e 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 66 29 2c 6d 3d 30 2c 71 3d 6e 2e 6c 65 6e 67 74 68 3b 6d 3c 71 3b 6d 2b 2b 29 7b 76 61 72 20 70 3d 22 22 2c 76 2c 78 3d 21 30 2c 59 3d 6e 5b 6d 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 29 2c 42 3d 6e 5b 6d 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3b 69 66 28 21 53 61 28 42 29 29 7b 74 72 79 7b 70 3d 6e 5b 6d 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 7d 63 61 74 63 68 28 79 29 7b 7d 69 66 28 21 70 29 74 72 79 7b 70 3d 6e 5b 6d 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 Data Ascii: l,k=r.idVal,l=r.classVal,t=r.hrefVal,n=document.getElementsByTagName(f),m=0,q=n.length;m<q;m++){var p="",v,x=!0,Y=n[m].getAttribute("name"),B=n[m].getAttribute("id");if(!Sa(B)){try{p=n[m].getAttribute("class")}catch(y){}if(!p)try{p=n[m].getAttribute("clas
2023-06-07 22:21:59 UTC	3981	IN	Data Raw: 63 2b 22 26 62 77 3d 22 2b 67 2b 0a 22 26 62 78 3d 22 2b 65 2b 22 26 62 79 3d 22 2b 28 65 2d 66 29 2b 22 26 62 7a 3d 22 2b 6c 2b 22 26 63 61 3d 22 2b 6c 2b 22 26 61 44 3d 22 2b 65 2c 21 31 29 7d 7d 63 61 74 63 68 28 68 29 7b 42 28 68 2c 22 71 75 65 75 65 4e 57 45 76 65 6e 74 22 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 47 67 28 29 7b 69 66 28 79 29 74 72 79 7b 76 61 72 20 61 3d 41 28 22 65 76 65 6e 74 73 49 6e 50 61 63 6b 65 74 43 6f 75 6e 74 65 72 22 29 2c 62 3d 70 61 72 73 65 49 6e 74 28 61 29 3b 72 65 74 75 72 6e 20 69 73 4e 61 4e 28 62 29 3f 30 3a 62 7d 63 61 74 63 68 28 63 29 7b 72 65 74 75 72 6e 20 50 28 29 2c 30 7d 65 6c 73 65 20 49 63 7c 7c 28 49 63 3d 30 29 3b 72 65 74 75 72 6e 20 49 63 7d 66 75 6e 63 74 69 6f 6e 20 61 66 28 29 7b 69 66 28 79 26 26 51 Data Ascii: c+"&bw="+g+"&bx="+e+"&by="+(e-f)+"&bz="+l+"&ca="+l+"&aD="+e,!1)}}catch(h){B(h,"queueNWEvent")}}function Gg(){if(y)try{var a=A("eventsInPacketCounter"),b=parseInt(a);return isNaN(b)?0:b}catch(c){return P(),0}else Ic\|\|(Ic=0);return Ic}function af(){if(y&&Q
2023-06-07 22:21:59 UTC	3989	IN	Data Raw: 6e 67 20 64 65 6c 61 79 65 64 20 66 6f 72 6d 20 73 75 62 6d 69 74 22 29 7d 72 65 74 75 72 6e 7d 7d 62 63 28 29 7d 7d 7d 63 61 74 63 68 28 71 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 4c 67 28 29 7b 69 66 28 21 4c 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 64 2b 22 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 22 29 3b 69 66 28 61 29 7b 61 2e 73 72 63 3d 22 22 3b 61 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 61 29 3b 61 2e 64 65 74 61 63 68 45 76 65 6e 74 3f 28 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 64 62 29 2c 61 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 65 72 72 6f 72 22 2c 47 61 29 29 3a 61 2e 72 65 6d 6f Data Ascii: ng delayed form submit")}return}}bc()}}}catch(q){}}function Lg(){if(!L){var a=document.getElementById(d+"ScriptElement");if(a){a.src="";a.parentNode&&a.parentNode.removeChild(a);a.detachEvent?(a.detachEvent("onload",db),a.detachEvent("onerror",Ga)):a.remo
2023-06-07 22:21:59 UTC	3997	IN	Data Raw: 22 29 3b 65 6c 73 65 20 74 68 69 73 5b 64 2b 22 53 75 62 6d 69 74 22 5d 28 29 7d 65 6c 73 65 20 74 68 69 73 5b 64 2b 0a 22 53 75 62 6d 69 74 22 5d 28 29 3b 65 6c 73 65 20 54 28 22 70 72 6f 63 65 73 73 53 75 62 6d 69 74 46 75 6e 63 74 69 6f 6e 22 2c 22 4f 72 69 67 69 6e 61 6c 20 73 75 62 6d 69 74 20 66 75 6e 63 74 69 6f 6e 20 66 6f 72 20 66 6f 72 6d 20 75 6e 61 76 61 69 6c 61 62 6c 65 22 29 3b 74 68 69 73 5b 64 2b 22 66 6f 72 6d 49 73 50 72 6f 63 65 73 73 69 6e 67 22 5d 3d 22 22 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 66 28 61 29 7b 76 61 72 20 62 3d 77 69 6e 64 6f 77 3b 61 7c 7c 28 61 3d 62 2e 65 76 65 6e 74 29 3b 61 2e 73 72 63 45 6c 65 6d 65 6e 74 3f 65 63 28 61 2e 73 72 63 45 6c 65 6d 65 6e 74 29 3a 61 2e 74 61 72 67 65 74 3f 65 63 28 61 2e 74 61 72 67 65 Data Ascii: ");else this[d+"Submit"]()}else this[d+"Submit"]();else T("processSubmitFunction","Original submit function for form unavailable");this[d+"formIsProcessing"]=""}}function tf(a){var b=window;a\|\|(a=b.event);a.srcElement?ec(a.srcElement):a.target?ec(a.targe
2023-06-07 22:21:59 UTC	3997	IN	Data Raw: 54 28 22 70 72 6f 63 65 73 73 4f 6e 53 75 62 6d 69 74 22 2c 22 55 6e 72 65 63 6f 67 6e 69 73 65 64 20 65 76 65 6e 74 20 66 6f 72 6d 61 74 20 2d 20 6e 6f 20 73 72 63 45 6c 65 6d 65 6e 74 20 6f 72 20 74 61 72 67 65 74 20 70 72 6f 70 65 72 74 69 65 73 20 61 76 61 69 6c 61 62 6c 65 22 29 7d 66 75 6e 63 74 69 6f 6e 20 75 66 28 61 2c 62 2c 63 29 7b 63 3d 65 28 22 26 61 70 3d 66 6f 72 6d 6c 6f 6f 6b 75 70 26 61 74 3d 46 4f 52 4d 22 2c 22 61 69 22 2c 63 2c 31 29 3b 63 3d 65 28 63 2c 22 61 6e 22 2c 62 2c 31 29 3b 63 3d 65 28 63 2c 22 75 64 22 2c 61 2c 30 29 3b 4f 28 22 58 22 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 76 66 28 61 29 7b 69 66 28 6e 75 6c 6c 21 3d 61 26 26 61 2e 65 6c 65 6d 65 6e 74 73 29 7b 76 61 72 20 62 3d 49 61 28 61 29 2c 63 3d 4a 61 28 61 29 3b 61 Data Ascii: T("processOnSubmit","Unrecognised event format - no srcElement or target properties available")}function uf(a,b,c){c=e("&ap=formlookup&at=FORM","ai",c,1);c=e(c,"an",b,1);c=e(c,"ud",a,0);O("X",c)}function vf(a){if(null!=a&&a.elements){var b=Ia(a),c=Ja(a);a
2023-06-07 22:21:59 UTC	4005	IN	Data Raw: 53 69 6c 76 65 72 6c 69 67 68 74 45 76 65 6e 74 46 6f 72 4d 65 64 69 61 45 6c 65 6d 65 6e 74 22 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 5a 67 28 61 29 7b 76 61 72 20 62 3d 22 22 3b 74 72 79 7b 62 3d 61 2e 69 64 7d 63 61 74 63 68 28 63 29 7b 7d 69 66 28 21 62 29 74 72 79 7b 62 3d 61 2e 6e 61 6d 65 7d 63 61 74 63 68 28 63 29 7b 7d 61 3d 65 28 22 22 2c 22 74 72 22 2c 22 53 69 6c 76 65 72 6c 69 67 68 74 22 2c 31 29 3b 61 3d 65 28 61 2c 22 74 73 22 2c 22 6e 6f 20 69 6e 66 6f 22 2c 31 29 3b 61 3d 65 28 61 2c 22 61 69 22 2c 62 2c 31 29 3b 4a 28 22 4f 22 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 24 67 28 61 2c 62 29 7b 74 72 79 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 57 63 29 7b 76 61 72 20 64 3d 61 2e 66 69 6e 64 4e 61 6d 65 28 57 63 5b 63 5d 29 3b 56 63 28 64 2c Data Ascii: SilverlightEventForMediaElement")}}}function Zg(a){var b="";try{b=a.id}catch(c){}if(!b)try{b=a.name}catch(c){}a=e("","tr","Silverlight",1);a=e(a,"ts","no info",1);a=e(a,"ai",b,1);J("O",a)}function $g(a,b){try{for(var c in Wc){var d=a.findName(Wc[c]);Vc(d,
2023-06-07 22:21:59 UTC	4013	IN	Data Raw: 28 63 29 7b 7d 7d 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 69 66 28 61 29 7b 76 61 72 20 62 3d 22 26 61 70 3d 74 77 69 74 74 65 72 22 2c 62 3d 65 28 62 2c 22 76 67 22 2c 61 2e 64 61 74 61 2e 73 6f 75 72 63 65 5f 74 77 65 65 74 5f 69 64 29 3b 4a 28 22 6e 22 2c 62 29 7d 7d 63 61 74 63 68 28 63 29 7b 7d 7d 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 26 26 4a 28 22 6d 22 2c 22 26 61 70 3d 74 77 69 74 74 65 72 22 29 7d 3b 69 66 28 74 77 74 74 72 26 26 74 77 74 74 72 2e 61 6e 79 77 68 65 72 65 29 7b 69 66 28 6c 68 29 74 72 79 7b 6d 68 28 29 2c 74 77 74 74 72 2e 61 6e 79 77 68 65 72 65 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 61 2e 62 69 6e 64 28 22 61 75 74 68 43 6f 6d 70 6c 65 74 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b Data Ascii: (c){}},c=function(a){try{if(a){var b="&ap=twitter",b=e(b,"vg",a.data.source_tweet_id);J("n",b)}}catch(c){}},d=function(a){a&&J("m","&ap=twitter")};if(twttr&&twttr.anywhere){if(lh)try{mh(),twttr.anywhere(function(a){try{a.bind("authComplete",function(a,b){
2023-06-07 22:21:59 UTC	4021	IN	Data Raw: 69 66 69 65 72 22 5d 26 26 28 6e 2e 72 75 6c 65 49 64 3d 6c 5b 64 2b 22 72 75 6c 65 49 64 65 6e 74 69 66 69 65 72 22 5d 2c 74 3d 21 30 29 3b 6c 5b 64 2b 22 63 6f 6e 74 65 6e 74 49 64 65 6e 74 69 66 69 65 72 22 5d 26 26 28 6e 2e 63 6f 6e 74 65 6e 74 49 64 3d 6c 5b 64 2b 22 63 6f 6e 74 65 6e 74 49 64 65 6e 74 69 66 69 65 72 22 5d 2c 74 3d 21 30 29 3b 6c 5b 64 2b 22 63 75 73 74 6f 6d 49 64 65 6e 74 69 66 69 65 72 22 5d 26 26 28 6e 2e 63 75 73 74 6f 6d 49 64 3d 6c 5b 64 2b 22 63 75 73 74 6f 6d 49 64 65 6e 74 69 66 69 65 72 22 5d 2c 74 3d 21 30 29 3b 6b 3d 74 3f 6e 3a 6e 75 6c 6c 7d 65 6c 73 65 20 6b 3d 6e 75 6c 6c 7d 69 66 28 66 3d 3d 3d 71 62 28 66 29 29 62 72 65 61 6b 3b 66 3d 71 62 28 66 29 7d 7d 63 61 74 63 68 28 6d 29 7b 42 28 6d 2c 22 65 72 72 6f 72 20 Data Ascii: ifier"]&&(n.ruleId=l[d+"ruleIdentifier"],t=!0);l[d+"contentIdentifier"]&&(n.contentId=l[d+"contentIdentifier"],t=!0);l[d+"customIdentifier"]&&(n.customId=l[d+"customIdentifier"],t=!0);k=t?n:null}else k=null}if(f===qb(f))break;f=qb(f)}}catch(m){B(m,"error
2023-06-07 22:21:59 UTC	4029	IN	Data Raw: 75 65 3d 21 31 2c 77 69 6e 64 6f 77 5b 64 2b 22 64 54 4f 22 5d 3d 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 7a 68 2c 35 30 30 29 29 3a 28 77 69 6e 64 6f 77 5b 64 2b 22 6e 61 76 53 65 6e 74 22 5d 3d 21 31 2c 52 61 3d 22 22 29 7d 65 6c 73 65 20 77 69 6e 64 6f 77 5b 64 2b 22 6e 61 76 53 65 6e 74 22 5d 3d 21 31 2c 52 61 3d 22 22 7d 7d 7d 63 61 74 63 68 28 65 29 7b 77 69 6e 64 6f 77 5b 64 2b 22 6e 61 76 53 65 6e 74 22 5d 3d 21 31 2c 52 61 3d 22 22 7d 44 62 3f 64 6f 63 75 6d 65 6e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 49 62 2c 21 31 29 3a 64 6f 63 75 6d 65 6e 74 2e 64 65 74 61 63 68 45 76 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 63 6c 69 63 6b 22 2c 49 Data Ascii: ue=!1,window[d+"dTO"]=window.setTimeout(zh,500)):(window[d+"navSent"]=!1,Ra="")}else window[d+"navSent"]=!1,Ra=""}}}catch(e){window[d+"navSent"]=!1,Ra=""}Db?document.removeEventListener("click",Ib,!1):document.detachEvent&&document.detachEvent("onclick",I
2023-06-07 22:21:59 UTC	4037	IN	Data Raw: 64 20 30 29 2c 5a 63 28 21 31 29 29 7d 53 62 26 26 68 2e 73 65 74 54 69 6d 65 6f 75 74 28 51 66 2c 32 30 30 29 3b 28 55 61 7c 7c 56 61 7c 7c 7a 61 7c 7c 57 7c 7c 65 61 29 26 26 68 2e 73 65 74 54 69 6d 65 6f 75 74 28 77 66 2c 32 30 30 29 3b 43 28 68 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 22 2c 77 68 2c 76 6f 69 64 20 30 29 3b 43 28 68 2c 22 75 6e 6c 6f 61 64 22 2c 78 68 2c 76 6f 69 64 20 30 29 3b 4d 65 26 26 43 28 68 2c 22 65 72 72 6f 72 22 2c 48 68 2c 76 6f 69 64 20 30 29 3b 53 62 26 26 43 28 68 2c 22 72 65 73 69 7a 65 22 2c 49 68 2c 76 6f 69 64 20 30 29 7d 63 61 74 63 68 28 65 29 7b 42 28 65 2c 22 61 74 74 61 63 68 42 61 73 69 63 48 61 6e 64 6c 65 72 73 22 29 7d 74 72 79 7b 76 61 72 20 77 3d 68 5b 64 2b 22 63 6f 6c 6c 65 63 74 45 78 63 6c 75 64 65 22 Data Ascii: d 0),Zc(!1))}Sb&&h.setTimeout(Qf,200);(Ua\|\|Va\|\|za\|\|W\|\|ea)&&h.setTimeout(wf,200);C(h,"beforeunload",wh,void 0);C(h,"unload",xh,void 0);Me&&C(h,"error",Hh,void 0);Sb&&C(h,"resize",Ih,void 0)}catch(e){B(e,"attachBasicHandlers")}try{var w=h[d+"collectExclude"
2023-06-07 22:21:59 UTC	4045	IN	Data Raw: 65 61 64 79 22 2c 22 72 65 63 6f 6e 6e 65 63 74 69 6e 67 22 5d 2c 0a 41 66 3d 22 73 74 6f 70 70 65 64 20 63 6f 6e 74 61 63 74 69 6e 67 20 62 75 66 66 65 72 69 6e 67 20 70 6c 61 79 69 6e 67 20 70 61 75 73 65 64 20 73 65 65 6b 69 6e 67 20 62 75 73 79 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 41 66 2e 74 72 61 6e 73 3d 22 74 72 61 6e 73 69 74 69 6f 6e 69 6e 67 22 3b 76 61 72 20 61 68 3d 5b 22 73 74 6f 70 70 65 64 22 2c 22 70 6c 61 79 69 6e 67 22 2c 22 70 61 75 73 65 64 22 2c 22 62 75 66 66 65 72 69 6e 67 22 2c 2c 22 72 65 61 64 79 22 5d 2c 6a 63 3d 7b 7d 2c 45 66 3d 21 31 2c 54 63 3d 5b 5d 2c 6c 62 3d 5b 5d 2c 59 63 3d 5b 5d 2c 66 61 3d 5b 5d 2c 57 64 3d 21 31 2c 55 63 3d 22 22 2c 24 64 3d 7b 7d 2c 57 63 3d 7b 7d 2c 77 64 3d 7b 7d 3b 68 5b 64 2b 22 6d 65 64 69 Data Ascii: eady","reconnecting"],Af="stopped contacting buffering playing paused seeking busy".split(" ");Af.trans="transitioning";var ah=["stopped","playing","paused","buffering",,"ready"],jc={},Ef=!1,Tc=[],lb=[],Yc=[],fa=[],Wd=!1,Uc="",$d={},Wc={},wd={};h[d+"medi
2023-06-07 22:21:59 UTC	4053	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 61 2c 64 29 7b 76 61 72 20 65 2c 6d 2c 6e 2c 74 3b 69 66 28 21 30 3d 3d 3d 6c 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 67 65 74 48 61 73 68 20 61 66 74 65 72 20 73 65 74 74 69 6e 67 20 48 4d 41 43 20 6b 65 79 22 29 3b 6e 3d 43 28 64 29 3b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 22 48 45 58 22 3a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 44 28 61 2c 6b 2c 6e 29 7d 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 42 36 34 22 3a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 45 28 61 2c 6b 2c 6e 29 7d 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 42 59 54 45 53 22 3a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 46 28 61 2c 6b 29 7d 3b 62 72 65 61 6b 3b 63 Data Ascii: unction(a,d){var e,m,n,t;if(!0===l)throw Error("Cannot call getHash after setting HMAC key");n=C(d);switch(a){case "HEX":e=function(a){return D(a,k,n)};break;case "B64":e=function(a){return E(a,k,n)};break;case "BYTES":e=function(a){return F(a,k)};break;c

