Report - ezpassva.com-ftog.win/us/

Report Overview

Visited public
2025-04-20 12:41:36
Tags
URL
ezpassva.com-ftog.win/us/
Finishing URL
ezpassva.com-ftog.win/us/
IP / ASN
49.51.35.183
#132203 Tencent Building, Kejizhongyi Avenue
Title
Home | E-ZPass® Virginia

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-16	2.1 kB	154 kB	142.250.74.35
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-04-16	941 B	4.1 kB	142.250.74.99
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	472 B	25 kB	142.250.74.10
ezpassva.com-ftog.win	unknown	2025-04-18	2025-04-20	2025-04-20	4.2 kB	2.5 MB	49.51.35.183
www.ezpassva.com	515763	2002-10-20	2013-10-23	2025-04-02	1.4 kB	28 kB	143.204.55.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed
2025-04-20	medium	com-ftog.win	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	ezpassva.com-ftog.win/us/	ScriptElement	314 B	2023-03-11	2025-05-10
Pretty URL ezpassva.com-ftog.win/us/ IP 49.51.35.183 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-05-10 22:39 Times Seen3850 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	ezpassva.com-ftog.win/us/	ScriptElement	84 B	2023-04-07	2025-05-10
Pretty URL ezpassva.com-ftog.win/us/ IP 49.51.35.183 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-05-10 22:39 Times Seen12385 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	ezpassva.com-ftog.win/us/assets/DtZKPhCR.js	ScriptElement	1.0 kB	2025-04-20	2025-04-20
Pretty URL ezpassva.com-ftog.win/us/assets/DtZKPhCR.js IP 49.51.35.183 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-20 12:41 Last Seen2025-04-20 12:41 Times Seen1 Hash a07607dffed2d9ecd88ad4d25eea38a0 3e292e341b4094e7ec255bd1dfdf86cca837940f cd71eeead56cacaf857e3451b536cfc113604be3512e9df1db75b9d58d2cde86 Loading...

	ezpassva.com-ftog.win/us/assets/fliceXIj.js	ScriptElement	37 kB	2025-04-02	2025-04-20
Pretty URL ezpassva.com-ftog.win/us/assets/fliceXIj.js IP 49.51.35.183 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-02 21:45 Last Seen2025-04-20 12:41 Times Seen2 Hash 6739de62a8f64268ce6994cf60bfcf20 1087d331a1973a58277600696d28fb92c8ec85b6 a6ed864396a577d691685ca5372b3b979d38e8d992597614d6cb5e69ae16c583 Loading...

HTTP Transactions (19)

URL IP Response Size

ezpassva.com-ftog.win/us/assets/DtZKPhCR.js

49.51.35.183

200

825 kB

URL GET
ezpassva.com-ftog.win/us/assets/DtZKPhCR.js
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
JavaScript source, ASCII text, with very long lines (30776)
Size
825 kB (825395 bytes)
Hash
cb108823efa70b07759763e773f60dfd
28ae0f12becfa539b261f7c6161a1505ffe6c617
22270c8e1881b598e9e3a355873155a10c35a4fcd8321a2e4e3ae7be3a6ba3a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/assets/DtZKPhCR.js HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

www.ezpassva.com/media/ezpassva/site-assets/images/EZPass-VirSrvCntr-Logo-icon_FINAL_v1a.svg

143.204.55.20

200 OK

7.3 kB

URL GET
www.ezpassva.com/media/ezpassva/site-assets/images/EZPass-VirSrvCntr-Logo-icon_FINAL_v1a.svg
IP
143.204.55.20:443
ASN
#16509 AMAZON-02

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerNetwork Solutions L.L.C.
Subject*.ezpassva.com
Fingerprint74:3D:54:4B:5B:8F:D5:F3:3D:56:F3:3B:16:39:F7:A2:A1:36:A8:C2
ValidityThu, 27 Mar 2025 00:00:00 GMT - Mon, 20 Apr 2026 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7287 bytes)
Hash
8b86263bfc1df167161ed83c8184441a
1bd0e02c8c9ab302c55bde1e966e618393e23595
c57e4972bc94761a3e8c3f63ddc05e4904ba5bc550057a032288c9cbdcbdf2bb

HTTP Headers

GET /media/ezpassva/site-assets/images/EZPass-VirSrvCntr-Logo-icon_FINAL_v1a.svg HTTP/1.1
Host: www.ezpassva.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
date: Sun, 20 Apr 2025 12:41:18 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 27 Nov 2023 19:56:04 GMT
content-encoding: br
x-amz-server-side-encryption: AES256
x-amz-version-id: 6aGMSuPMu1XeWm3nXijMsLMV0j9EMhLm
server: AmazonS3
etag: W/"8b86263bfc1df167161ed83c8184441a"
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K-OoSwUznwRuW87HQYIN9fWXAR0uEW7yd28bh0EOrC8meYj96-5jTg==
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

www.ezpassva.com/media/ezpassva/site-assets/images/icon-pdf-colour.svg

143.204.55.20

200 OK

9.4 kB

URL GET
www.ezpassva.com/media/ezpassva/site-assets/images/icon-pdf-colour.svg
IP
143.204.55.20:443
ASN
#16509 AMAZON-02

