| |  104.21.82.84 | 200 OK | 497 B |
IP104.21.82.84:80
File typeHTML document, ASCII text Hashd06b013ac8d552f6af8b1e2b927def31 a9bbf41acf7d7ce17ae390e9a8d86be3b90b549f 1a3e2fb9c1821e54b32131b4c29d94db96a7e30fc6dd6b278b507c4b829e67a8
GET /EsiWVFSm/ HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:50:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mtvYRZqQ4WfQtmM0rRbFgVGB%2BcGySHRNLTANYxNrj47GKaC0%2BsMeRM7lD2H0rDM3xWTdNQUuhuElNiR9x41N8eG2uggdkhV18IgyLlS5VTJkV74eMrbh9xYSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 92f4911baf7fb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=471&min_rtt=471&rtt_var=235&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=390&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| GET dcvlp.cn/EsiWVFSm/assets/index-DviQLoC8.css | 104.21.82.84 | 200 OK | 22 kB |
URL GET dcvlp.cn/EsiWVFSm/assets/index-DviQLoC8.css IP104.21.82.84:80
Requested byhttp://dcvlp.cn/EsiWVFSm/
File typeASCII text, with very long lines (22349) Hash1c799bfb28ab996067e16a620c0fc9b4 4cf7ab70fb48688c27f9bd03f00920ba616bd1b9 a73994907448f2a1c639b109148eca7de0b60c79781005d50dec1a40bc289f54
GET /EsiWVFSm/assets/index-DviQLoC8.css HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dcvlp.cn/EsiWVFSm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:50:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT
Vary: Accept-Encoding
ETag: W/"67c321ae-574e"
Expires: Mon, 12 May 2025 17:50:35 GMT
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49vP975QNdbHUsm93MV5wQqKHA2KrUbDkZRijer2FXMphRSB%2F1rD%2BQ4NQ1GjMdBBdzlA9wF7d6wlBSocMW0Z14rUhki0NcMiw0NP256YjSnHzDAsqMLl65Ym9w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 92f491213f385689-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=519&min_rtt=519&rtt_var=259&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=354&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| GET dcvlp.cn/EsiWVFSm/assets/index-C-6Nz0L-.js | 104.21.82.84 | 200 OK | 287 kB |
URL GET dcvlp.cn/EsiWVFSm/assets/index-C-6Nz0L-.js IP104.21.82.84:80
Requested byhttp://dcvlp.cn/EsiWVFSm/
File typeJavaScript source, ASCII text, with very long lines (35690) Size287 kB (286827 bytes) Hash2c7f4f67832c7255225b224bd7b52a56 1854d5bf01cf7ef10710dfe4796f79cd4ad836be bd43da3049906ed5da3083740dc10e5bb3f9364061bd0a8c0c6c8f6ec08b8ec7
| NIDS | Severity | Alert |
|---|
| suricata | medium | ETPRO PHISHING CoGUI Phish Landing Page M1 2025-01-02 |
GET /EsiWVFSm/assets/index-C-6Nz0L-.js HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dcvlp.cn/EsiWVFSm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:50:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT
Vary: Accept-Encoding
ETag: W/"67c321ae-4606b"
Expires: Mon, 12 May 2025 17:50:35 GMT
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P8XPdRigDDgNPfLgzdX7MezfG8kVNij%2FGK%2B1CWu9NuV7oY0LFRwpvR0hKBEcOxbvRhr6fMavdiGrcyzvyG8jfjPK6hRml1oKX%2FHfuWvsnrsefN6t2hEFasl4oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 92f49121195fb523-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=506&min_rtt=471&rtt_var=192&sent=4&recv=6&lost=0&retrans=0&sent_bytes=1169&recv_bytes=728&delivery_rate=4441717&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| POST dcvlp.cn/open/visitors/info/createOrGetUserInfo | 104.21.82.84 | 404 Not Found | 9 B |
URL POST dcvlp.cn/open/visitors/info/createOrGetUserInfo IP104.21.82.84:80
Requested byhttp://dcvlp.cn/EsiWVFSm/