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:59 UTC	4060	OUT	POST /8456/28347814390/XBW09WEA78JG/jsEvent.json HTTP/1.1 Host: www.mcmprod.hsbc.co.uk Connection: keep-alive Content-Length: 446 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://www.hsbc.co.uk Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.hsbc.co.uk/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; vtz47gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCCDID=null_2_bab5298f20cf45d183c9bae79258296a; csaHSBCCDuvt=d810b33dae0d4b9aa0923c91bf7fffb6; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2; MCM-PROD-WDC=3498363658.47873.0000; TS01977c0f=0105ea404aba623627d60f60cab85d7d34cc40ddf3d6c1590b182eaf538e8f58e6ef77d7cfe966f66479c0a22a31d466c20031be7a
2023-06-07 22:21:59 UTC	4062	OUT	Data Raw: 7a 3d 6e 75 6c 6c 5f 32 5f 62 61 62 35 32 39 38 66 32 30 63 66 34 35 64 31 38 33 63 39 62 61 65 37 39 32 35 38 32 39 36 61 26 79 3d 38 31 34 37 31 35 31 34 33 38 33 21 32 61 3d 4c 31 36 21 36 30 61 45 32 21 2b 38 39 33 2b 32 44 3d 32 30 38 36 31 39 75 3d 6c 61 70 31 3d 74 62 75 65 2b 72 74 2b 65 6e 3d 64 64 6f 61 75 6d 6f 63 4f 30 2b 31 2b 30 61 78 79 3d 2b 61 61 31 36 38 39 32 3d 2d 3d 5f 61 51 38 36 30 64 33 37 33 30 30 37 31 38 2e 39 36 35 33 61 32 39 35 35 38 39 63 34 33 38 65 66 63 65 5f 33 31 38 65 30 31 35 32 30 2b 32 36 3d 30 63 6f 3d 2b 61 61 41 31 43 3d 2b 61 31 61 71 33 2b 3d 30 37 61 67 30 2b 2b 30 35 33 34 64 3d 2b 61 61 36 33 39 31 61 3d 30 31 32 6a 3d 2b 3d 30 30 2b 61 6b 3d 61 53 33 2b 2b 61 33 31 32 5a 3d 3d 3d 39 61 62 2b 61 31 76 72 34 Data Ascii: z=null_2_bab5298f20cf45d183c9bae79258296a&y=81471514383!2a=L16!60aE2!+893+2D=208619u=lap1=tbue+rt+en=ddoaumocO0+1+0axy=+aa16892=-=_aQ860d37300718.9653a295589c438efce_318e01520+26=0co=+aaA1C=+a1aq3+=07ag0++0534d=+aa6391a=012j=+=00+ak=aS3++a312Z===9ab+a1vr4
2023-06-07 22:22:00 UTC	4062	IN	HTTP/1.1 200 OK Date: Wed, 07 Jun 2023 22:22:00 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Access-Control-Allow-Origin: https://www.hsbc.co.uk Access-Control-Allow-Credentials: true Content-Type: application/json X-Content-Type-Options: nosniff Pragma: no-cache Cache-Control: no-store Cache-Control: no-cache P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL" Content-Length: 50 Set-Cookie: vtz47gabsosd=csaHSBC__2834781601_1686208919213_1686176519198_8456; secure; SameSite=None; path=/; HttpOnly Set-Cookie: csaHSBCCDID=null_2_bab5298f20cf45d183c9bae79258296a; secure; SameSite=None; path=/; HttpOnly Vary: User-Agent S: LWSMCMRP103UK Connection: close Set-Cookie: TS01977c0f=0105ea404aba623627d60f60cab85d7d34cc40ddf3d6c1590b182eaf538e8f58e6ef77d7cfe966f66479c0a22a31d466c20031be7a; Path=/
2023-06-07 22:22:00 UTC	4063	IN	Data Raw: 7b 22 63 6f 6e 74 65 6e 74 52 65 73 70 6f 6e 73 65 22 3a 22 5b 5d 22 2c 22 72 65 73 70 6f 6e 73 65 52 65 63 65 69 76 65 64 22 3a 22 74 72 75 65 22 7d Data Ascii: {"contentResponse":"[]","responseReceived":"true"}

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4067	OUT	GET /content/dam/hsbc/gb/images/insurance/21-9/10039-eating-pizza-surrounded-by-moving-box-mass-retail-933x400.jpg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:01 UTC	4068	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 260811 Connection: close Date: Wed, 07 Jun 2023 22:21:54 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Wed, 07 Jun 2023 13:13:56 GMT Accept-Ranges: bytes S: dispatcher3euwest1 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 7e5808188f3301eda7b952b4c6dfa208.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: WSEXLdeAIZKxuEjDI7wF40t1D7Q88j7SpkHqGlciz7DpOyOuy24rKw== Age: 7
2023-06-07 22:22:01 UTC	4069	IN	Data Raw: ff d8 ff db 00 84 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 02 02 02 02 02 02 02 02 02 02 03 03 03 03 03 03 03 03 03 03 01 01 01 01 01 01 01 02 01 01 02 02 02 01 02 02 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 ff dd 00 04 00 75 ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff c0 00 11 08 01 90 03 a5 03 00 11 00 01 11 01 02 11 01 ff c4 00 e8 00 00 01 04 03 01 01 01 01 00 00 00 00 00 00 00 00 04 03 05 06 07 02 08 09 01 0a 00 0b 01 00 01 05 01 01 01 01 00 00 00 00 00 00 00 00 00 02 00 01 03 04 05 06 07 08 09 10 00 02 01 03 03 02 04 04 03 06 03 05 03 05 01 21 01 Data Ascii: uAdobed!
2023-06-07 22:22:01 UTC	4077	IN	Data Raw: 3d b3 d0 06 72 88 9a 2e bf 30 9e 55 ef ca 01 20 76 1c 14 31 ba 95 c0 62 78 e3 db 3c 74 e1 b8 d5 5a d3 87 b4 cb 23 9d 7e 8a 90 20 30 c8 aa 8d 19 dc 85 81 e5 3d 80 38 e9 25 10 7b 51 34 eb 74 c6 64 ea 0d 67 05 39 59 e4 a7 61 98 6a 46 e8 b3 ff 00 ac 5e e0 13 d3 84 f6 a3 9e d4 0a 70 14 05 8f 49 3b d7 e5 a5 09 e6 06 5f 32 36 3e 54 be cc 1c 7e 12 01 f6 19 e9 c2 00 d0 ed df 4d d6 cc 41 85 6e 29 58 e1 11 8d be 5b 2b c3 85 c6 33 bd 0f b8 23 82 0e 7a 20 20 47 2a 45 72 66 41 49 a2 21 87 cb 66 45 04 33 1f 32 3c 67 f0 fb 80 07 b8 e8 93 29 25 23 49 a8 5c 5e 70 14 75 00 6b 58 3d 39 f5 aa 48 c0 4a 04 8a 0e 46 c9 54 f3 8f ae 5b a3 09 24 e5 07 43 41 9e 20 91 a8 d3 ca 8c 45 66 09 30 20 06 1e 54 d9 1f cc bd 9b 18 ea 70 93 01 5e 46 ab a9 43 54 72 da 92 08 76 49 4a 13 73 83 e6 Data Ascii: =r.0U v1bx<tZ#~ 0=8%{Q4tdg9YajF^pI;_26>T~MAn)X[+3#z G*ErfAI!fE32<g)%#I\^pukX=9HJFT[$CA Ef0 Tp^FCTrvIJs
2023-06-07 22:22:01 UTC	4093	IN	Data Raw: 80 47 db af ca 5c ac 25 20 a2 65 5a fa eb f4 11 61 d3 39 a2 2b 41 3e 39 7c 14 3a 9f 4c 50 f8 a5 62 a6 77 bf e9 00 a9 74 48 94 ee ac b2 b3 83 23 05 5c 93 25 2b 2e e0 7d 80 fb f5 d8 f4 4f 12 fa 95 df d5 dd 31 6c fc 03 dc bd 92 7c f6 35 cf e2 4d 75 cd 14 8f e6 a2 48 ef 1c 47 c4 54 3f e1 8b 53 4e 68 e8 8c d2 be 23 44 47 56 38 dc 84 05 f7 ee 00 eb a5 c6 1a 4c f5 9c 86 a2 b9 74 a6 25 03 9d 74 ef 4f 54 c9 59 46 23 c1 0a 17 cc 85 b3 cb 9f 60 3d bf bf 5c 7a 90 48 22 22 35 14 6a 21 24 1f 23 52 61 9f e1 c8 30 03 8d 8e 18 82 a8 c3 8e de e4 9e 82 09 85 0d 01 1a f7 1a 69 93 90 f0 d7 c4 57 e7 8c 05 dd 20 f5 e4 a8 61 c9 0b f5 f7 20 63 a0 2d eb 2a f4 a9 e6 4c 0f 46 29 34 8f 0c c1 b0 f0 ba 82 80 0c 10 c0 f7 fc fa 6c 84 1c a7 54 1a 29 91 a6 8a 1b d2 8c c2 39 92 66 dd e5 48 Data Ascii: G\% eZa9+A>9\|:LPbwtH#\%+.}O1l\|5MuHGT?SNh#DGV8Lt%tOTYF#`=\zH""5j!$#Ra0iW a c-*LF)4lT)9fH
2023-06-07 22:22:01 UTC	4109	IN	Data Raw: 78 ff 00 e1 cd f7 c6 7d 2f 64 b0 58 7c 47 d5 3e 17 5f 74 d6 b7 b1 6b 2b 56 a1 d3 35 15 4b 1d 72 da 2a 16 4b 86 91 d5 16 fa 5a aa 27 be 68 ed 4f 4c a2 0a fa 33 22 ac b1 8c 64 13 b8 71 18 c5 83 98 bb 68 65 2f 38 cb 88 59 20 a6 75 04 14 ad 2a 00 89 4a 81 da 77 03 bc 1e 9f 06 c4 9b c2 1e 5b ce b0 dd c3 2e 34 50 52 ae 04 c1 4b 88 30 42 56 82 24 18 23 52 3c 3e 76 7e 37 3f 66 67 c5 a7 c4 3f 89 3e 36 58 1b 54 d6 e9 ed 29 e2 5d c3 c3 8d 1a 9e 27 d7 ea 5a 7b a6 85 d5 7e 05 68 eb 85 7d e6 c3 06 a7 d3 0b 6c 96 fd 4f af bc 2c 4d 49 73 a4 b7 d0 1a a8 a1 96 aa 1a 49 7c c9 61 f5 1e 49 db 5e 91 d8 e3 69 37 89 17 38 3c 02 95 93 05 b2 84 e5 42 46 b1 94 e5 4c ca 4a 82 4a 92 9d 60 d7 a5 d8 63 bd 17 56 04 d2 ed 4a 9b c6 d0 db 89 5b 39 34 51 71 52 56 57 c6 52 74 20 88 31 3a 69 Data Ascii: x}/dX\|G>_tk+V5KrKZ'hOL3"dqhe/8Y uJw[.4PRK0BV$#R<>v~7?fg?>6XT)]'Z{~h}lO,MIsI\|aI^i78<BFLJJ`cVJ[94QqRVWRt 1:i
2023-06-07 22:22:01 UTC	4109	IN	Data Raw: ea 91 ac 72 05 1a 9f 39 f1 e3 52 d5 5f f4 ce bd b8 df 23 b4 6b 4f 88 0b 5d 45 3e 9a a3 a1 b6 c1 68 b3 57 c3 68 12 c7 55 25 de b3 51 59 8d 7d a6 e5 55 1e a9 a7 f2 52 92 59 d4 c5 53 0c 12 a4 5b 54 3a ee eb 6c f1 ac 53 0f b7 76 2e ae 52 1d 67 22 81 4a 5c 4b 88 50 27 29 56 55 10 a0 a4 e9 04 29 24 c9 8a e3 af ba 37 82 e2 57 4c a9 cb 3b 65 75 2f 07 10 41 28 2d 38 93 97 3a 53 99 3f 75 44 76 82 92 60 c0 de 24 97 fd 1f a3 f5 6d 05 4e 94 a8 d5 fa d6 ba a6 f5 6d b9 db e3 5d 41 5d 5d 69 af d4 30 49 04 8d 56 90 ca 29 a8 5a 77 86 92 52 85 21 d9 2c 70 67 d4 08 dd d7 2f 89 3f fc 44 aa d5 77 77 19 dc 4a 92 12 ae ca 54 23 50 0c 4a b4 d3 79 89 d6 6b b7 c2 b0 d6 f0 d6 d3 78 2c 2d 8b 4d 94 a8 a9 3d a5 37 ae 8a 54 1d 3b 5a c9 11 31 a7 0a f9 3e fd a3 9f 0e 1e 38 7c 39 35 b2 fd Data Ascii: r9R_#kO]E>hWhU%QY}URYS[T:lSv.Rg"J\KP')VU)$7WL;eu/A(-8:S?uDv`$mNm]A]]i0IV)ZwR!,pg/?DwwJT#PJykx,-M=7T;Z1>8\|95
2023-06-07 22:22:01 UTC	4125	IN	Data Raw: f6 fb 01 92 63 8d 2d 06 b1 4f b1 4e b0 d2 19 6a 29 ca c3 e6 30 07 71 de 58 6e 6d a7 6e 0b b0 07 07 19 03 ef 93 d2 3a 08 3b 54 44 05 2b b2 75 a3 da f0 a5 9e 18 ea 0d 33 24 64 27 fc 42 65 35 1b a4 50 c8 70 01 42 08 0c c3 3c 0f b7 4e 56 45 0f 54 62 54 26 80 8e 73 1a c8 cc a3 74 72 3c cb ca 8d d2 b3 aa 6f f7 1b 8b c6 42 ee fa e3 8c 0e 80 29 20 78 54 84 0d 3b f4 f9 fe 95 9c 52 33 05 8b 7b 7c c4 e8 8c 51 56 2f 30 f9 8b 12 ed 68 c1 09 8d ad 8e e0 67 91 9e dd 36 94 e5 3f e5 14 f3 14 32 47 1c 32 09 64 21 e1 c2 ab 2a 48 3c c0 25 5d ef 1f e2 49 23 25 88 27 04 76 1c 74 f0 23 72 0d 44 48 98 81 33 4b 19 94 1a 76 2c 12 31 16 1a 4f 33 32 79 a6 a0 c4 cc 37 61 8c 52 85 dc 49 f7 1f 6e 5c 81 a1 a6 13 a8 e3 4e c1 16 72 24 73 2c 8c 23 89 08 88 90 53 62 63 6b 91 c3 13 9c ee f7 Data Ascii: c-ONj)0qXnmn:;TD+u3$d'Be5PpB<NVETbT&str<oB) xT;R3{\|QV/0hg6?2G2d!*H<%]I#%'vt#rDH3Kv,1O32y7aRIn\Nr$s,#Sbck
2023-06-07 22:22:01 UTC	4142	IN	Data Raw: 7a 12 24 54 96 1e 68 23 cf fe a4 7f 6b bb 91 fe 7f a7 57 12 7e ca 38 c7 fd d5 58 ff 00 33 cf fe da 22 2c 28 19 24 03 c2 83 8c 93 df 00 77 e4 7b 7d 3f 5e 88 11 1d f4 24 6b a5 3b d2 91 8c 7d bd cf 23 9c e0 e7 38 00 ff 00 4e a7 6c 82 2a 07 22 74 ab 07 45 6f 17 59 8a fb db a7 1c f6 04 cd 4d 8c f7 e4 00 70 7d ba d2 b2 fe 69 3f 97 e3 54 df 8c 82 79 d5 a7 1f 0b 2f 3d a4 5e d9 e3 30 c6 39 eb 5b 6d 2a 9e e4 78 50 15 c4 07 b7 e7 de eb 6c 23 9f 7f 99 e7 9e 31 d4 6e 47 67 f5 8a 91 3c 7f 49 a7 72 7d fb fd 31 8e ff 00 4f b1 ff 00 2e 8e 86 bd ed ef 92 4f 73 db df 80 3e 80 74 a9 53 7d c1 87 97 4f db 9a a8 87 f6 7f fc 3a 15 6d e7 52 b5 b9 fd 35 eb 11 8e fd c6 30 33 9f b9 1e dc 74 e4 53 24 70 e1 58 87 21 8f e4 33 fa 7f 7e dd 0c eb 14 59 44 6b b5 2a 93 ed 18 27 eb 9f eb 9f Data Ascii: z$Th#kW~8X3",($w{}?^$k;}#8Nl"tEoYMp}i?Ty/=^09[mxPl#1nGg<Ir}1O.Os>tS}O:mR503tS$pX!3~YDk*'
2023-06-07 22:22:01 UTC	4158	IN	Data Raw: 21 48 fc 87 07 ab 4d ab 81 da a8 be de 51 dd 4f 3a a6 a8 08 6c 6b bb 07 f7 69 24 7d cb a7 f6 04 1e ac be e4 04 01 af 66 a0 b6 44 e7 fd 55 5f d5 d7 81 1b fa bd 8f df 2d cf 1f 65 18 fc cf 54 d4 b8 49 27 c6 af 21 9d 44 d5 74 b7 4f 3b 57 e9 1a 7c fa 66 d4 18 ed c1 f2 6d d5 d3 1f be 70 bd 66 87 b3 5e 34 81 af da 7c 0d 6a a9 8c b6 2f 2c f0 6f fe e1 55 cf 89 fa 9b e4 6c fa a4 ab 85 9a ba aa ba d9 4e 4e 39 96 e3 5f 2c 0d b7 24 03 88 37 91 f9 75 cf 74 b3 12 36 78 35 d2 d0 47 58 b0 5b 4f 8a d5 97 d8 24 d7 49 d0 cc 27 eb f8 ed 9b 6a 49 2d 37 0e 2b c1 b1 9b da ac a2 a0 be 1a bf 95 4e 11 4a ef 9a 34 68 9e 48 b9 0c 8e 16 25 56 50 a1 e9 d0 0e 01 f6 fe 6c 63 af 24 c1 54 26 04 05 18 8f 5e 95 ee 18 ea 02 a0 aa 72 89 98 3d da f9 fc c7 2d 8c a5 04 d2 46 18 46 ee 43 29 21 9b Data Ascii: !HMQO:lki$}fDU_-eTI'!DtO;W\|fmpf^4\|j/,oUlNN9_,$7ut6x5GX[O$I'jI-7+NJ4hH%VPlc$T&^r=-FFC)!
2023-06-07 22:22:01 UTC	4173	IN	Data Raw: e7 c2 ff 00 10 e8 ef 75 9a e7 52 69 aa fb 9d bf 4f 5f 23 ad bf 68 ab 3d 65 75 5d 0d b6 cc c2 f1 1f aa e1 7a af 7f df 11 53 a7 9e 0d 2b 20 68 fc c2 07 ce 78 2f d5 1b e8 d5 97 46 b1 06 2e 3e bf 73 74 a6 73 a5 06 1c b3 61 45 28 6d 06 44 2d 2a ec 5c b6 98 73 b2 4e cb cd 5e e5 8c 1c 65 cc 76 f7 1a b2 be b4 36 2d 5a a1 d0 85 38 88 6e e5 d4 8c cb 58 cb e8 e4 13 6e b5 76 0e 61 be 48 ad c7 d0 96 0f 0a 86 a6 d6 d6 9b 6f c3 86 b6 bc d3 e9 d9 f4 f5 bb 4f 5b ea 34 e5 2d b6 96 87 49 d0 d1 a2 5a 34 c5 4d 35 fe f1 f2 f4 10 50 3b bc be 56 c6 ca d4 29 2c 41 da be c9 d1 bb 2c 38 e2 58 c6 1f f5 27 57 6e cd f2 4a 1b ca 12 03 45 96 c8 41 05 51 96 46 a0 48 cc 75 e5 5e 4b 8e de 63 42 c6 c2 ed dc 5e dd b7 5e 61 65 c5 85 a9 65 4e e7 56 67 01 42 24 92 20 4e 9e 8e 9c eb 64 69 a9 ef Data Ascii: uRiO_#h=eu]zS+ hx/F.>stsaE(mD-*\sN^ev6-Z8nXnvaHoO[4-IZ4M5P;V),A,8X'WnJEAQFHu^KcB^^aeeNVgB$ Ndi
2023-06-07 22:22:01 UTC	4175	IN	Data Raw: 84 6b 0a 3f 0a de 0b 44 a1 c8 85 bc c8 e2 92 49 0c 62 40 87 cd 58 f6 e5 b2 1f f0 85 24 83 93 93 ed d7 91 be 23 b4 22 63 d5 5d 6a 73 1d 79 d3 3d 54 eb 05 72 64 85 55 a6 af 56 93 0e c8 8a f5 2d b5 e3 8c 6e dd e6 79 60 10 79 27 18 e3 ae de d5 11 66 da 7f 22 7d df d6 b2 d5 aa d4 78 e6 a9 0d 34 8f 4c 6a 66 2e 5a 25 b7 53 40 c8 8b bb 79 a9 9d 26 21 e1 1f c3 76 d9 27 a9 4a a9 1f 9e 0f 42 40 3a 0d e4 d3 8a 94 52 ca 6a 25 95 bc c8 a4 a6 42 a7 0b 1a 22 c7 0d 3c 1b 65 92 76 62 e2 40 83 01 d4 10 08 23 df 04 56 50 81 ae 87 e7 6a 7d b9 d2 7b 94 aa 3b 81 bd 3c 98 84 6d 26 4b 88 de 40 cb 27 21 cb 18 f0 49 04 ef 8c f7 cf 43 03 9d 3c 70 e1 4f 7f 33 14 89 0c 33 08 84 e9 4f 17 91 24 5e 76 d4 9f 64 cd 50 23 3e b9 4a e5 d5 71 b3 27 e9 d4 44 44 9d c5 28 3c 29 c2 9d 9c fa a3 69 Data Ascii: k?DIb@X$#"c]jsy=TrdUV-ny`y'f"}x4Ljf.Z%S@y&!v'JB@:Rj%B"<evb@#VPj}{;<m&K@'!IC<pO33O$^vdP#>Jq'DD(<)i
2023-06-07 22:22:01 UTC	4191	IN	Data Raw: 64 67 cf 07 d1 51 88 74 7e 2e ea f5 3c 3b 1a b4 c6 ed fa fb 00 7e aa d3 2b 44 f7 25 5d 94 83 b9 09 d8 4e a0 11 ce b8 00 da 26 c7 66 f1 57 4f 51 68 3b 9d d7 55 7c 85 02 c9 75 d2 8d 2f ef ab a4 f7 5b 9d 55 6f fb 4d 60 8a 9e 86 86 8a 26 b2 c9 25 3d 30 b8 d4 79 8d 16 e7 30 54 b0 67 60 7e 92 c3 2f 6e ae f0 67 4e 20 da 19 2b 58 ca e0 19 52 12 94 8c 8b 32 54 73 41 39 04 03 10 a4 e8 04 79 c7 48 70 db 5b 4e 90 b4 9c 39 d5 bc 96 d2 42 d1 39 d6 4a 89 2b 4c 04 a4 65 9c b9 cc c4 ca 55 ac 8a da 0b 55 82 4a 5b b6 a3 d0 ba 82 ff 00 6e b6 5c 2e 30 c9 0d f2 be f3 65 bc c7 42 4b 2d 25 da f5 43 ad 25 bf 3d 05 3d 55 65 74 af 4a 2d 76 95 8c 52 d4 ad 4b ca b3 9f 94 65 8e 8b a0 f5 2d df 5b b6 a2 91 19 40 52 49 e2 12 5b 09 92 00 00 e7 5e e2 00 ca 33 02 41 92 94 dc 39 87 be e8 04 Data Ascii: dgQt~.<;~+D%]N&fWOQh;U\|u/[UoM`&%=0y0Tg`~/ngN +XR2TsA9yHp[N9B9J+LeUUJ[n\.0eBK-%C%==UetJ-vRKe-[@RI[^3A9
2023-06-07 22:22:01 UTC	4207	IN	Data Raw: 8d a9 2a b7 79 2b 1b 54 ce 27 a5 a8 9a 10 24 c4 d0 c6 c1 1e 3e 0b c8 88 db 3f ec f5 eb a9 65 49 53 4a eb 5d 28 01 2a cc a9 1b cc 08 20 1d 3b 24 89 0a d4 00 48 cb fe 3f 60 85 ba da 83 a9 ea 9a 0e 12 a4 14 a7 29 db 52 64 12 35 82 01 82 38 a8 03 1f d2 da eb 5b eb 4a 97 86 8b 4d 52 69 9a 2a 48 5e 3b e5 da ea 6a ab 5a 96 e7 52 fb e9 6d b6 b8 65 4a 25 b8 5c ed b6 d6 47 ab 46 1e 5a 55 48 23 66 50 8c 1a ed fe 15 86 e1 88 cc e3 ea 7d d5 1e c2 13 09 94 8d d4 a2 33 65 4a 95 21 07 72 81 98 03 22 23 c3 f1 4c 57 14 5e 56 98 4b 0c a5 30 b5 ae 55 0b 3a 84 a4 42 73 29 29 82 be 01 67 29 80 0c ec 5e 99 b1 da e4 a0 5d 45 ab ab 2b 6d 3a 1a db 52 28 2b 2e 34 df 2c ba 8b 54 dd 62 51 23 e9 ad 1f 04 e9 1d 1d 55 fa a3 21 aa aa 76 1a 3b 54 2c 65 94 16 f2 e1 7e 7c 21 6e 38 52 81 da Data Ascii: y+T'$>?eISJ]( ;$H?`)Rd58[JMRi*H^;jZRmeJ%\GFZUH#fP}3eJ!r"#LW^VK0U:Bs))g)^]E+m:R(+.4,TbQ#U!v;T,e~\|!n8R
2023-06-07 22:22:01 UTC	4223	IN	Data Raw: de ea ed d4 92 98 f9 c9 3b 18 c8 15 89 e7 df a9 53 d1 7e 82 5a 9c d7 77 a8 5a f9 37 98 d2 56 25 8d 3f fc 8b 38 fd 64 0a f2 1a 4f 8a 7b de c6 ac d4 d6 2b 11 24 86 22 ae e1 5e f1 02 3f c1 1e d8 f2 39 f7 f6 e9 14 fd 1e db 12 1b 65 f7 bc 80 1e ba 40 74 85 c1 da fa bb 63 d6 69 96 a3 e1 df 59 ea 4a f9 ee 1a df c5 7b d5 75 44 ac af 24 76 ba 41 4a a0 28 c0 09 35 43 c8 e3 03 df 19 eb 55 8e 97 e1 56 56 e9 b6 c2 ec 10 86 d3 b6 73 3e c1 a5 56 56 0b 74 f3 85 db ab 8c ca 3b e5 48 1e d3 ad 3c d0 fc 2f 68 08 5e 39 eb 6a af d7 a9 62 65 7d d7 0b d5 51 0e c3 9f 4a 42 23 09 cf b0 ea 27 3a 6d 8a 2c 14 b6 96 9b 49 fc 28 1f 1d fe 7c a7 46 07 68 91 2b 53 ab 3d ea 8f 75 4e ec de 03 f8 67 67 93 e6 68 34 55 84 cc 5c bb cf 55 40 2b e4 2e 4e 77 b4 95 62 52 49 ce 72 7d fa ce b8 e9 4e Data Ascii: ;S~ZwZ7V%?8dO{+$"^?9e@tciYJ{uD$vAJ(5CUVVs>VVt;H</h^9jbe}QJB#':m,I(\|Fh+S=uNggh4U\U@+.NwbRIr}N
2023-06-07 22:22:01 UTC	4225	IN	Data Raw: 20 ea a8 80 01 5a d9 e1 9e a1 ae ac 69 b5 6d f6 b1 69 63 d4 ff 00 bf 67 a2 a5 d4 15 77 aa 6b da 40 89 1d 2d 29 a2 b9 d1 ec b6 db c4 51 84 96 37 32 bb 7a 99 55 1a 42 54 5f c7 ac 9a 68 23 0e 65 3d 61 b7 c8 14 5b 08 28 99 93 99 27 b4 a9 32 08 81 b0 92 00 92 63 03 bb 71 c9 bf 75 61 b0 ff 00 58 52 1c 2b 0b 8d 93 95 49 84 a6 34 23 5e 24 41 56 93 a6 d2 36 99 b5 35 9b 56 5c 26 a8 ae ba 69 98 2e d4 da 6a 89 a9 e9 29 ac 96 38 ee e2 18 ea 5e 82 cd 1c 2d 18 b8 41 04 0a 89 52 d2 34 ab 92 40 03 00 64 ff 00 11 ba 16 2e e1 ac 84 a2 dd f2 82 ea a4 95 b9 92 48 cc e4 ce 52 49 25 20 41 f7 ea 9c 32 dd cb e6 b1 17 c9 5b ec 05 86 c4 00 84 05 c4 c2 22 33 00 20 28 99 f0 e0 e1 4f 6a b2 5b 6e 37 0b ad 0d ae 86 3b ad ea a6 4a 9b a5 c1 e2 6a 9a da e7 99 56 29 9a a2 6a 86 94 08 8c 30 Data Ascii: Zimicgwk@-)Q72zUBT_h#e=a[('2cquaXR+I4#^$AV65V\&i.j)8^-AR4@d.HRI% A2["3 (Oj[n7;JjV)j0
2023-06-07 22:22:01 UTC	4241	IN	Data Raw: 39 3d fa cf 6d 5a 83 3d c2 96 27 08 54 45 25 44 79 53 93 b8 85 dd b9 ca 81 f7 eb 49 36 97 2f 90 12 83 13 33 06 a0 5d c3 28 d1 6a 03 c4 8a 6b 5d 7b a7 a7 45 4a 6a f7 a9 da a1 65 f9 7a 5a 8a 92 b9 39 4d fe 54 6c 06 ec 61 47 bf 53 ff 00 09 bb 49 25 48 89 3a 49 02 a1 38 85 98 d7 ac 4d 38 50 6a 4a ba aa 99 63 b0 69 7d 4f 7c 77 a7 c9 82 8e cf 55 b5 03 7a 77 e6 65 8c 21 c9 ec 7a 65 e1 6b 52 40 7d c6 d0 41 de 7f 6a 81 58 c5 92 35 04 ab c0 57 93 54 6b 86 95 a9 8e 99 8a cb 3c 73 2f 98 75 05 c6 96 9a 48 44 83 0a 26 86 29 24 68 c1 1c 95 6c 1e a4 4e 1d 6b e9 29 c2 b0 47 dd 06 3d 66 ab 2b 1f 60 08 4a 4e fc 69 92 e5 7d ad a0 bb 45 6a bd 6b 3a 1a 65 9a 0f 34 d2 e8 ed 3b 73 d5 77 09 0b 02 23 11 1a 75 f9 58 5f 78 1f 8d 87 1d 5a 67 0b b4 2d 97 92 d9 ec 9d d6 b0 91 f0 91 e1 Data Ascii: 9=mZ='TE%DySI6/3](jk]{EJjezZ9MTlaGSI%H:I8M8PjJci}O\|wUzwe!zekR@}AjX5WTk<s/uHD&)$hlNk)G=f+`JNi}Ejk:e4;sw#uX_xZg-
2023-06-07 22:22:01 UTC	4257	IN	Data Raw: 5a ee 55 30 c4 bb 2b 2f 29 53 7b ab 75 8c ff 00 0a 35 6a b3 21 0a b8 18 03 b6 3f a5 25 e3 b8 a3 a0 cb ce 04 ef 00 c0 f5 0a b4 9b 0b 54 19 c8 80 7c 07 c6 ad bb 3e 97 b3 d9 50 8b 26 90 b4 d9 a0 f2 d4 a8 a4 b3 51 52 2f 20 7b b2 ee 1c 75 41 77 37 4f 42 96 54 4f 79 27 df 53 06 d9 4e 92 3c bf a5 4b 22 92 bd 43 89 7e 4a 91 63 89 4a 3b ce 8a 00 5e db 63 85 42 e7 3d 08 5b a4 f6 b6 8d e7 f6 a4 52 df dd 93 af 2a 16 79 63 a9 49 1e 4b a2 7a 30 1f 62 c8 db 94 f6 db b8 e3 24 f6 e3 a0 54 7d e5 53 80 52 74 4e 94 dc 2a ad 71 6f 79 4d 6d 52 34 a8 91 ed 22 20 24 3d f9 1c e0 7e 7c 75 14 a0 6a 73 2a a4 01 c3 a2 60 52 92 5d 29 82 c9 8a 0c 91 28 11 ac ae d2 10 ab ce 4a e7 80 40 e9 f3 22 34 1a cd 10 69 44 fa 5c 28 8a 7b dc af 22 88 29 a0 a7 4e 7c c7 48 54 f6 5e d9 70 70 72 7a 45 Data Ascii: ZU0+/)S{u5j!?%T\|>P&QR/ {uAw7OBTOy'SN<K"C~JcJ;^cB=[RycIKz0b$T}SRtNqoyMmR4" $=~\|ujs*`R])(J@"4iD\({")N\|HT^pprzE
2023-06-07 22:22:01 UTC	4273	IN	Data Raw: 9d 32 38 6b 59 22 3b 3c 32 2e c0 cb 19 f3 1d f1 b8 81 f8 54 af 39 3d 2a 52 35 1d f5 fa 81 1a 4a d9 27 32 42 de 64 32 2a 2e 33 e4 a2 f0 de 91 c0 e8 80 dc d2 59 01 39 44 c4 d6 74 d1 f9 d1 ca a9 e6 46 17 2e cc 46 37 00 d8 ca 13 c9 46 1f a0 ff 00 26 34 44 c7 85 39 53 00 5f 75 3a 25 30 50 23 96 56 24 a9 0c 36 b0 50 dc 67 3e fe dd 2d 28 4e da 99 9a 71 a6 81 a3 63 20 75 24 b3 08 5d 9d 57 60 5e 19 c7 3e 9f 4f 3f 7e 9f 2c d0 15 4e 94 aa 48 62 31 f9 9b 0d 3a bc 85 9b 7e 5d f0 49 57 07 db 77 d3 db a7 07 2e a7 6a 78 90 40 f4 ab da 59 65 ab 92 58 d5 c4 48 f1 b3 c6 5d b3 b9 41 ec 48 cf a4 7b 74 c9 24 e9 4e b0 12 01 e2 0d 3b 6f 41 45 27 a9 76 a4 a8 63 18 56 6d 8a 00 72 8c 3b 86 23 df b7 46 6a 2d 73 d3 6d c1 61 9e 8e a1 77 80 9f 25 70 da bb f0 cd 9a 69 0b 92 3b 10 3b 74 Data Ascii: 28kY";<2.T9=R5J'2Bd2.3Y9DtF.F7F&4D9S_u:%0P#V$6Pg>-(Nqc u$]W`^>O?~,NHb1:~]IWw.jx@YeXH]AH{t$N;oAE'vcVmr;#Fj-smaw%pi;;t
2023-06-07 22:22:01 UTC	4289	IN	Data Raw: b5 59 4b 05 20 c0 19 a9 9a a3 4e 5d 21 78 eb 2b 25 b5 55 d0 c1 b5 85 2d ac 56 03 56 48 f3 1a 69 ea ea e8 cd d2 b6 57 56 23 25 51 95 4f 11 a8 38 13 07 d9 32 84 05 05 1e 26 34 f2 07 28 f6 f8 9a 22 da e2 64 47 70 3e 7a ef 4d ed 66 ab bd 54 48 f0 69 4a ef 95 8e 56 8e 1a eb cb d5 0a 4a 58 db 95 a6 a1 a7 9f ca 9e 4a 75 1f 89 cd 2a ae 07 03 3c 93 2e 25 a4 00 5c 4e 7e 49 d4 f9 9d bf e6 26 99 21 44 c2 53 02 37 3a 4f 87 1a 74 ff 00 62 a1 41 fe f5 21 85 02 91 1d 35 1d 15 0a 08 99 41 c8 f3 5c 09 c8 1b 46 d7 f2 97 cc 3d b3 d0 0b 85 c4 81 e2 49 3f 3f b5 31 09 9d f5 f9 da 93 1a 4a cc 61 64 6a 45 13 60 32 7c e5 72 d6 ca 2a 0c 6e ea 0d 0c 22 49 e5 98 28 1e ad 90 27 b6 ee 8f af 77 42 54 77 d8 08 d3 c7 4f 8d 40 a4 83 a4 53 71 f0 d2 a6 e6 ee 69 68 c5 2a 04 2c 93 56 54 c3 4c Data Ascii: YK N]!x+%U-VVHiWV#%QO82&4("dGp>zMfTHiJVJXJu<.%\N~I&!DS7:OtbA!5A\F=I??1JadjE`2\|rn"I('wBTwO@Sqih*,VTL
2023-06-07 22:22:01 UTC	4301	IN	Data Raw: 31 93 b7 1e a5 ce 3d 4f 83 81 d8 7e 43 1d 2d 3c e9 15 42 62 96 92 64 57 a8 6d c4 c6 29 4c 70 2e 4b 95 25 be 83 85 52 3d ce 7a 69 d6 4e d4 92 0e 9e 34 95 39 68 92 76 db 1e 4c 27 6a 31 cc 85 d9 70 31 83 8c 63 24 74 40 19 ee a7 57 6a 05 71 6f e3 c6 99 23 a7 f0 f2 b4 e4 c8 d7 7d 5d 44 db b2 36 b7 9d 05 42 f2 38 e3 e8 7a f6 9f a3 05 fd a5 e3 63 60 96 cf bc 57 1b d2 ed 18 61 5c 73 28 7b 2b 9d 8a cc b9 c0 cf a8 85 ce 49 1d 81 3c 82 32 0f 23 af 5a 31 c7 7a e2 12 63 51 44 ee 0f 86 07 6e d2 91 16 ee a0 95 66 29 cf f3 b2 ae 7e b8 c9 ea 33 a6 9b f1 a9 81 98 35 37 8f c8 78 a9 f7 53 c4 e8 f0 a7 65 40 19 99 07 be dc 0e 4f e5 c7 58 aa ce 14 a0 14 41 06 af a6 08 1b 41 a5 1a d9 46 77 3a c4 62 94 47 23 87 89 dd 40 25 0b 63 03 2a e4 60 7b 72 3f b0 a6 e1 dd 89 94 cc 6b 47 91 Data Ascii: 1=O~C-<BbdWm)Lp.K%R=ziN49hvL'j1p1c$t@Wjqo#}]D6B8zc`Wa\s({+I<2#Z1zcQDnf)~357xSe@OXAAFw:bG#@%c*`{r?kG
2023-06-07 22:22:01 UTC	4317	IN	Data Raw: c8 eb 33 eb e1 c4 95 92 07 bf ce a7 ea 8c ea 75 f9 e1 fe 95 6b db f4 ad d2 28 77 56 d4 45 6e a2 8b 03 cb 86 78 67 a8 99 18 b4 69 1b 8d eb 0c 44 20 c8 06 59 24 28 49 0b c6 3a aa bb d4 7f 77 a9 23 52 74 03 f7 26 a7 0d 49 8e 1c a2 a5 14 31 51 d3 4e eb 60 b7 6f 78 24 df 34 b4 54 e6 ae 52 ee a0 73 57 59 1b 85 96 57 c3 30 40 0e de 18 63 1d 54 55 cb cb 88 3d 9e 49 1f 3c 78 d1 f5 09 02 1c 89 8f bc 7f 6e 14 e9 24 57 d7 31 4f 57 f3 b4 09 22 fa 24 59 63 32 c8 40 11 05 58 e4 5d 90 d3 c4 51 88 5f 2e 52 08 c3 39 1c 75 0a 9e 51 54 41 83 c7 9f f5 df 5f 91 2b 6d 34 01 12 92 79 6b eb d3 d5 c3 ba 83 b8 bd 0d 24 e3 fd ee e9 70 b9 c3 16 f5 86 95 62 05 b6 34 61 a6 9d ea 4b e4 6f 6d be 58 21 09 39 da b8 cf 55 dd 74 05 02 4f 68 0d 00 15 3b 2d 28 88 4a 52 1b 27 52 4f ce bd fd d4 Data Ascii: 3uk(wVEnxgiD Y$(I:w#Rt&I1QN`ox$4TRsWYW0@cTU=I<xn$W1OW"$Yc2@X]Q_.R9uQTA_+m4yk$pb4aKomX!9UtOh;-(JR'RO

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4141	OUT	GET /content/dam/hsbc/gb/images/16-9/learning-to-ride-1.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:01 UTC	4325	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 54880 Connection: close Date: Wed, 07 Jun 2023 22:21:54 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Wed, 07 Jun 2023 13:15:50 GMT Accept-Ranges: bytes S: dispatcher2euwest1 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 39ed76664123c3090231ff0882467152.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: zRJ1Kj4umIzYZ3gRs93_4D0R_uX7Sz4N4W4QR_ZmhsRvUQnU6p-wXQ== Age: 7
2023-06-07 22:22:01 UTC	4325	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 4b 02 4e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCKN"}!1AQa"q2
2023-06-07 22:22:01 UTC	4341	IN	Data Raw: af 5f bc 00 c2 d7 57 b1 4d 95 68 62 1b 95 72 38 00 0a fa 97 e2 4e 91 e1 df 1f fc 2f b9 b7 76 5b 96 b4 b6 33 ac ca 72 db b1 90 73 5f 3f f8 3e ea c3 c1 7a 3f 93 2c c8 b7 2f 89 63 20 f9 86 60 7a 03 f4 af a0 af 81 a3 19 f3 73 68 d1 e7 50 c5 ce 51 e5 b6 a8 e8 ff 00 67 3d 56 5b eb 20 9a 8d dc d6 fa 6b 44 63 d9 21 f9 81 e9 8f 6a ef f5 8f 02 68 d6 ba a6 9f 36 a9 72 df 60 b9 25 14 39 db b7 d3 35 e2 96 9e 38 b0 d3 f4 eb 97 b6 b4 2a 61 b9 32 49 38 1c 1e 72 6b de bc 13 aa 68 be 2e d0 6d 5a 4b a8 af 6e ee 1c 39 59 65 e1 00 c6 07 b5 4e 17 d9 55 fd dd 95 f7 57 fc 8d 31 12 9d 3b 4d 37 e7 63 9f d4 a0 b3 f0 77 8e d2 0d 3a fc cd a6 39 8a 19 a3 53 b8 80 7a f1 f4 ae b7 5e f8 Data Ascii: _WMhbr8N/v[3rs_?>z?,/c `zshPQg=V[ kDc!jh6r`%958*a2I8rkh.mZKn9YeNUW1;M7cw:9Sz^
2023-06-07 22:22:01 UTC	4341	IN	Data Raw: 8d 63 6d 7f 25 aa 48 55 24 4f 2a da 32 31 9f 5a f2 1f 1e 6a 5a 66 a7 f1 27 54 8f 41 05 2e 2d f0 af 70 47 c8 92 01 82 07 e1 5c ef 88 b4 ed 46 6d 62 28 2f ae 10 3a c0 1a 1b a5 62 06 e2 79 00 67 83 5a e2 1d 78 cd d3 a4 95 b7 fe bc 89 a3 ec a5 05 52 a3 77 3d d3 4d f8 ad 63 e1 db 6b 9b 54 f3 e4 bb 2b c1 23 e4 cf b5 6a d8 7c 4e b6 be d4 74 e8 a1 0e 92 96 cc 9e 61 c0 af 99 af 65 d4 ed 4d c4 93 4b 10 16 4a 36 e7 92 c3 bf e3 5b 5a 46 a5 0d f4 5a 7b 11 2c ad 70 76 3b 96 3c 67 a5 56 1f 17 5e 0d 2a 8d 58 2a 61 a8 cd 37 05 a9 f5 dc be 3e 08 d3 21 04 49 c0 49 81 fd de 4f 41 9a e6 bc 5b e2 db 8b d5 8a c5 e3 8f c9 6b 88 c1 66 1c 0e fd 6b 0e dd 5e e3 c0 d0 e9 a8 6d 9e fa 51 88 02 1e 5b 1d 33 ef 4d f0 4c fa 87 8a e6 b1 b5 ba 4d 92 d9 cd e5 cb 1c a9 85 2c a3 9a f7 54 a5 52 Data Ascii: cm%HU$O21ZjZf'TA.-pG\Fmb(/:bygZxRw=MckT+#j\|NtaeMKJ6[ZFZ{,pv;<gV^X*a7>!IIOA[kfk^mQ[3MLM,TR
2023-06-07 22:22:01 UTC	4357	IN	Data Raw: f5 be b2 cf cf 6a bf f0 16 c5 66 0f 2c 0e 48 f4 1c 53 b7 46 be e3 e9 55 76 4b 48 d4 fb 4e 99 20 ff 00 53 22 fd 1e 8c e9 8c 70 1a 45 fc 8d 67 ee 8c 0f bb 8c fb 52 8d 83 1f 28 3f 85 3b b1 58 d1 11 e9 ac bf eb dd 7e a9 4e fb 3e 9e 71 b6 f5 47 d5 0d 67 a8 4e 09 07 34 fc 20 fe 0f cc 53 15 8b c2 ca dd 87 cb 7b 01 c7 a9 22 94 69 b8 1b 96 78 1f e9 28 aa 41 53 a6 00 f6 c5 4a b1 8e a3 8f 6a 05 a9 68 69 73 0c 1f 95 bf dd 75 3f d6 98 d6 13 2e 73 03 b7 d3 9a 87 63 7b 7e 55 22 ef 5c 6d 38 fa 53 0d 46 3d ac c1 8f fa 3c 98 f7 43 55 d8 15 24 94 70 3d 30 6b 41 6f 27 8c 8c 4b 22 fd 18 d4 bf da 77 20 e7 cd 73 f5 34 87 a9 94 ae ac 47 ca c3 ea 2b 97 f1 91 5b 1d 67 c2 fa 9e 18 08 af fe cb 23 63 a2 4c 85 7f f4 31 1d 77 c3 57 ba fe f9 3f 80 af 39 f8 dd 75 e2 7b dd 06 d5 b4 3b c8 Data Ascii: jf,HSFUvKHN S"pEgR(?;X~N>qGgN4 S{"ix(ASJjhisu?.sc{~U"\m8SF=<CU$p=0kAo'K"w s4G+[g#cL1wW?9u{;
2023-06-07 22:22:01 UTC	4369	IN	Data Raw: 11 68 37 b3 f0 20 95 87 b2 62 ba cf f8 4e 63 03 f7 76 78 c9 e0 17 c7 e8 05 52 7f 1a dc b1 6d b6 f1 2f fb c5 8d 2b 47 b8 ef 2e c6 22 78 4f 51 75 03 ec e5 72 3f 8d b1 4b ff 00 08 75 e2 82 64 f2 97 1e ac 3f a0 ab 73 78 c3 50 9b 76 1e 38 fa e4 05 ed 5c ff 00 88 7c 47 ab c5 a0 ea 13 5b dd c4 97 11 c0 ef 13 4e db 22 0c 06 41 72 07 03 8a 5e e0 fd f3 e0 1f f8 28 bd 9e bb a4 f8 ff 00 4e 9f 51 d2 b4 f6 d2 0d af 93 61 a8 42 ce b3 9e ee 8c 58 ed 6c 13 fd dc 8a f8 66 65 0d 29 0a ee 8d d7 69 03 35 ef 5f b4 37 c7 8d 53 e2 bd e6 2f 66 f3 e2 86 46 f2 99 c8 92 27 1d 37 2f d7 1d 6b c1 25 90 70 1f 8c 74 c0 e9 f4 af 4a 29 28 a4 8f 2d b6 e4 db 26 d3 2e 92 ce ed 24 98 19 50 82 06 e3 c0 3e bf a5 7e 87 7c 08 f8 94 6e 3f 65 d8 f4 5f 0f 69 96 96 fa 8c 4f 22 5d 5f cf 33 05 67 6e 43 Data Ascii: h7 bNcvxRm/+G."xOQur?Kud?sxPv8\\|G[N"Ar^(NQaBXlfe)i5_7S/fF'7/k%ptJ)(-&.$P>~\|n?e_iO"]_3gnC

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4379	OUT	GET /configuration/modals/leaving-hsbc-for-adobe-live-sign-forms.modal/ HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:01 UTC	4380	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 1919 Connection: close Date: Wed, 07 Jun 2023 22:21:54 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Content-Security-Policy: default-src 'self' .hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .awswaf.com bat.bing.com .amazon-adsystem.com players.brightcove.net vjs.zencdn.net s.amazon-adsystem.com .v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com; img-src data: blob:; connect-src 'self' .tiqcdn.com .tealiumiq.com .hsbc.com.hk .eum-appdynamics.com .optimizely.com wss://.liveperson.net .cloud.hsbc .awswaf.com .contentsquare.net bat.bing.com manifest.prod.boltdns.net .brightcovecdn.com adservice.google.com .api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com .siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk .demdex.net .lo.cobrowse.liveperson.net .tt.omtrdc.net .sc.omtrdc.net .mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com .brightcove.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com .doubleclick.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com .demdex.net www.googletagmanager.com td.doubleclick.net .ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com; frame-ancestors 'self' www.hsbc.co.uk .liveperson.net; font-src 'self' data: .hsbc.com.hk fonts.gstatic.com .cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' .hsbc.com.hk .googleapis.com .askus.hsbc.co.uk www.googletagmanager.com .lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: lpcdn.lpsnmedia.net *.brightcovecdn.com manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; Last-Modified: Wed, 07 Jun 2023 22:09:50 GMT Accept-Ranges: bytes S: dispatcher3euwest1 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=60, s-maxage=60 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 843560942e8c8e57a33193254e0a9de6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: qDBw1ad1_4OYHdNBEofT1UGbXg_L34IeRKeWojpFac5EXdBkPJ6XuA== Age: 7
2023-06-07 22:22:01 UTC	4383	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 63 75 72 74 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 72 69 64 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 62 6f 64 79 20 6c 67 2d 38 20 6d 64 2d 31 32 20 73 6d 2d 31 32 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4d 2d 4d 4f 44 57 49 4e 2d 52 57 2d 44 45 56 20 63 6c 65 61 72 66 69 78 20 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 64 61 74 61 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 6d 65 73 73 61 67 65 3d 22 43 6f 6e 74 69 6e 75 65 22 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c Data Ascii: <div class="modal-curtain"> <div class="grid"> <div class="row"> <div class="modal-body lg-8 md-12 sm-12"><div class="M-MODWIN-RW-DEV clearfix " tabindex="-1" data-validation-message="Continue"> <button type="button" aria-label