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerNetwork Solutions L.L.C.
Subject*.ezpassva.com
Fingerprint74:3D:54:4B:5B:8F:D5:F3:3D:56:F3:3B:16:39:F7:A2:A1:36:A8:C2
ValidityThu, 27 Mar 2025 00:00:00 GMT - Mon, 20 Apr 2026 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9367 bytes)
Hash
65af7cc988309f8d899b35221f0b4616
77d878d9d3fce83913d9ebd024def32580b44cf2
5397a35adb3c91c479af9284d2dc95153aeaeffb138d5c425d0bc628ae96253f

HTTP Headers

GET /media/ezpassva/site-assets/images/icon-pdf-colour.svg HTTP/1.1
Host: www.ezpassva.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
date: Sun, 20 Apr 2025 12:41:18 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 09 Oct 2023 10:10:04 GMT
content-encoding: br
x-amz-server-side-encryption: AES256
x-amz-version-id: GcesoyKamgxvi6q33JJOfhe9ngzfqoca
server: AmazonS3
etag: W/"65af7cc988309f8d899b35221f0b4616"
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _2PTLU5hqDC12icekS0K5uGoj3DRoBLBhUKHcqC9g186RAWnVbnCag==
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ezpassva.com-ftog.win
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:12:20 GMT
expires: Fri, 17 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 268137
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Apr 2025 05:41:02 GMT
expires: Mon, 20 Apr 2026 05:41:02 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 25216
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap

142.250.74.10

200 OK

24 kB

URL GET
fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
ASCII text, with very long lines (1572)
Size
24 kB (24056 bytes)
Hash
ccdf05ae104db64fd0f8c2e37adce2b6
f936e5386e91decd32ae6878e914f7de5e728bea
e31541388c63ed648c1c16302c042bd8d0305f0e44d0093d72a593a59503e26e

HTTP Headers

GET /css2?family=Open+Sans:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 20 Apr 2025 12:41:16 GMT
date: Sun, 20 Apr 2025 12:41:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.ezpassva.com/media/ezpassva/site-assets/images/logo-footer-vdot-white.svg

143.204.55.20

200 OK

9.3 kB

URL GET
www.ezpassva.com/media/ezpassva/site-assets/images/logo-footer-vdot-white.svg
IP
143.204.55.20:443
ASN
#16509 AMAZON-02

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerNetwork Solutions L.L.C.
Subject*.ezpassva.com
Fingerprint74:3D:54:4B:5B:8F:D5:F3:3D:56:F3:3B:16:39:F7:A2:A1:36:A8:C2
ValidityThu, 27 Mar 2025 00:00:00 GMT - Mon, 20 Apr 2026 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
9.3 kB (9325 bytes)
Hash
b879e200a8466d0d93972ac504a2f086
647c4ba0aabdb08d0dc7b15136d9fdcc3c5a3a7b
68e8d0e21cc77ad689609909c12f51782ae637b3fe36cad1ffd1888941b17635

HTTP Headers

GET /media/ezpassva/site-assets/images/logo-footer-vdot-white.svg HTTP/1.1
Host: www.ezpassva.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
date: Sun, 20 Apr 2025 12:41:18 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 26 Sep 2023 09:34:03 GMT
content-encoding: br
x-amz-server-side-encryption: AES256
x-amz-version-id: xw6QWuM9JXoV9_Y6TINHZw0DgZBY6tKF
server: AmazonS3
etag: W/"b879e200a8466d0d93972ac504a2f086"
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tg4mxStjtnRCBqEKv-gQGj63xZA6b80esVZbbi2wOQ_I-SLolm8GNQ==
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ezpassva.com-ftog.win
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:12:20 GMT
expires: Fri, 17 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 268137
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wss://ezpassva.com-ftog.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg2NDV9.n77G8v2HXSbnaRy2tBNGZre0LOJpLCee39tGPK561A8

49.51.35.183

101

0 B

URL GET
wss://ezpassva.com-ftog.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg2NDV9.n77G8v2HXSbnaRy2tBNGZre0LOJpLCee39tGPK561A8
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg2NDV9.n77G8v2HXSbnaRy2tBNGZre0LOJpLCee39tGPK561A8 HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://ezpassva.com-ftog.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: d1Hm4/RZu/XG15H1evo9sQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:17 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OoLKlzHmczAbMXsNjeJhvZjUieQ=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

ezpassva.com-ftog.win/us/

49.51.35.183

200

2.7 kB

URL User Request GET
ezpassva.com-ftog.win/us/
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
2222e69538236bc0cc035b52a192e7bc
035bfcdb16ef3985b9c6f73510ae2b1a402c089c
5d7dee6fd5952780dbffca654d5c2da443b6c4e7fb424868bd615499c0093abc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/ HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

ezpassva.com-ftog.win/us/assets/JFy5M3ci.jpg

49.51.35.183

200

562 kB

URL GET
ezpassva.com-ftog.win/us/assets/JFy5M3ci.jpg
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 2560x1302, components 3
Size
562 kB (561552 bytes)
Hash
d156a5892f8a385e687a4152b96101f6
f3c8961c505023964993f9f0d7be0cd32945dd66
f14d4df87ba5d55d59b532ea1290f9d410ba95a158ce28988f075ed84f70ddd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/assets/JFy5M3ci.jpg HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:16 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

142.250.74.99

200 OK

910 B

URL GET
www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced
Size
910 B (910 bytes)
Hash
efa6bb2bfe459bc6f4bdafa3db0383f6
52d15ce52fe50643e542c17812de43f4ed1b6ee0
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

HTTP Headers

GET /images/branding/googlelogo/1x/googlelogo_color_42x16dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 910
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Apr 2025 02:18:19 GMT
expires: Sat, 18 Apr 2026 02:18:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/png
vary: Origin
age: 210179
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Apr 2025 07:22:12 GMT
expires: Mon, 20 Apr 2026 07:22:12 GMT
cache-control: public, max-age=31536000
age: 19146
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ezpassva.com-ftog.win/us/favicon.ico

49.51.35.183

200

267 kB

URL GET
ezpassva.com-ftog.win/us/favicon.ico
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
MS Windows icon resource - 1 icon, -3x256, 32 bits/pixel
Size
267 kB (267326 bytes)
Hash
2484566c173f24270a4e9e49408ac0e3
569ca382930e3d7ed44d3d23c4a082238350730d
beb4e010e6a0c52883d14cbaa205b65c085a5f015f04e550b1931b0d2199137e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/favicon.ico HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:18 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ezpassva.com-ftog.win
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:12:20 GMT
expires: Fri, 17 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 268137
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ezpassva.com-ftog.win/us/assets/BHcjXi3x.gif

49.51.35.183

200

60 kB

URL GET
ezpassva.com-ftog.win/us/assets/BHcjXi3x.gif
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/assets/BHcjXi3x.gif HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:15 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

ezpassva.com-ftog.win/us/assets/fliceXIj.js

49.51.35.183

200

37 kB

URL GET
ezpassva.com-ftog.win/us/assets/fliceXIj.js
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36728), with no line terminators
Size
37 kB (36729 bytes)
Hash
6739de62a8f64268ce6994cf60bfcf20
1087d331a1973a58277600696d28fb92c8ec85b6
a6ed864396a577d691685ca5372b3b979d38e8d992597614d6cb5e69ae16c583

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/assets/fliceXIj.js HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

ezpassva.com-ftog.win/us/assets/CSrMgpnM.css

49.51.35.183

200

727 kB

URL GET
ezpassva.com-ftog.win/us/assets/CSrMgpnM.css
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
Unicode text, UTF-8 text, with very long lines (65206)
Size
727 kB (726722 bytes)
Hash
a57806e38d0f45d0e6e40ed6e82eff78
f3ff2c02e7afa2666544e98e4bcb39d3ba1ca606
95aa138bd137d46f454cad41980f34f08095224c7b0c24f7ee291863aec17697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /us/assets/CSrMgpnM.css HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ezpassva.com-ftog.win/us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:15 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

ezpassva.com-ftog.win/front/checkIp?token=123

49.51.35.183

200

225 B

URL GET
ezpassva.com-ftog.win/front/checkIp?token=123
IP
49.51.35.183:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://ezpassva.com-ftog.win/us/
Certificate
IssuerLet's Encrypt
Subjectezpassva.com-ftog.win
Fingerprint09:E2:4F:6A:39:49:9A:D3:7D:A4:BA:3F:30:3F:25:86:19:F9:34:CF
ValiditySun, 20 Apr 2025 08:12:08 GMT - Sat, 19 Jul 2025 08:12:07 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
fd4e33dd22aeec0e2fb93da00f333ad7
088c7f1a10736f739c1be2423d69d59870e5592f
5d7a95fe1b80e377e92f5b2081fb6bf58b6bd29196bd50d9553e5db26b2c90f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: ezpassva.com-ftog.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ezpassva.com-ftog.win/us/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Sun, 20 Apr 2025 12:41:16 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 225
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Strict-Transport-Security: max-age=31536000; includeSubDomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP