Windows Analysis Report
http://lloydschatonline.com/

Overview

General Information

Sample URL: http://lloydschatonline.com/
Analysis ID: 1501484
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
HTML body with high number of embedded images detected
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Uses insecure TLS / SSL version for HTTPS connection

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://lloydschatonline.com/ Avira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: http://lloydschatonline.com/img/lb_business_homepage_alexcave_1500x750.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/scripts/script.js Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_bb_servicequal_700x400_feb_2024_1.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/fonts/lloyds_bank_jack-mediumWEB.woff2 Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/answers.css Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/fonts/lloyds_bank_jack-lightWEB.woff2 Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/Lloyds-LiveChat.exe Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_business_banking_qr_mobile_app.png Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right-hover.svg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_bus_homepage_fraud-promo.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_business_bank_accounts_to_help_you_thrive_hp_hero_v4.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/scripts/jquery-3.7.0.min.js Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/start-a-business-hero_photo_mobile.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/fonts/lloyds_bank_jack-regularWEB.woff2 Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/fonts/lloyds_bank_jack-boldWEB.woff2 Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.css Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/clientlibs/icons/list-styles/tick-white.svg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_bus_homepage_help-banner.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right.svg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/lb_bus_homepage_colwith-promo.jpg Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/fscs.gif Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/img/favicon.ico Avira URL Cloud: Label: phishing
Source: http://lloydschatonline.com/css/clientlibs-css.min.dadd5b8770a1fdc12ff43d774137aab0.css Avira URL Cloud: Label: phishing

Phishing
barindex
Phishing site detected (based on favicon image match)
Source: http://lloydschatonline.com/ Matcher: Template: lloyds matched with high similarity
HTML body with high number of embedded images detected
Source: https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.html HTTP Parser: Total embedded image size: 15858
Source: https://www.lloydsbank.com/business/take-payments-with-cardnet.html HTTP Parser: Total embedded image size: 15858
Source: https://www.lloydsbank.com/international.html HTTP Parser: Total embedded image size: 15858
Source: https://www.lloydsbank.com/private-banking.html HTTP Parser: Total embedded image size: 15858
Source: https://www.lloydsbank.com/business/home.html#flyout HTTP Parser: Total embedded image size: 15858
Source: https://www.lloydsbank.com/business/home.html HTTP Parser: Total embedded image size: 15858
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49742 version: TLS 1.0
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr, 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp.0.dr