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4385	OUT	GET /content/dam/hsbc/ciiom/images/bank-accounts/16-9/1568-holding-child-smiling-together-800x450.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:01 UTC	4387	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 54289 Connection: close Date: Sun, 04 Jun 2023 11:28:02 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Tue, 30 May 2023 07:48:25 GMT Accept-Ranges: bytes S: dispatcher3euwest2 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 7497b6df995aa2d58f27a725f51d6240.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: ac0fWRpcsKrL5ax46QIVLy_R0iXDwCC-Ft6WhcTliGfEt-OWHZ78Tw== Age: 298439
2023-06-07 22:22:01 UTC	4390	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 4b 02 4e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCKN"}!1AQa"q2
2023-06-07 22:22:01 UTC	4406	IN	Data Raw: 7a f9 9b 42 d1 e2 d2 74 bd 33 45 b3 80 19 16 20 22 4c ec 25 c2 e4 f3 d9 98 e7 f3 af a3 f4 a1 28 d2 ac fc ed de 77 92 9b c3 fd ed db 46 73 ef 5d 59 6b f7 64 67 99 47 97 90 7e a4 0b 69 57 aa 06 49 85 f1 ff 00 7c 9a f2 0f 81 0e 22 b4 d5 61 67 0b ff 00 13 4b 93 b7 3d f2 95 ea 9e 29 67 8f c2 fa bb 23 14 71 69 29 0c 3b 1d 86 bc 57 e0 d2 4f 6d a9 b4 41 3f 77 2e a3 72 24 63 fe c8 4c 7e b5 f6 58 4a 7c f8 6a af fa d1 1f 03 8f ab ec f1 d4 34 ef f8 b4 8d 2f da d3 c2 d7 9e 26 f8 3d 78 2c 2e 1e da 7b 47 59 4b a1 c7 cb d0 e7 db 91 5f 1c 7c 33 d5 ed f4 5f 02 eb b6 16 97 38 bc b9 74 4b fb 76 19 68 a4 04 b2 39 1f dc 2b b8 6e c7 d7 a5 7e 92 ea 3a 6c 1a d6 97 73 61 74 81 ed ee 22 68 a4 53 dc 11 8a fc f7 f1 37 ec ff 00 79 e0 ff 00 88 5e 27 5b 4b b3 2d ff 00 90 26 b3 7d bb 41 Data Ascii: zBt3E "L%(wFs]YkdgG~iWI\|"agK=)g#qi);WOmA?w.r$cL~XJ\|j4/&=x,.{GYK_\|3_8tKvh9+n~:lsat"hS7y^'[K-&}A
2023-06-07 22:22:01 UTC	4422	IN	Data Raw: c5 1c e2 56 da 31 c2 fa fe 38 af 4b 2f a5 cd 59 54 7b 47 5f b8 e3 c5 4e d4 dc 63 bb d3 ef 3d 07 c0 9a 23 69 3a 5c 2d 28 5e 23 0c 91 e3 05 71 80 39 f5 f6 ae e2 d2 7b 53 13 ee b8 00 f0 c0 ee c7 97 ef db 9c 55 0b 6b 00 b6 a4 c6 cb bb 00 60 e3 27 f3 e9 4d b8 86 cd 1b 64 88 19 f8 07 23 39 f5 f6 f4 e6 bc ea b3 f6 d3 73 7b b3 aa 31 e4 8a 8a 34 63 d4 ac 24 9f 7a 81 29 4e 8c 01 56 07 8f c4 73 9a b5 17 da 2f 84 32 44 a5 32 0f c9 9d dd 7d 4f 7e b5 46 da ee d0 48 a9 12 8f 33 68 05 e3 00 00 33 90 3b e6 bb 9f 0a dc 5b 47 72 92 44 cc a6 24 27 ee 02 57 8f 71 80 39 1e b5 84 ad 1e 83 5a 9d 9f c2 1f 87 37 29 e2 0b 59 ef 42 aa 2a 82 ca cc 37 e5 87 2c b9 e8 31 9e 3a 8a fa 82 c3 51 59 35 4b 7b 10 ee ec 81 71 b7 a1 c7 24 0f 7e 99 af 0d f8 6f 71 75 be e6 49 00 68 46 55 5c 36 4e Data Ascii: V18K/YT{G_Nc=#i:\-(^#q9{SUk`'Md#9s{14c$z)NVs/2D2}O~FH3h3;[GrD$'Wq9Z7)YB*7,1:QY5K{q$~oquIhFU\6N
2023-06-07 22:22:01 UTC	4438	IN	Data Raw: f2 5f 8b 3c 3f c7 7f b2 16 87 e2 04 77 d2 9a de d2 53 fc 2f 08 51 f9 af f8 57 0f e1 bf d8 8f 55 d3 f5 45 b8 7f 12 c7 a6 46 ad 9d d6 65 de 42 3f 1d a2 be b8 b6 95 a5 85 5d d7 cb 66 19 d9 dc 54 80 e0 9a d2 ae 55 83 c5 7b d3 85 d3 39 65 95 e1 65 2e 67 1f c4 e7 7c 25 a0 c7 e1 1d 22 0d 1e 1b e9 f5 19 a0 5d cf 2d e4 bb a4 6c f7 f6 1c 74 1c 57 27 f1 17 c0 97 9e 20 f1 05 ae ad 06 c9 61 86 09 12 48 ff 00 e5 a0 c8 18 c0 ee 38 af 42 9f 48 b3 b8 d4 2d ef a4 87 75 dc 0a cb 1c 80 90 40 3d 41 c1 e4 7d 6b 9e b5 be ba 93 c7 fa a5 a3 3b 1b 58 ad 52 45 8f 19 1b 8e 39 af 5b 07 4e 58 68 f2 d1 8a 4a 2b 45 e4 6d 5e 10 e4 8d 39 6c dd 95 bd 0d 2f 0d c8 57 4e 86 27 c8 68 e1 8d 4a 9f e1 e3 a7 e9 5b 4a 72 b9 e9 54 7e dc a1 b6 92 03 77 0d 5c ef 8f 7c 51 3e 91 62 96 3a 6a 99 b5 2b d0 Data Ascii: _<?wS/QWUEFeB?]fTU{9ee.g\|%"]-ltW' aH8BH-u@=A}k;XRE9[NXhJ+Em^9l/WN'hJ[JrT~w\\|Q>b:j+
2023-06-07 22:22:01 UTC	4440	IN	Data Raw: 6d b3 85 7d 10 0f d2 a9 f8 90 62 1c fb 1a bd a6 8d b0 47 ec 07 f2 ac ff 00 15 b1 4b 2d c3 d0 8a f5 ea 69 45 9e 3d 2d 71 0b d4 c0 f0 34 9e 76 ad 7b e9 14 7f 96 4d 6f dd bf 96 26 71 d4 77 ae 77 e1 8c 7b c6 b3 71 eb 2a c4 3f 01 9f eb 5b f7 ed c1 51 ff 00 2d 25 c5 71 52 ff 00 77 8b ef 73 d1 c5 db eb 72 8f 6b 7e 48 d3 b0 88 a2 42 0f f0 a9 c9 ad db 2f f5 22 b2 62 5d ac 07 a2 e2 b6 2d 78 85 6b dc c2 e9 34 bc 8f 9c c4 ca e4 8d 9c 71 d6 82 d8 14 16 03 ad 37 23 b9 cd 7a 52 69 3d ce 11 b8 de 49 15 9b af e9 90 6a fa 45 f6 9d 28 d9 1d ec 12 5b bc 8a bd 03 a9 52 7f 5a d5 5c 76 a6 94 04 70 33 59 d9 ad 50 68 f7 3f 09 7e 24 e8 3a 97 c3 af 1a eb 1e 18 d5 d0 c3 a8 e9 73 9b 69 46 30 18 8e 8c 3d 98 61 87 b1 15 c9 cd ad 98 80 da d8 cf a9 af d7 ef da 0b f6 28 f0 9f ed 01 f1 27 Data Ascii: m}bGK-iE=-q4v{Mo&qww{q*?[Q-%qRwsrk~HB/"b]-xk4q7#zRi=IjE([RZ\vp3YPh?~$:siF0=a('

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://hs-login.live/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 318

Chrome Cache Entry: 319

Chrome Cache Entry: 320

Chrome Cache Entry: 321

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 325

Chrome Cache Entry: 326

Chrome Cache Entry: 327

Chrome Cache Entry: 328

Chrome Cache Entry: 329

Chrome Cache Entry: 330

Chrome Cache Entry: 331

Chrome Cache Entry: 332

Chrome Cache Entry: 333

Chrome Cache Entry: 334

Chrome Cache Entry: 335

Chrome Cache Entry: 336

Chrome Cache Entry: 337

Chrome Cache Entry: 338

Chrome Cache Entry: 339

Chrome Cache Entry: 340

Chrome Cache Entry: 341

Chrome Cache Entry: 342

Chrome Cache Entry: 343

Chrome Cache Entry: 344

Windows Analysis Report
http://hs-login.live/

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4386	OUT	GET /auth-status-hint?_=1686208913537 HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:01 UTC	4443	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 20 Connection: close Server: CloudFront Date: Wed, 07 Jun 2023 22:22:01 GMT Cache-Control: max-age=0, no-cache, no-store Content-Encoding: UTF-8 X-Cache: LambdaGeneratedResponse from cloudfront Via: 1.1 47225389ee58add3b9e790ead940cda4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: 9tJAJvBOGR1lt0SBbUHuE9D33RHKy9_2HcK-QMiIdqga4D6nUBZRPQ==
2023-06-07 22:22:01 UTC	4443	IN	Data Raw: 7b 22 61 75 74 68 6f 72 69 7a 65 64 22 3a 66 61 6c 73 65 7d Data Ascii: {"authorized":false}

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:21:09 UTC	266	OUT	GET //front_end/front_end_files/button.css HTTP/1.1 Host: hs-login.live Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://hs-login.live//front_end/front_end_files/ursula.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=un8m7qiq721r2n9eusrken0f2c
2023-06-07 22:21:09 UTC	276	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 07 Jun 2023 22:21:09 GMT Content-Type: text/css Content-Length: 18055 Connection: close Last-Modified: Wed, 07 Jun 2023 10:44:50 GMT ETag: "4687-5fd87d3412bef" Accept-Ranges: bytes Vary: Accept-Encoding
2023-06-07 22:21:09 UTC	276	IN	Data Raw: 2f 2a 20 50 72 69 6d 61 72 79 20 42 75 74 74 6f 6e 20 2a 2f 0a 2e 75 72 73 75 6c 61 20 61 2e 62 75 74 74 6f 6e 2c 0a 2e 75 72 73 75 6c 61 20 64 69 76 2e 62 75 74 74 6f 6e 20 7b 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 31 30 70 78 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 69 6e 68 65 72 69 74 3b 0a 7d 0a 0a 2e 75 72 73 75 6c 61 20 2e 72 69 67 68 74 20 61 2e 62 75 74 74 6f 6e 2c 0a 2e 75 72 73 75 6c 61 20 2e 72 69 67 68 74 20 64 69 76 2e 62 75 74 74 6f 6e 20 7b 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 3b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0a 7d 0a 0a 2e 75 72 73 75 6c 61 20 2e 72 69 67 68 74 20 61 2e 62 74 6e 52 65 66 72 65 73 68 20 7b 0a 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 7d 0a 0a 2e 75 72 Data Ascii: /* Primary Button */.ursula a.button,.ursula div.button {margin-right: 10px;position: inherit;}.ursula .right a.button,.ursula .right div.button {margin-right: 0;margin-left: 10px;}.ursula .right a.btnRefresh {margin-right: 20px;}.ur
2023-06-07 22:21:09 UTC	292	IN	Data Raw: 2f 68 73 62 63 2f 77 69 64 67 65 74 2f 74 68 65 6d 65 73 2f 75 72 73 75 6c 61 2f 69 6d 61 67 65 73 2f 62 75 74 74 6f 6e 2f 64 6f 75 62 6c 65 2d 61 72 72 6f 77 2d 75 70 2e 67 69 66 22 29 3b 0a 7d 0a 2e 64 6a 5f 69 65 37 20 2e 75 72 73 75 6c 61 20 61 2e 62 75 74 74 6f 6e 41 72 72 6f 77 20 2e 69 63 6f 6e 20 7b 0a 09 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 7d 0a 0a 2f 2a 2a 2a 66 6f 72 20 62 75 74 74 6f 6e 20 20 73 65 63 6f 6e 64 61 72 79 2a 2a 2a 2f 0a 2e 75 72 73 75 6c 61 20 64 69 76 2e 73 65 63 6f 6e 64 61 72 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 65 63 75 72 69 74 79 2e 68 73 62 63 2e 63 6f 2e 75 6b 2f 67 73 70 2f 73 61 61 73 2f 43 6f 6d 70 6f 6e 65 6e 74 73 2f 64 65 66 61 75 6c Data Ascii: /hsbc/widget/themes/ursula/images/button/double-arrow-up.gif");}.dj_ie7 .ursula a.buttonArrow .icon {height: 15px;}/*for button secondary*/.ursula div.secondary { background: url("https://www.security.hsbc.co.uk/gsp/saas/Components/defaul

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4388	OUT	GET /configuration/modals/you-are-leaving-hsbc.modal/ HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4483	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 2141 Connection: close Date: Wed, 07 Jun 2023 22:21:54 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Content-Security-Policy: default-src 'self' .hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .awswaf.com bat.bing.com .amazon-adsystem.com players.brightcove.net vjs.zencdn.net s.amazon-adsystem.com .v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com; img-src data: blob:; connect-src 'self' .tiqcdn.com .tealiumiq.com .hsbc.com.hk .eum-appdynamics.com .optimizely.com wss://.liveperson.net .cloud.hsbc .awswaf.com .contentsquare.net bat.bing.com manifest.prod.boltdns.net .brightcovecdn.com adservice.google.com .api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com .siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk .demdex.net .lo.cobrowse.liveperson.net .tt.omtrdc.net .sc.omtrdc.net .mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com .brightcove.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com .doubleclick.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com .demdex.net www.googletagmanager.com td.doubleclick.net .ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com; frame-ancestors 'self' www.hsbc.co.uk .liveperson.net; font-src 'self' data: .hsbc.com.hk fonts.gstatic.com .cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' .hsbc.com.hk .googleapis.com .askus.hsbc.co.uk www.googletagmanager.com .lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: lpcdn.lpsnmedia.net *.brightcovecdn.com manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; Last-Modified: Wed, 07 Jun 2023 22:09:49 GMT Accept-Ranges: bytes S: dispatcher2euwest1 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=60, s-maxage=60 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 7497b6df995aa2d58f27a725f51d6240.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: uDJ3apd25Njyh2i2AZGhhCrNYOYBMkLsOFMZPWMms1SQJVhbZK4ENQ== Age: 7
2023-06-07 22:22:02 UTC	4486	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 63 75 72 74 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 72 69 64 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 62 6f 64 79 20 6c 67 2d 38 20 6d 64 2d 31 32 20 73 6d 2d 31 32 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4d 2d 4d 4f 44 57 49 4e 2d 52 57 2d 44 45 56 20 63 6c 65 61 72 66 69 78 20 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 64 61 74 61 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 6d 65 73 73 61 67 65 3d 22 43 6f 6e 74 69 6e 75 65 22 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c Data Ascii: <div class="modal-curtain"> <div class="grid"> <div class="row"> <div class="modal-body lg-8 md-12 sm-12"><div class="M-MODWIN-RW-DEV clearfix " tabindex="-1" data-validation-message="Continue"> <button type="button" aria-label

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:01 UTC	4389	OUT	GET /configuration/modals/you-are-leaving-hsbc-make-claim.modal/ HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4444	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 2141 Connection: close Date: Wed, 07 Jun 2023 22:21:54 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Content-Security-Policy: default-src 'self' .hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .awswaf.com bat.bing.com .amazon-adsystem.com players.brightcove.net vjs.zencdn.net s.amazon-adsystem.com .v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com; img-src data: blob:; connect-src 'self' .tiqcdn.com .tealiumiq.com .hsbc.com.hk .eum-appdynamics.com .optimizely.com wss://.liveperson.net .cloud.hsbc .awswaf.com .contentsquare.net bat.bing.com manifest.prod.boltdns.net .brightcovecdn.com adservice.google.com .api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com .siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk .demdex.net .lo.cobrowse.liveperson.net .tt.omtrdc.net .sc.omtrdc.net .mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com .brightcove.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com .doubleclick.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com .demdex.net www.googletagmanager.com td.doubleclick.net .ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com; frame-ancestors 'self' www.hsbc.co.uk .liveperson.net; font-src 'self' data: .hsbc.com.hk fonts.gstatic.com .cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' .hsbc.com.hk .googleapis.com .askus.hsbc.co.uk www.googletagmanager.com .lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: lpcdn.lpsnmedia.net *.brightcovecdn.com manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; Last-Modified: Wed, 07 Jun 2023 22:09:50 GMT Accept-Ranges: bytes S: dispatcher3euwest1 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=60, s-maxage=60 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 b90884acab23625db851d03bcf681a26.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: 9UpJBjiOvJvjkYAsazYYjQFbuuC8VaDQrfAHGFRWnQ9PsBeFcccELw== Age: 7
2023-06-07 22:22:02 UTC	4447	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 63 75 72 74 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 72 69 64 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 61 6c 2d 62 6f 64 79 20 6c 67 2d 38 20 6d 64 2d 31 32 20 73 6d 2d 31 32 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4d 2d 4d 4f 44 57 49 4e 2d 52 57 2d 44 45 56 20 63 6c 65 61 72 66 69 78 20 22 20 74 61 62 69 6e 64 65 78 3d 22 2d 31 22 20 64 61 74 61 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 6d 65 73 73 61 67 65 3d 22 43 6f 6e 74 69 6e 75 65 22 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c Data Ascii: <div class="modal-curtain"> <div class="grid"> <div class="row"> <div class="modal-body lg-8 md-12 sm-12"><div class="M-MODWIN-RW-DEV clearfix " tabindex="-1" data-validation-message="Continue"> <button type="button" aria-label

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4443	OUT	GET /content/dam/hsbc/gb/images/cma/feb-2023/desktop/overall-service-quality-gb.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4451	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 57592 Connection: close Date: Sun, 04 Jun 2023 11:28:03 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Fri, 02 Jun 2023 17:26:43 GMT Accept-Ranges: bytes S: dispatcher2euwest2 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 ae3f020e2e89e632d339db198e9ba75a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: SV69RVryT9wAWiMk4jbq9hA4QKiJBMvX6oaEGCcblLFra-ne62AaNg== Age: 298439
2023-06-07 22:22:02 UTC	4451	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 f0 02 4e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCN"}!1AQa"q2
2023-06-07 22:22:02 UTC	4467	IN	Data Raw: 2f f5 8c c0 64 34 4c 0e e7 08 58 88 98 7c cc a1 0e 33 5e 95 46 28 03 e2 af 05 78 4f c4 1e 2d fd a0 7c 25 ac db 5c fc 4d d4 34 7f f8 45 35 db 16 d5 fc 73 a4 ad 8a d9 5d ca 6c 82 c6 91 2d bc 06 1c 80 4e 59 76 b9 4c 46 4e c6 35 d5 fe cf 1a fe b1 e1 df 87 1f 09 3e 17 ea 5f 09 f5 77 f1 0f 87 04 3a 7e af 75 aa 58 34 1a 76 96 2d 62 91 0d fc 17 66 36 8a e1 a4 64 5d 8b 13 6f 3e 71 2c 50 03 5f 55 d2 60 0e d4 01 f2 37 c1 bb dd 7b e1 57 80 26 f8 57 ac 7c 31 d6 7c 57 e2 54 f1 65 e1 17 17 1a 7b ff 00 64 5f da dc ea 4f 74 35 19 2f 8c 6f 0a 88 e3 98 36 c6 fd ee f8 76 85 ce 08 d2 f8 7f a9 6a 9f b3 97 c4 1f 8c b0 78 8b c2 7e 2a f1 1c 5e 28 f1 2c 9e 26 d1 b5 7f 0f e8 d3 ea 4b 79 0c b6 d0 a2 d9 bb 44 1b c9 68 9a 16 41 e7 14 4c 30 20 80 6b ea 7c 0c e7 1c d1 8a 00 f8 37 c1 5f Data Ascii: /d4LX\|3^F(xO-\|%\M4E5s]l-NYvLFN5>_w:~uX4v-bf6d]o>q,P_U`7{W&W\|1\|WTe{d_Ot5/o6vjx~*^(,&KyDhAL0 k\|7_
2023-06-07 22:22:02 UTC	4488	IN	Data Raw: 87 ac 3f 60 5f 14 fc 64 d7 9f c4 fa 47 c4 4d 16 f8 d9 be 89 74 63 82 da 22 2f a1 b7 2b 2c 2f 0f 9a 1b 64 84 e3 78 e7 1d b8 3c 37 ed 1f f0 03 c0 5e 08 f0 af c3 57 f8 6f 6b f1 13 50 f1 2f 88 23 23 50 b4 f1 2e 8b 34 11 3c be 54 4c 16 cf 36 b1 79 bf 33 bf dd 2f c6 d3 df 24 03 e9 6f f8 7d ff 00 8b ff 00 e8 97 e8 9f f8 32 9b ff 00 89 a3 fe 1f 7f e2 ff 00 fa 25 fa 27 fe 0c a6 ff 00 e2 6b e0 36 f8 2b f1 09 2c f5 8b b6 f0 27 89 56 d7 46 8f cd d4 e7 3a 45 c0 4b 14 db bf 74 ed b3 11 8d a7 76 5b 1c 73 52 f8 67 e0 5f c4 7f 1a 78 72 4f 10 f8 7f c0 3e 27 d7 34 18 f7 6f d4 f4 ed 1e e2 e2 d8 6d e1 bf 78 88 57 e5 c1 cf 3c 63 9a 00 fb df fe 1f 7f e2 ff 00 fa 25 fa 27 fe 0c a6 ff 00 e2 68 ff 00 87 df f8 bf fe 89 7e 89 ff 00 83 29 bf f8 9a fc d1 28 ca 48 23 04 1c 11 ef 5d af Data Ascii: ?`_dGMtc"/+,/dx<7^WokP/##P.4<TL6y3/$o}2%'k6+,'VF:EKtv[sRg_xrO>'4omxW<c%'h~)(H#]
2023-06-07 22:22:02 UTC	4505	IN	Data Raw: ca f0 3c b5 9d 94 65 ca 97 2e aa ee f7 7d 2e 77 75 f3 b7 ed d7 ff 00 24 41 7f ec 2b 6f ff 00 a0 c9 5f 44 d7 80 fe da da 3d fe bb f0 6d 6d 74 db 1b 9d 42 e7 fb 4e 06 f2 6d 61 69 5f 01 5f 27 0a 09 c5 69 8f 4d e1 6a 25 d9 9f 9c 64 ad 47 32 a0 db fb 4b f3 3f 39 e8 ae 97 fe 15 9f 8c 3f e8 54 d6 ff 00 f0 5d 37 ff 00 13 47 fc 2b 3f 18 7f d0 a9 ad ff 00 e0 ba 6f fe 26 bf 32 f6 55 3f 95 fd c7 f4 4f d6 28 ff 00 3a fb d1 cd 51 5d 2f fc 2b 3f 18 7f d0 a9 ad ff 00 e0 ba 6f fe 26 8f f8 56 7e 30 ff 00 a1 53 5b ff 00 c1 74 df fc 4d 1e ca a7 f2 bf b8 3e b1 47 f9 d7 de 8e 6a 8a e9 7f e1 59 f8 c3 fe 85 4d 6f ff 00 05 d3 7f f1 34 7f c2 b3 f1 87 fd 0a 9a df fe 0b a6 ff 00 e2 68 f6 55 3f 95 fd c1 f5 8a 3f ce be f4 73 54 57 4b ff 00 0a cf c6 1f f4 2a 6b 7f f8 2e 9b ff 00 89 a3 Data Ascii: <e.}.wu$A+o_D=mmtBNmai__'iMj%dG2K?9?T]7G+?o&2U?O(:Q]/+?o&V~0S[tM>GjYMo4hU??sTWK*k.

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4450	OUT	GET /content/dam/hsbc/gb/images/articles/16-9/9840-person-gardening-2000X1125.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4504	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 71856 Connection: close Date: Sun, 04 Jun 2023 11:28:02 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Fri, 02 Jun 2023 17:45:15 GMT Accept-Ranges: bytes S: dispatcher2euwest2 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 b8d6320dae849a3360537a2233718764.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: oRbcKed8lK39qThy-5_Hzm8yXte0BPspI63bCwPMVGBVSD0Uy87n7g== Age: 298440
2023-06-07 22:22:02 UTC	4513	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 4b 02 4e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCKN"}!1AQa"q2
2023-06-07 22:22:02 UTC	4529	IN	Data Raw: e4 9e 31 d2 b6 f4 ff 00 15 78 a3 c6 be 3b 7f 0d 6b 56 10 2d 9d fd a9 77 92 47 0a 12 4c 64 9d d8 fc b0 2b 0b c1 9f 10 b4 19 cd 96 89 a3 cc f2 dd a2 6e 73 7e bb 9d c1 1d 03 7b 57 12 75 58 75 ef 8c e3 43 9e de f4 4e aa d2 5e 6c bc 08 b2 45 b7 9d 9e e3 8f 4f ad 72 49 4a 96 23 d9 51 9a b4 ae f9 16 c9 36 af d7 f1 b7 73 db 8d 25 83 8b 73 97 bd 6e d7 35 3c 57 a6 78 7a eb 47 f1 24 b3 69 71 c5 35 99 36 91 4b 08 2d bf 1d 5c b0 18 ed fa 57 c9 3a e4 51 a5 fc b6 76 2d f6 9b 77 3c 3b 71 fa 57 d2 da 55 d5 e6 b7 e1 eb cf 0d e8 57 b0 e9 5a 55 cc 8e 6d 24 d4 1c 38 28 09 fe 3f a0 af 9b 7c 46 a9 a3 5f dc c3 15 c4 4c 60 7d b2 ca bc ee 61 d7 07 d2 af 2e 84 97 3c f7 4d d9 6b 7d b4 3c 6c 55 77 39 6a df fc 03 9d d5 6c 85 9d 9a 00 08 71 d5 50 75 cd 7a 15 97 c3 29 34 1f 00 da 78 87 Data Ascii: 1x;kV-wGLd+ns~{WuXuCN^lEOrIJ#Q6s%sn5<WxzG$iq56K-\W:Qv-w<;qWUWZUm$8(?\|F_L`}a.<Mk}<lUw9jlqPuz)4x
2023-06-07 22:22:02 UTC	4545	IN	Data Raw: b9 af 0b d9 ce 35 94 a9 4e f6 d2 ce e7 76 0e bc 9b e5 8e c6 5f c4 af 13 db 6a 3e 19 d4 ec d9 8b 15 84 11 ec 6b e6 48 75 bd 43 c2 ba ad 86 ab a6 de 9b 7b e8 a5 57 84 46 3e 61 83 d4 d7 b8 f8 96 e6 d6 5d 26 ea 50 08 96 68 ce f5 c7 18 15 f3 d6 ab 6b 70 36 de c0 07 18 53 eb 8a fa 2c 27 99 ea 66 0b dc 47 a7 6a 3e 31 3a fc 51 47 7d ac 35 be a5 ac ce ef 73 79 a8 a8 16 ea 0f 70 47 7f ca ab 7c 26 f0 86 a1 ae f8 86 e3 4d f0 fa c5 aa dd 46 c4 19 ad d8 05 64 07 05 b2 7b 56 36 b3 f0 e2 58 bc 29 a4 5d ea c9 75 6c fa 89 f2 f4 eb 69 0e 36 39 3d 5c 1e 8a 7a e6 be c1 fd 9b fc 15 e0 7f 80 3a 06 9f a8 f8 9b 51 d3 c7 8a 64 85 8b c3 04 de 63 30 63 c6 07 e1 d4 8c 75 ac 31 75 63 87 a7 cb 0f 8e 5f d5 ff 00 ae a7 8b 0b c5 de 27 8c fc 46 f8 6f aa 78 0e 50 da 93 5b 91 79 19 64 10 49 Data Ascii: 5Nv_j>kHuC{WF>a]&Phkp6S,'fGj>1:QG}5sypG\|&MFd{V6X)]uli69=\z:Qdc0cu1uc_'FoxP[ydI
2023-06-07 22:22:02 UTC	4562	IN	Data Raw: df 1e 7c 29 37 87 a1 b1 d2 ad a4 d3 e6 12 f9 41 bc b1 92 e7 8e 3f a9 ab ff 00 11 7e 1f 6a 3a ff 00 81 ad ad a4 95 75 9f 10 dc c7 e6 c4 21 61 0c 76 aa 06 49 2d df 8e 3d eb 86 54 ea d6 7c 90 b7 2a b3 db ef f3 6c f2 9d 9e 89 ec 7c ff 00 65 f1 72 6b 7f 14 1b bf 16 e8 91 f8 8a e5 e3 55 b4 b9 96 6f 2c 5b b8 27 e6 45 2a 43 67 f0 e9 5c fe bb e2 bb af 11 6a 97 57 37 f3 4a 88 38 58 f2 06 c5 3d b8 ed 5d 6f 8a 7c 39 a0 f8 7b e1 df 87 b5 1d 5b 56 d3 af f5 7f 30 ec b1 8d bf 79 1a 67 92 c4 1e a3 a5 70 37 3a 96 9d 73 15 e2 da 5b 83 29 26 47 69 1b 24 2f 65 ae da 70 54 da f7 2c ff 00 0f 5d ce ca 51 4a 5b 15 2f 5a 5f 32 d6 46 92 18 ac a4 60 a4 64 ee 2a 07 51 58 b1 eb 50 eb b0 cd 6d 03 34 71 c0 e7 68 1f 33 4a 33 eb db 14 9a 9e a2 13 4e dd 7b 3f 95 6c 48 05 47 f0 7a 57 1b e1 Data Ascii: \|)7A?~j:u!avI-=T\|l\|erkUo,['ECg\jW7J8X=]o\|9{[V0ygp7:s[)&Gi$/epT,]QJ[/Z_2F`d*QXPm4qh3J3N{?lHGzW
2023-06-07 22:22:02 UTC	4578	IN	Data Raw: d7 1e b5 ca eb 24 a2 93 fc 3e 94 14 8f 39 f1 32 20 0e db 54 0f 41 5e 0d e3 e8 4a f8 83 49 99 49 0a b2 b0 20 b7 b5 7b 6f 8a a6 2a 19 89 c6 3a 73 5e 17 e3 c5 fb 4e b9 a4 2e 4a aa c8 ce cd db a7 4a f3 ea 3b 33 a6 07 d1 7a 96 87 75 6d 7b 16 a5 67 36 e5 f2 95 7e ce 78 e0 01 93 fa 57 4b e1 ff 00 13 43 78 ce 81 97 cd 18 42 a7 b1 22 a9 78 2f c4 5a 7f 8b d2 16 b6 7d 93 c5 1f cf 03 f0 d9 c6 38 f5 1d 6b 5e 7f 02 69 ba 8d e2 4e 9b ec ef 97 e6 12 46 70 0e 3b 11 dc 73 58 72 c6 a2 b6 c5 f3 38 3d 4e 93 4c 99 d2 e2 ed 80 0c 38 c1 fc 45 6b 58 5b f9 ac ee 41 42 3b 7d 73 cf e9 5c 8a dd ea 3e 1c 8e e3 fb 4a 30 cb c7 96 f1 fd c2 33 ff 00 ea ae b3 48 bc 4b f9 19 53 8d b6 eb 26 07 be 58 1f c9 a8 70 71 76 64 73 26 ae 85 b2 88 ad d4 6f c1 01 24 8f df 92 05 41 75 a5 47 24 32 2b ae Data Ascii: $>92 TA^JII {o*:s^N.JJ;3zum{g6~xWKCxB"x/Z}8k^iNFp;sXr8=NL8EkX[AB;}s\>J03HKS&Xpqvds&o$AuG$2+

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4561	OUT	GET /content/dam/hsbc/gb/images/cma/feb-2023/desktop/overall-service-quality-ni.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4585	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 59131 Connection: close Date: Sun, 04 Jun 2023 11:28:03 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Fri, 02 Jun 2023 17:31:32 GMT Accept-Ranges: bytes S: dispatcher2euwest1 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=2592000, s-maxage=2592000 X-Cache: Hit from cloudfront Via: 1.1 6f5ba49c3df973a476d63dbb743d9b22.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: stUDtWzaR44fw1DSAwIycvNK-5e05CWz1VTAaiIRV48PkxpmhMj_nA== Age: 298439
2023-06-07 22:22:02 UTC	4585	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 01 f0 02 4e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCN"}!1AQa"q2
2023-06-07 22:22:02 UTC	4601	IN	Data Raw: 5f fc 5f d5 f5 df f8 52 de 2a d4 7c 21 a1 47 af f8 81 b4 69 e5 d3 b4 6d 46 02 16 ea 53 11 2b 14 91 36 09 ce 70 63 38 27 ee 9c 66 bb cc 51 b4 7a 50 07 c0 be 15 f0 87 88 7c 51 fb 54 fe cf be 22 8e f3 e2 86 bb a3 68 36 ba e4 57 97 be 30 f0 aa 69 76 da 64 f2 e9 c2 34 86 38 e3 b4 b7 f2 54 e0 fc cd be 32 52 34 46 24 9c f6 df b3 15 ce b5 f0 a3 e1 07 81 be 0f 6b ff 00 0e 75 ff 00 11 f8 c3 48 d7 26 82 fa e6 f3 4a 95 74 c8 e2 37 d3 4f fd a6 b7 ef 1b 40 fb 51 96 45 55 7f 30 be 17 01 ba 7d 89 81 46 28 03 e3 ef 01 5e 6b 5f 06 23 f8 bf e0 fd 6f e1 d7 88 3c 75 ac f8 93 c7 17 fa ce 93 6c 9a 4c b3 69 9a a5 a5 e3 c4 62 f3 6f 7c b7 b7 80 46 32 ae 26 2a 54 47 c0 23 15 ad f0 f3 58 bf fd 9b fe 21 7c 68 b7 f1 4f 85 fc 59 e2 05 f1 3f 89 a5 f1 36 8f ab e8 1a 0d d6 aa 97 b6 f2 db Data Ascii: __R\|!GimFS+6pc8'fQzP\|QT"h6W0ivd48T2R4F$kuH&Jt7O@QEU0}F(^k_#o<ulLibo\|F2&TG#X!\|hOY?6
2023-06-07 22:22:02 UTC	4618	IN	Data Raw: 5a 94 ef 86 84 42 bd d9 d8 63 f4 cd 7a 15 14 5c 2c 65 68 9a 04 1a 32 12 a7 cd 9d be f4 a4 63 f0 1e 82 b5 68 a2 90 c2 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 2b 23 5e f1 7e 85 e1 65 8d b5 ad 6b 4e d2 16 53 84 37 f7 71 c0 1f e9 b8 8c d2 6d 45 5d 95 18 ca 6f 96 2a ec d7 a2 a1 b4 bc b7 d4 2d a3 b8 b5 9e 3b 9b 79 06 e4 96 17 0e 8c 3d 41 1c 1a 9a 98 9a b6 8c 28 a2 8a 04 14 84 e2 96 90 8c e2 80 3e 65 f1 b7 fc 14 57 e0 af 81 bc 51 7f a1 5c eb 97 ba 8d d5 8c 86 19 e5 d3 2c 9a 78 44 80 e1 94 3e 40 6c 1e 09 5c 8c f7 ac 3f f8 7a 0f c0 ff 00 f9 fd d7 7f f0 56 df fc 55 7e 3b 33 16 24 93 93 ea 6b d1 bc 2f fb 3e 78 e7 c4 d6 30 ea 72 68 d2 68 7e 1f 78 be d0 fa de b6 45 9d a2 43 ff 00 3d 77 49 8d eb d8 6c 07 27 00 66 be fd e4 78 2a 71 4e Data Ascii: ZBcz\,eh2ch((((((+#^~ekNS7qmE]o-;y=A(>eWQ\,xD>@l\?zVU~;3$k/>x0rhh~xEC=wIl'fxqN
2023-06-07 22:22:02 UTC	4634	IN	Data Raw: ba 83 e6 8c 93 e5 fb 2e d7 47 cf 7f 18 3c 11 e3 af 10 ea ff 00 0f b5 1b 6d 1e 2f 10 5e 68 93 35 ed f7 d9 ee 22 b6 85 a4 32 46 e2 24 f3 18 36 d0 23 db b8 83 c6 09 c9 cd 5c f1 85 97 c4 4f 8b 37 9a 3e 85 aa 78 38 78 67 c2 cd 79 1c da a4 bf da 70 5c bc d1 21 dd b3 0a c0 80 48 1d 01 39 c1 e8 08 3e f1 45 63 0c de a4 21 4e 3e ca 37 85 f9 5f bd 75 76 dd d2 e6 b5 d3 7a 69 a1 bd 4e 1d a5 52 a5 59 ba f5 14 6a f2 f3 c6 f1 b4 b9 52 8d 9b 71 72 b3 4a ce d2 d7 53 c5 7e 28 7e cf 3e 1d d4 fc 05 ab 5b 78 67 c3 f6 36 7a e6 c5 92 da 48 e3 0a c5 95 83 14 0c 4f 1b 80 2b d4 0e 46 6a af 8b 34 0f 19 f8 bf f6 73 87 c3 ef a2 4c 7c 4d 22 5b da cf 04 97 10 a9 22 27 56 f3 37 97 da 72 10 77 ce 58 f1 5e e9 45 45 3c db 11 08 d3 53 f7 dc 27 ce 9c ae dd f4 d3 7d b4 5a 1a d6 e1 fc 1d 49 55 Data Ascii: .G<m/^h5"2F$6#\O7>x8xgyp\!H9>Ec!N>7_uvziNRYjRqrJS~(~>[xg6zHO+Fj4sL\|M"["'V7rwX^EE<S'}ZIU

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4617	OUT	GET /8456/handler9/session.json HTTP/1.1 Host: www.mcmprod.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; csaHSBCCDID=null_2_bab5298f20cf45d183c9bae79258296a; csaHSBCCDuvt=d810b33dae0d4b9aa0923c91bf7fffb6; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2; MCM-PROD-WDC=3498363658.47873.0000; TS01977c0f=0105ea404aba623627d60f60cab85d7d34cc40ddf3d6c1590b182eaf538e8f58e6ef77d7cfe966f66479c0a22a31d466c20031be7a; vtz47gabsosd=csaHSBC__2834781601_1686208919446_1686176519198_8456
2023-06-07 22:22:02 UTC	4644	IN	HTTP/1.1 400 Bad Request Date: Wed, 07 Jun 2023 22:22:02 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Length: 0 Vary: User-Agent S: LWSMCMRP103UK Connection: close Content-Type: application/json

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4645	OUT	GET /8456/28347814390/XBW09WEA78JG/jsEvent.json HTTP/1.1 Host: www.mcmprod.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; csaHSBCCDID=null_2_bab5298f20cf45d183c9bae79258296a; csaHSBCCDuvt=d810b33dae0d4b9aa0923c91bf7fffb6; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2; MCM-PROD-WDC=3498363658.47873.0000; TS01977c0f=0105ea404aba623627d60f60cab85d7d34cc40ddf3d6c1590b182eaf538e8f58e6ef77d7cfe966f66479c0a22a31d466c20031be7a; vtz47gabsosd=csaHSBC__2834781601_1686208919446_1686176519198_8456
2023-06-07 22:22:02 UTC	4649	IN	HTTP/1.1 400 Bad Request Date: Wed, 07 Jun 2023 22:22:02 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Length: 0 Vary: User-Agent S: LWSMCMRP103UK Connection: close Content-Type: application/json

Timestamp	kBytes transferred	Direction	Data
2023-06-07 22:22:02 UTC	4646	OUT	GET /etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/social/facebook.svg HTTP/1.1 Host: www.hsbc.co.uk Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS01b4284e=01a9092955a74fdbbd35be027e617852b6632793be4a581eccfd6cdd7c7087b2958f6e1673a29a3d2c6b62d9e019cc49b065bf5619; tms_ref=; servicingTrafficManagement2=SegmentNewJourney; servicingTrafficManagement3=SegmentNewJourney; utag_main=v_id:018899e22632001bd428557dc6180006f001706700918$_sn:1$_se:1$_ss:1$_st:1686210714997$ses_id:1686208914997%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1688800915227; dclid=undefined; usy46gabsosd=csaHSBC__2834781601_1686208918076_1686176519198_8456; csaHSBCkey=bab5298f20cf45d183c9bae79258296a; csaHSBCuvt=d810b33dae0d4b9aa0923c91bf7fffb6_1686176519198_2834781601_1686176519198_1; csaHSBCDBID=null_2
2023-06-07 22:22:02 UTC	4647	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 950 Connection: close Date: Tue, 06 Jun 2023 12:35:51 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubdomains Last-Modified: Sat, 03 Jun 2023 04:19:42 GMT Accept-Ranges: bytes S: dispatcher2euwest1 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Cache-Control: max-age=7776000, s-maxage=7776000 Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 48c20cb247b267a59a8191c4d3bd787c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MUC50-C1 X-Amz-Cf-Id: qW2MvWTIcfu_rM7JbM1X8Jk82GzKiXlnVKpF8-6YK_VEG40wO6HVcg== Age: 121571
2023-06-07 22:22:02 UTC	4648	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 31 39 2e 30 2e 30 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 66 61 63 65 62 6f 6f 6b 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_facebook" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0