Report - cdmv.gov-xwx.win/pay/

Report Overview

Visited public
2025-06-02 11:50:09
Tags
phishing
URL
cdmv.gov-xwx.win/pay/
Finishing URL
cdmv.gov-xwx.win/pay/
IP / ASN
43.162.120.31
#132203 Tencent Building, Kejizhongyi Avenue
Title
California DMV
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-28	455 B	7.1 kB	142.250.178.35
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-05-28	459 B	2.5 kB	142.250.178.67
www.dmv.ca.gov	84950	unknown	2015-09-17	2025-05-26	477 B	1.8 kB	54.240.174.12
cdmv.gov-xwx.win	unknown	2025-05-29	2025-06-02	2025-06-02	5.7 kB	2.6 MB	43.162.120.31

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed
2025-06-02	medium	gov-xwx.win	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cdmv.gov-xwx.win/pay/assets/fliceXIj.js	ScriptElement	37 kB	2025-05-30	2025-06-02
Pretty URL cdmv.gov-xwx.win/pay/assets/fliceXIj.js IP 43.162.120.31 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-30 10:52 Last Seen2025-06-02 11:50 Times Seen24 Hash 443f8eac9219e4922d11af42983b7e73 5ea657a0a6feee8915afcdce0983573891628ad4 49b0f61d04cc6775f8df857b68d91f3abbf9c0121e285931cc9e522194f5df2f Loading...

	cdmv.gov-xwx.win/pay/	ScriptElement	314 B	2023-03-11	2025-06-17
Pretty URL cdmv.gov-xwx.win/pay/ IP 43.162.120.31 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-06-17 04:30 Times Seen6012 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	cdmv.gov-xwx.win/pay/	ScriptElement	84 B	2023-04-07	2025-06-17
Pretty URL cdmv.gov-xwx.win/pay/ IP 43.162.120.31 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-17 04:30 Times Seen14583 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	cdmv.gov-xwx.win/pay/assets/DTcJzLn5.js	ScriptElement	1.6 MB	2025-05-30	2025-06-02
Pretty URL cdmv.gov-xwx.win/pay/assets/DTcJzLn5.js IP 43.162.120.31 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-30 10:52 Last Seen2025-06-02 11:50 Times Seen24 Hash 15ea90df74f8ae6cf778ae5677707d92 8a67ed5c4b74294ebfb2d7d02c25c0c909617037 46fa543d549ab999711c268b60bbb622a13f882d627f624788d96d50abb41e23 Loading...

HTTP Transactions (15)

URL IP Response Size

www.dmv.ca.gov/portal/wp-content/themes/dmv/assets/icons/chevron-down-thick.svg

54.240.174.12

200 OK

253 B

URL GET
www.dmv.ca.gov/portal/wp-content/themes/dmv/assets/icons/chevron-down-thick.svg
IP
54.240.174.12:443
ASN
#16509 AMAZON-02

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerAmazon
Subjectdmv.ca.gov
Fingerprint3B:72:B7:1B:42:BF:DF:C9:01:7A:E4:D8:22:EB:7E:52:46:E0:16:0B
ValidityThu, 07 Nov 2024 00:00:00 GMT - Sat, 06 Dec 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
253 B (253 bytes)
Hash
6bbd93dfb8cb09336286a6ac6ce0f54f
29f225071b9f29a70898cea4c830b2043107bedc
7d7961f185d28419f91c07f4bd8ab454d7f45d126b541e9ade05752bbd769fb7