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49742 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/javascriptlast-modified: Fri, 26 May 2023 20:42:54 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 30387date: Thu, 29 Aug 2024 22:34:20 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 bc bd 7b 77 db c6 d5 37 fa ff 59 eb fd 0e 22 ea aa 80 39 a4 44 a7 c9 fb 14 14 c2 e5 c8 76 e3 36 89 13 db b9 b4 14 e3 05 93 23 09 31 04 30 00 a8 4b 44 f6 b3 9f fd db 73 c1 e0 42 39 e9 7a ce 49 6b 11 97 c1 5c f7 ec d9 f7 7d f4 78 70 f0 cb 77 1b 59 dc 1d 5c 7f 32 fe bf e3 e3 83 ed 81 bf 0c 0e 5e ad 65 f6 8f 37 07 2f f2 4d b6 8a ab 24 cf 0e e2 6c 75 90 57 97 b2 38 58 e6 59 55 24 ef 37 55 5e 94 54 fc 97 5f f1 f9 38 2f 2e 8e d2 64 29 b3 52 1e 3c 3e fa 3f ff cf e0 7c 93 2d f1 a5 2f 45 15 dc 7b 1b 7a 5e d2 77 cb ca 9b 7a f9 fb 5f 24 5d 44 51 75 b7 96 f9 f9 c1 55 be da a4 f2 f0 70 cf 8b b1 bc 5d e7 45 55 ce 9a b7 91 1c af f2 e5 e6 4a 66 d5 ac a2 66 06 c7 41 58 b7 1a dc 27 e7 fe a0 2e 12 54 97 45 7e 73 90 c9 9b 83 e7 45 91 17 be a7 07 5e c8 5f 37 49 21 cb 83 f8 e0 26 c9 56 54 e6 26 a9 2e e9 ce 7c e9 05 d3 42 56 9b 22 3b a0 56 82 5d c8 7f 7d 8f a6 46 9e 27 99 5c 79 03 d3 5d f5 fd 4c fd 84 d5 65 52 0a db a1 44 0a d9 9a 87 eb b8 38 c8 65 34 5f 88 22 7a c5 23 1f 5f c8 ea db 22 af 72 54 f8 ea 5c c4 32 ca e5 b8 c4 c4 8a 0b 5c 9e a7 71 35 73 07 a9 7b a6 5f 8d 97 71 9a 72 27 fb cb d0 da 2d a9 54 bc 5e a7 77 3e b5 4b 25 45 89 7a d7 9b f2 52 94 dc 1a 75 5e de 52 db 59 74 bf 13 49 94 8d ab fc 0d 75 38 bb 10 1b 49 77 97 71 f9 ea 26 a3 4e ae 65 51 dd 89 3c da c8 ba 44 1c e5 aa 0b 6a 38 81 48 25 6a b9 8e ba dd f1 cc a3 7a b5 01 01 d9 e6 ea bd 2c ea 29 95 e3 2c 5f c9 b7 74 43 2f ed 27 ce eb a4 92 57 3b 71 d7 d3 c2 41 b6 49 d3 41 44 1f ca 28 22 60 51 cb b2 13 a7 51 52 83 85 d8 44 f7 a8 2b 1c 1c 8b b2 58 e2 27 a3 49 92 ea e2 6b 06 38 ba de 4d 4d fd 07 57 80 68 91 05 f7 58 be 42 24 34 05 7e 16 65 db ed 69 30 5e 16 32 ae e4 f3 54 a2 6a df 2b 97 45 b2 06 fc 10 28 e6 e3 4a de 56 11 76 c3 39 41 5f 71 90 64 07 9b c0 4f a2 6a 5e 2c b6 5b 5e fa a7 95 da 59 d4 e5 e6 bd 5f 04 c1 e1 61 3e 2e 1b cf 44 12 4c 69 41 64 bc c2 8a ca 6c 75 7a 99 a4 2b 3f 0f c6 eb b8 a0 0e 7c 43 33 37 2e e4 55 7e 2d cd 9b 9d 1d c6 6d 6b a2 68 86 66 72 e8 79 61 67 13 ca ed b6 6f b1 66 d9 3c 31 f0 46 03 30 9f 85 e6 fd 0e f3 53 45 1e e3 15 4f a4 d1 d1 97 6f bf fe ea d1 51 22 96 32 6a 62 07 d3 0d da 9b 4b 02 e4 8c 60 30 a9 f8 95 33 ef 4b 74 58 d5 39 18 00 1a 52 99 5d 54 97 1e cd 23 96 78 ac 6e 09 6c 31 32 bd 63 07 d7 74 7d 78 38 b8 e3 1f df 8b 8b 22 be a3 31 60 b9 8e e9 a7 a2 7e 6b 88 b3 03 ab 0e 0f 8f 4f e8 4f 35 9a 60 8d a4 33 67 e7 b2 d1 5f 05 9b df c4 57 dc be b9 a6 dd f0 55 7e 23 8b d3 b8 94 7e 80 46 9a 4f 76 3c c4 88 fe ae cd 4e 8f ee 15 16 0d 2b 41 3b 94 d0 c3 66 49 d8 35 a4 4d af 06 15 1e 8b 2a 7f 8a be d7 fb da f6 22 96 6a 15 80 6e 68 3b 13 d8 f4 6d 7e b3 c4 8d d2 a1 3c 39 9e e1 6a 2e 87 f8 d1 73 b8 08 d5 b3 c5 4e 00 2f bc a9 e2 e5 87 46 9d 6a 15 68 04 57 b2 b8 90 5c d7 d
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/javascriptlast-modified: Tue, 26 Mar 2024 00:03:06 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 281date: Thu, 29 Aug 2024 22:34:21 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 8f 4d 4b c3 40 10 86 ef 85 fe 87 71 2d 74 03 26 ea d5 36 05 f5 5a 9b 43 51 cf d3 dd 49 bb ba d9 0d d9 49 9a 22 fd ef 26 20 2d 88 e2 e7 5c 67 de 77 9e 67 24 b5 57 75 41 8e a3 a4 22 d4 3b 99 d7 4e b1 f1 0e 64 04 2f c3 01 74 63 72 90 0e 1b b3 46 f6 55 82 65 f9 40 55 e8 4e 12 e3 34 b5 59 2e c5 a3 71 22 82 93 14 e2 cb 43 aa 9f 6c b9 c0 82 20 85 fe 42 fb 6d 10 93 e3 72 24 c5 a9 b6 37 35 b3 ef d2 c9 86 0b 2b c5 34 94 e8 40 59 0c 21 1d af d8 c5 4c 2d 8f 67 59 49 0e e6 a6 21 50 1b 64 e8 f0 de 0a a7 e7 7d 60 26 a2 cf 8b 91 b9 92 62 53 51 2e ce 40 cc ad df e9 10 f7 5d b7 5d 55 42 2d 1d c2 7b 20 1b e8 1b be 77 a8 be f0 2d 50 65 cb ff b3 ed 1e fe d9 54 17 eb f7 a6 1f a2 df bb 67 e7 b7 ee b7 f0 0b cf 70 dd a0 b1 b8 b2 f4 63 e8 27 6c 30 a8 ca 94 7c d5 78 a3 e5 45 34 39 42 0f 07 fb 68 f2 0a 83 32 2b 74 b3 02 00 00 Data Ascii: MK@q-t&6ZCQII"& -\gwg$WuA";Nd/tcrFUe@UN4Y.q"Cl Bmr$75+4@Y!L-gYI!Pd}`&bSQ.@]]UB-{ w-PeTgpc'l0|xE49Bh2+t
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/javascriptlast-modified: Tue, 26 Mar 2024 00:03:06 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 281date: Thu, 29 Aug 2024 22:34:24 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 8f 4d 4b c3 40 10 86 ef 85 fe 87 71 2d 74 03 26 ea d5 36 05 f5 5a 9b 43 51 cf d3 dd 49 bb ba d9 0d d9 49 9a 22 fd ef 26 20 2d 88 e2 e7 5c 67 de 77 9e 67 24 b5 57 75 41 8e a3 a4 22 d4 3b 99 d7 4e b1 f1 0e 64 04 2f c3 01 74 63 72 90 0e 1b b3 46 f6 55 82 65 f9 40 55 e8 4e 12 e3 34 b5 59 2e c5 a3 71 22 82 93 14 e2 cb 43 aa 9f 6c b9 c0 82 20 85 fe 42 fb 6d 10 93 e3 72 24 c5 a9 b6 37 35 b3 ef d2 c9 86 0b 2b c5 34 94 e8 40 59 0c 21 1d af d8 c5 4c 2d 8f 67 59 49 0e e6 a6 21 50 1b 64 e8 f0 de 0a a7 e7 7d 60 26 a2 cf 8b 91 b9 92 62 53 51 2e ce 40 cc ad df e9 10 f7 5d b7 5d 55 42 2d 1d c2 7b 20 1b e8 1b be 77 a8 be f0 2d 50 65 cb ff b3 ed 1e fe d9 54 17 eb f7 a6 1f a2 df bb 67 e7 b7 ee b7 f0 0b cf 70 dd a0 b1 b8 b2 f4 63 e8 27 6c 30 a8 ca 94 7c d5 78 a3 e5 45 34 39 42 0f 07 fb 68 f2 0a 83 32 2b 74 b3 02 00 00 Data Ascii: MK@q-t&6ZCQII"& -\gwg$WuA";Nd/tcrFUe@UN4Y.q"Cl Bmr$75+4@Y!L-gYI!Pd}`&bSQ.@]]UB-{ w-PeTgpc'l0|xE49Bh2+t
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: public, max-age=604800expires: Thu, 05 Sep 2024 22:34:25 GMTcontent-type: image/x-iconlast-modified: Mon, 25 Mar 2024 23:15:06 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 359date: Thu, 29 Aug 2024 22:34:25 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 20 a9 c0 90 c1 c2 c0 20 c6 c0 c0 a0 01 c4 40 21 a0 08 44 1c 0c 58 18 30 c0 7f 2a 01 25 45 d5 ff 4f 9e 3c 81 b3 27 4f 9a 42 b4 de b6 d6 8e ff a1 21 11 60 f6 e6 cd 5b c0 fa 49 b5 7b ef de 7d 70 f6 fb f7 ef 49 d2 bf 64 c9 52 b0 fd 33 67 ce fc 5f 5e 56 41 94 9e 33 67 ce c0 d9 87 0f 1f 01 db 6b 6c 6c fe 5f 45 59 03 6c 1e 3e 00 f2 a3 b1 91 19 9c 0f b2 13 a4 5f 5c 4c fa bf a4 84 ec 7f 0d 75 1d 70 98 64 66 64 83 31 c8 5d 20 3b fe fd fb 07 56 0f 0b ab f3 e7 cf 83 c3 3c 2a 22 06 ac 26 34 34 f4 3f 2b 0b 3b 18 0b f0 0b ff 17 16 12 fb 2f 2b a3 00 36 5b 5e 4e e9 bf 9f 5f 20 d8 5c 90 dd 20 f3 40 34 48 1d c8 7e 10 06 b1 41 38 2d 2d 0d ac 07 84 41 fa c5 44 25 e1 66 81 f4 c0 70 6d 6d 03 5c 1f 88 0f f2 37 c8 6f eb d7 6f 00 b3 41 fa 9d 9d dc c0 fa 1c ec ec ff 5b 5a d8 80 f5 80 d4 c2 d2 0a c8 1d 27 8e 9f f8 7f eb e6 2d 9c e1 05 52 0f d2 0f 0a 0b 52 00 28 3c 40 e6 82 f4 81 f4 27 c4 27 90 ac 1f e4 77 18 06 f9 85 54 00 b2 17 a6 1f 96 46 49 01 a0 f0 8c 8f 4b 02 d3 e4 00 90 ff 8f 03 c3 17 17 c0 2c 11 48 03 00 6a 3d 6e 12 7e 04 00 00 Data Ascii: c``B @!DX0*%EO<'OB!`[I{}pIdR3g_^VA3gkll_EYl>_\Lupdfd1] ;V<*"&44?+;/+6[^N_ \ @4H~A8--AD%fpmm\7ooA[Z'-RR(<@''wTFIK,Hj=n~
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: public, max-age=604800expires: Thu, 05 Sep 2024 22:34:26 GMTcontent-type: image/x-iconlast-modified: Mon, 25 Mar 2024 23:15:06 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 359date: Thu, 29 Aug 2024 22:34:26 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 06 20 a9 c0 90 c1 c2 c0 20 c6 c0 c0 a0 01 c4 40 21 a0 08 44 1c 0c 58 18 30 c0 7f 2a 01 25 45 d5 ff 4f 9e 3c 81 b3 27 4f 9a 42 b4 de b6 d6 8e ff a1 21 11 60 f6 e6 cd 5b c0 fa 49 b5 7b ef de 7d 70 f6 fb f7 ef 49 d2 bf 64 c9 52 b0 fd 33 67 ce fc 5f 5e 56 41 94 9e 33 67 ce c0 d9 87 0f 1f 01 db 6b 6c 6c fe 5f 45 59 03 6c 1e 3e 00 f2 a3 b1 91 19 9c 0f b2 13 a4 5f 5c 4c fa bf a4 84 ec 7f 0d 75 1d 70 98 64 66 64 83 31 c8 5d 20 3b fe fd fb 07 56 0f 0b ab f3 e7 cf 83 c3 3c 2a 22 06 ac 26 34 34 f4 3f 2b 0b 3b 18 0b f0 0b ff 17 16 12 fb 2f 2b a3 00 36 5b 5e 4e e9 bf 9f 5f 20 d8 5c 90 dd 20 f3 40 34 48 1d c8 7e 10 06 b1 41 38 2d 2d 0d ac 07 84 41 fa c5 44 25 e1 66 81 f4 c0 70 6d 6d 03 5c 1f 88 0f f2 37 c8 6f eb d7 6f 00 b3 41 fa 9d 9d dc c0 fa 1c ec ec ff 5b 5a d8 80 f5 80 d4 c2 d2 0a c8 1d 27 8e 9f f8 7f eb e6 2d 9c e1 05 52 0f d2 0f 0a 0b 52 00 28 3c 40 e6 82 f4 81 f4 27 c4 27 90 ac 1f e4 77 18 06 f9 85 54 00 b2 17 a6 1f 96 46 49 01 a0 f0 8c 8f 4b 02 d3 e4 00 90 ff 8f 03 c3 17 17 c0 2c 11 48 03 00 6a 3d 6e 12 7e 04 00 00 Data Ascii: c``B @!DX0*%EO<'OB!`[I{}pIdR3g_^VA3gkll_EYl>_\Lupdfd1] ;V<*"&44?+;/+6[^N_ \ @4H~A8--AD%fpmm\7ooA[Z'-RR(<@''wTFIK,Hj=n~
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /business/banking-online/online-for-business/register-for-online-for-business.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /business/take-payments-with-cardnet.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/take-payments-with-cardnet.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/take-payments-with-cardnet.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /international.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/international.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/international.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /private-banking.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/private-banking.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/private-banking.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /business/home.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/home.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/home.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /business/home.html HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/home.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lloydsbank.com/business/home.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js HTTP/1.1Host: www.lloydsbank.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/clientlibs-css.min.dadd5b8770a1fdc12ff43d774137aab0.css HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.css HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/answers.css HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/jquery-3.7.0.min.js HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/script.js HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_bank_accounts_to_help_you_thrive_hp_hero_v4.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_colwith-promo.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_homepage_alexcave_1500x750.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bb_servicequal_700x400_feb_2024_1.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/jquery-3.7.0.min.js HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/fscs.gif HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/start-a-business-hero_photo_mobile.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_help-banner.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/clientlibs/icons/sprite-icons/chevron-right.svg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/clientlibs/icons/sprite-icons/chevron-right-hover.svg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/lloyds_bank_jack-lightWEB.woff2 HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveOrigin: http://lloydschatonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/lloyds_bank_jack-regularWEB.woff2 HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveOrigin: http://lloydschatonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/lloyds_bank_jack-mediumWEB.woff2 HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveOrigin: http://lloydschatonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fonts/lloyds_bank_jack-boldWEB.woff2 HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveOrigin: http://lloydschatonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_homepage_alexcave_1500x750.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_colwith-promo.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bb_servicequal_700x400_feb_2024_1.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scripts/script.js HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_bank_accounts_to_help_you_thrive_hp_hero_v4.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/fscs.gif HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_banking_qr_mobile_app.png HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/clientlibs/icons/list-styles/tick-white.svg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_fraud-promo.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/start-a-business-hero_photo_mobile.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_help-banner.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://lloydschatonline.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_business_banking_qr_mobile_app.png HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/lb_bus_homepage_fraud-promo.jpg HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Lloyds-LiveChat.exe HTTP/1.1Host: lloydschatonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: lloydschatonline.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: www.lloydsbank.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 29 Aug 2024 22:34:22 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 29 Aug 2024 22:34:22 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 29 Aug 2024 22:34:24 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_97.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49777 version: TLS 1.2
PE file does not import any functions
Source: chromecache_97.2.dr Static PE information: No import functions for PE file found
Source: Unconfirmed 882903.crdownload.0.dr Static PE information: No import functions for PE file found
Source: 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp.0.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp.0.dr Static PE information: Data appended to the last section found
Source: classification engine Classification label: mal60.phis.win@25/58@10/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://lloydschatonline.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 --field-trial-handle=1684,i,11816955474725796620,6603347414342202885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: C:\Users\anyadmin\Documents\anydesk\release\app-32\win_loader\AnyDesk.pdb source: Unconfirmed 882903.crdownload.0.dr, chromecache_97.2.dr, 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp.0.dr
PE file contains an invalid checksum
Source: 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp.0.dr Static PE information: real checksum: 0x4ff5b1 should be: 0xdbde
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 97 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 882903.crdownload Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 97
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 97 Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1501484 URL: http://lloydschatonline.com/ Startdate: 30/08/2024 Architecture: WINDOWS Score: 60 36 Antivirus detection for URL or domain 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 Phishing site detected (based on favicon image match) 2->40 6 chrome.exe 11 2->6         started        10 chrome.exe 2->10         started        process3 dnsIp4 24 192.168.2.4 unknown unknown 6->24 26 192.168.2.6, 443, 49221, 49704 unknown unknown 6->26 28 239.255.255.250 unknown Reserved 6->28 18 C:\Users\...\Unconfirmed 882903.crdownload, PE32 6->18 dropped 20 65f3a430-8ad4-48c0-b8c5-5be51dbb20fb.tmp, PE32 6->20 dropped 12 chrome.exe 6->12         started        16 chrome.exe 6->16         started        file5 process6 dnsIp7 30 www.google.com 172.217.16.132, 443, 49724, 49771 GOOGLEUS United States 12->30 32 lloydschatonline.com 193.143.1.14, 49716, 49717, 49720 BITWEB-ASRU unknown 12->32 34 3 other IPs or domains 12->34 22 Chrome Cache Entry: 97, PE32 12->22 dropped file8
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
23.37.52.3
 s5933.cdn.lloydsbanking.com United States
16625 AKAMAI-ASUS false
23.36.238.55
 unknown United States
16625 AKAMAI-ASUS false
193.143.1.14
 lloydschatonline.com unknown
57271 BITWEB-ASRU false
172.217.16.132
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
lloydschatonline.com 193.143.1.14 true
bg.microsoft.map.fastly.net 199.232.214.172 true
s5933.cdn.lloydsbanking.com 23.37.52.3 true
www.google.com 172.217.16.132 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
www.lloydsbank.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://lloydschatonline.com/fonts/lloyds_bank_jack-mediumWEB.woff2 true
  • Avira URL Cloud: phishing
 unknown
http://lloydschatonline.com/img/lb_bb_servicequal_700x400_feb_2024_1.jpg true
  • Avira URL Cloud: phishing
 unknown
https://www.lloydsbank.com/private-banking.html false
    		unknown
    http://lloydschatonline.com/css/answers.css true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/scripts/script.js true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/Lloyds-LiveChat.exe true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right-hover.svg true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/img/lb_business_banking_qr_mobile_app.png true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/img/lb_bus_homepage_fraud-promo.jpg true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/fonts/lloyds_bank_jack-lightWEB.woff2 true
    • Avira URL Cloud: phishing
    		 unknown
    http://lloydschatonline.com/ true
      		unknown
      http://lloydschatonline.com/img/lb_business_homepage_alexcave_1500x750.jpg true
      • Avira URL Cloud: phishing
      		 unknown
      https://www.lloydsbank.com/business/home.html#flyout false
        		unknown
        https://www.lloydsbank.com/business/home.html false
          		unknown
          http://lloydschatonline.com/img/lb_business_bank_accounts_to_help_you_thrive_hp_hero_v4.jpg true
          • Avira URL Cloud: phishing
          		 unknown
          http://lloydschatonline.com/img/start-a-business-hero_photo_mobile.jpg true
          • Avira URL Cloud: phishing
          		 unknown
          http://lloydschatonline.com/fonts/lloyds_bank_jack-regularWEB.woff2 true
          • Avira URL Cloud: phishing
          		 unknown
          http://lloydschatonline.com/css/clientlibs.min.d2a9afb580fa8e2437425cef337b2627.css true
          • Avira URL Cloud: phishing
          		 unknown
          http://lloydschatonline.com/scripts/jquery-3.7.0.min.js true
          • Avira URL Cloud: phishing
          		 unknown
          https://www.lloydsbank.com/international.html false
            		unknown
            http://lloydschatonline.com/img/lb_bus_homepage_help-banner.jpg true
            • Avira URL Cloud: phishing
            		 unknown
            https://www.lloydsbank.com/business/take-payments-with-cardnet.html false
              		unknown
              https://www.lloydsbank.com/ruxitagentjs_ICA27SVfhjoqrux_10163190401123328.js false
              • Avira URL Cloud: safe
              		 unknown
              http://lloydschatonline.com/fonts/lloyds_bank_jack-boldWEB.woff2 true
              • Avira URL Cloud: phishing
              		 unknown
              http://lloydschatonline.com/css/clientlibs/icons/list-styles/tick-white.svg true
              • Avira URL Cloud: phishing
              		 unknown
              http://lloydschatonline.com/css/clientlibs/icons/sprite-icons/chevron-right.svg true
              • Avira URL Cloud: phishing
              		 unknown
              http://lloydschatonline.com/img/lb_bus_homepage_colwith-promo.jpg true
              • Avira URL Cloud: phishing
              		 unknown
              https://www.lloydsbank.com/business/banking-online/online-for-business/register-for-online-for-business.html false
                		unknown
                http://lloydschatonline.com/img/fscs.gif true
                • Avira URL Cloud: phishing
                		 unknown
                http://lloydschatonline.com/img/favicon.ico true
                • Avira URL Cloud: phishing
                		 unknown
                http://lloydschatonline.com/css/clientlibs-css.min.dadd5b8770a1fdc12ff43d774137aab0.css true
                • Avira URL Cloud: phishing
                		 unknown