File typeASCII text, with no line terminators Hash9d1ead73e678fa2f51a70a933b0bf017 d205cbd6783332a212c5ae92d73c77178c2d2f28 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
| NIDS | Severity | Alert |
|---|
| suricata | high | ETPRO PHISHING CoGUI Phish Landing Page 2024-12-31 |
POST /open/visitors/info/createOrGetUserInfo HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 379
Origin: http://dcvlp.cn
DNT: 1
Connection: keep-alive
Referer: http://dcvlp.cn/EsiWVFSm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Sat, 12 Apr 2025 17:50:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: http://dcvlp.cn
set-cookie: locale=en-us; path=/; max-age=31557600; expires=Sun, 12 Apr 2026 23:50:36 GMT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqhvUZ%2BwcLKMQG6M7m0F2HXynsc%2B5KrWvDLoI46u2SMY4Iwc3dFVEmCjfy2d4re2aGRHsJZtsJPRnvCB46mblB8%2BqESoqf%2BZmQRDmCnuFGCxnpbnZ40dyVZzHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 92f49124cd0e5689-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=610&min_rtt=519&rtt_var=138&sent=8&recv=10&lost=0&retrans=0&sent_bytes=6975&recv_bytes=1185&delivery_rate=12016597&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| GET dcvlp.cn/EsiWVFSm/faviconV2.png | 104.21.82.84 | 200 OK | 516 B |
URL GET dcvlp.cn/EsiWVFSm/faviconV2.png IP104.21.82.84:80
Requested byhttp://dcvlp.cn/EsiWVFSm/
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash11b2e63f0ad7440683da67fc5aea1ae8 4ca8f900a09775c36405106ff12c3d31cbdf908a 78d23af2cd79bce1640dd74fd18a8741574a770b74242f024a555fb584dbc33c
GET /EsiWVFSm/faviconV2.png HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://dcvlp.cn/EsiWVFSm/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:50:36 GMT
Content-Type: image/png
Content-Length: 516
Connection: keep-alive
Last-Modified: Sat, 26 Oct 2024 04:13:00 GMT
ETag: "671c6c4c-204"
Expires: Mon, 12 May 2025 17:50:36 GMT
Cache-Control: public, max-age=2592000
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iyZQ55adrpShZSc8YZl2ssfuU%2FnLWoR9nRm6RprDQBr8fqUoYqVYsO6R89ENrJUzT1dcTnoDiwsbM7VOoNodo6mCB%2BVkV3AVbLs7XtvpIIn1zcNsP%2FnpDNMcg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 92f49125ba71b523-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=1034&min_rtt=433&rtt_var=477&sent=81&recv=33&lost=0&retrans=1&sent_bytes=106060&recv_bytes=1077&delivery_rate=31627730&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| | 172.67.155.109 | 301 Moved Permanently | 497 B |
IP172.67.155.109:443
CertificateIssuerGoogle Trust Services Subjectdcvlp.cn Fingerprint5E:76:DE:A7:A7:14:23:F1:4C:D4:AB:04:5C:EB:1D:81:57:B2:8A:10 ValidityFri, 11 Apr 2025 12:49:08 GMT - Thu, 10 Jul 2025 13:47:41 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| PhishTank | phishing | Amazon.com |
GET /EsiWVFSm HTTP/1.1
Host: dcvlp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 12 Apr 2025 17:50:34 GMT
content-type: text/html
location: http://dcvlp.cn/EsiWVFSm/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YNm11ZZM86jfWvtOTtSwy%2BrWwkJqSLtyP8SUH%2BXMh%2BxbXphf84DyiCIenC0NhMy1PglvkoDFwwxQi7zFFJM3DhFyfd6oZx9zGFSr5dHtRpXAYSdRncdp2Zo2qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92f49116dd0a568d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6854&min_rtt=564&rtt_var=12421&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3261&recv_bytes=1240&delivery_rate=7451114&cwnd=254&unsent_bytes=0&cid=86057c7c5e894814&ts=467&x=0"
X-Firefox-Spdy: h2
|
|