HTTP Headers

GET /portal/wp-content/themes/dmv/assets/icons/chevron-down-thick.svg HTTP/1.1
Host: www.dmv.ca.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 253
date: Mon, 02 Jun 2025 11:46:08 GMT
accept-ranges: bytes
last-modified: Tue, 20 May 2025 19:48:22 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: https://www.dmv.ca.gov
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' https://*.dmv.ca.gov
strict-transport-security: max-age=31536000; includeSubDomains
on-ws: prd2
via: 1.1 dca1-bit30029, 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
set-cookie: AWSALB=y0pTHBqRIvz5lC8/zQ/LRZqLECQny3DVDPjOvntJdm17W5UUdoNoDZKioopmElFdrMf8VBKVFDpNObOlW9p/tf6GowiP/SUWFNPOUfyFgXTcsKiF20C3mpISjE4+; Expires=Mon, 09 Jun 2025 11:46:08 GMT; Path=/
AWSALBCORS=y0pTHBqRIvz5lC8/zQ/LRZqLECQny3DVDPjOvntJdm17W5UUdoNoDZKioopmElFdrMf8VBKVFDpNObOlW9p/tf6GowiP/SUWFNPOUfyFgXTcsKiF20C3mpISjE4+; Expires=Mon, 09 Jun 2025 11:46:08 GMT; Path=/; SameSite=None; Secure
PD_STATEFUL_0531fc7e-9a22-11ea-bf4d-fa163e384dc6=%2Fportal; Path=/; SameSite=None; Secure; HttpOnly
TS013cb4be=0114d84d91539fa5a5ea840cb601bef27563f5c58003db032e3421e42c1cd4479580face6c37fe8e3eaf52ac083af095c81cf6d22c; Path=/; Secure; HTTPOnly
TS8fac6799027=08b9b83322ab2000211a9c70091b4761b1235852857d1faad3ec1c7b59ccbd95ca82a78300a8c4680880c52e1b1130001765380d1127849a52cd8856b845b0403317b620c245ae6beadaf19c0a062b3900a4bc98100e12d0362caf0a612bf860; Path=/
etag: "682cdc86-fd"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MVDqJhU-l8eIqEVb_5LnPqo25YlrGmPPryzg9gIcvFkQSl3lWC6V2w==
age: 222
X-Firefox-Spdy: h2

cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.woff2?v=67

43.162.120.31

404

0 B

URL GET
cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/assets/B4C-q9Ex.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.178.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.178.35:443
ASN
#15169 GOOGLE

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 31 May 2025 20:18:56 GMT
expires: Sun, 31 May 2026 20:18:56 GMT
cache-control: public, max-age=31536000
age: 142254
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.178.67

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.178.67:443
ASN
#15169 GOOGLE

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 May 2025 21:30:10 GMT
expires: Thu, 28 May 2026 21:30:10 GMT
cache-control: public, max-age=31536000
age: 397180
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdmv.gov-xwx.win/pay/assets/fliceXIj.js

43.162.120.31

200

37 kB

URL GET
cdmv.gov-xwx.win/pay/assets/fliceXIj.js
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36854), with no line terminators
Size
37 kB (36855 bytes)
Hash
443f8eac9219e4922d11af42983b7e73
5ea657a0a6feee8915afcdce0983573891628ad4
49b0f61d04cc6775f8df857b68d91f3abbf9c0121e285931cc9e522194f5df2f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

cdmv.gov-xwx.win/pay/assets/B4C-q9Ex.css

43.162.120.31

200

818 kB

URL GET
cdmv.gov-xwx.win/pay/assets/B4C-q9Ex.css
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
Unicode text, UTF-8 text, with very long lines (36407), with CRLF, LF line terminators
Size
818 kB (817515 bytes)
Hash
6947f1ff972d1345b701ac2ceb20143f
aae631510ac581298ed68ee402fad74d892b82cd
4881a9fdde17db2e2319d462304109b6ace36a7c02b61671c89e31a42566e640

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/B4C-q9Ex.css HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:48 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

cdmv.gov-xwx.win/front/checkIp?token=123

43.162.120.31

200

226 B

URL GET
cdmv.gov-xwx.win/front/checkIp?token=123
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
JSON text data
Size
226 B (226 bytes)
Hash
241f38af4fbabb67c6a419780e42e6e7
578c05c460160c43ab86df65f7e97c57cc97181f
59fc7c99c6fb44bace832dfbd256161c4741df7a2821d029d1ba51f33a616aac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdmv.gov-xwx.win/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:49 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 226
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Strict-Transport-Security: max-age=31536000; includeSubDomains

cdmv.gov-xwx.win/pay/icon-192.png

43.162.120.31

200

4.5 kB

URL GET
cdmv.gov-xwx.win/pay/icon-192.png
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
4.5 kB (4510 bytes)
Hash
5db6a22d45a93c023dc227d7aa5d6e94
4d483b852259c5b41cbacad288e1ae68a1744b11
d7a6264e9ceb64c80f4d3f504afa909db40528da39410cde39a076208ca9eb3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/icon-192.png HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

cdmv.gov-xwx.win/pay/

43.162.120.31

200

2.7 kB

URL User Request GET
cdmv.gov-xwx.win/pay/
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2734 bytes)
Hash
4de9cf08288cf9e043a784f462bd3179
546ab60df89b426f7eb57958e300d03011eb8c55
5df0fcc2b6b3d3e52fb635c0b7bac41d27b5b75cbfeb16c024d66a59657d5535

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/ HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

cdmv.gov-xwx.win/pay/assets/BHcjXi3x.gif

43.162.120.31

200

60 kB

URL GET
cdmv.gov-xwx.win/pay/assets/BHcjXi3x.gif
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:48 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

wss://cdmv.gov-xwx.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTU0MDF9.KmzoIKTpP8kyWYmSTlKTp0D5FCOQ9sgyv0MON8qGER0

43.162.120.31

101

0 B

URL GET
wss://cdmv.gov-xwx.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTU0MDF9.KmzoIKTpP8kyWYmSTlKTp0D5FCOQ9sgyv0MON8qGER0
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTU0MDF9.KmzoIKTpP8kyWYmSTlKTp0D5FCOQ9sgyv0MON8qGER0 HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://cdmv.gov-xwx.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /q/vz4kxpk+rV5EF/qHD4Q==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xB8gOuPIUj+JRBpwFiyTP8J6kzY=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.woff?v=67

43.162.120.31

404

0 B

URL GET
cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/assets/B4C-q9Ex.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains

cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.ttf?v=67

43.162.120.31

404

0 B

URL GET
cdmv.gov-xwx.win/pay/Resource/MaterialIcons-Regular.ttf?v=67
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/assets/B4C-q9Ex.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Content-Length: 0
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains

cdmv.gov-xwx.win/pay/assets/DTcJzLn5.js

43.162.120.31

200

1.6 MB

URL GET
cdmv.gov-xwx.win/pay/assets/DTcJzLn5.js
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
JavaScript source, ASCII text, with very long lines (31387)
Size
1.6 MB (1636397 bytes)
Hash
15ea90df74f8ae6cf778ae5677707d92
8a67ed5c4b74294ebfb2d7d02c25c0c909617037
46fa543d549ab999711c268b60bbb622a13f882d627f624788d96d50abb41e23

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/DTcJzLn5.js HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

cdmv.gov-xwx.win/pay/assets/CnK1DPp4.jpg

43.162.120.31

200

77 kB

URL GET
cdmv.gov-xwx.win/pay/assets/CnK1DPp4.jpg
IP
43.162.120.31:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://cdmv.gov-xwx.win/pay/
Certificate
IssuerLet's Encrypt
Subjectcdmv.gov-xwx.win
Fingerprint46:B8:0B:97:DB:6D:32:84:21:A8:EF:8B:93:8D:36:82:E3:0E:FC:55
ValidityFri, 30 May 2025 09:37:22 GMT - Thu, 28 Aug 2025 09:37:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x347, components 3
Size
77 kB (76737 bytes)
Hash
7aa613618e3312ae00420e36a61b769f
74ccde94289b0d7957d2b6d72a238a78220767a9
a1bdf5d2aa824216c4df8125308a7e5f3daea3a2ed10353191e2ee6e9c24ee78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/CnK1DPp4.jpg HTTP/1.1
Host: cdmv.gov-xwx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdmv.gov-xwx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Mon, 02 Jun 2025 11:49:50 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP