Report - txdmv.gov-se.xin/pay/

Report Overview

Visited public
2025-05-06 21:42:46
Tags
phishing
URL
txdmv.gov-se.xin/pay/
Finishing URL
txdmv.gov-se.xin/pay/
IP / ASN
104.21.11.116
#13335 CLOUDFLARENET
Title
TxDMV Home | TxDMV.gov
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	unknown	No data	No data	471 B	2.5 kB	142.250.74.99
txdmv.gov-se.xin	unknown	unknown	No data	No data	5.8 kB	1.8 MB	188.114.97.1
d3eaozktcyljdh.cloudfront.net	unknown	unknown	No data	No data	1.5 kB	13 kB	3.167.7.79
fonts.gstatic.com	unknown	unknown	No data	No data	467 B	7.1 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed
2025-05-06	medium	gov-se.xin	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	txdmv.gov-se.xin/pay/	ScriptElement	314 B	2023-03-11	2025-05-17
Pretty URL txdmv.gov-se.xin/pay/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-05-17 03:29 Times Seen3998 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	txdmv.gov-se.xin/pay/	ScriptElement	84 B	2023-04-07	2025-05-17
Pretty URL txdmv.gov-se.xin/pay/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-05-17 03:29 Times Seen12538 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	txdmv.gov-se.xin/pay/assets/DB6y4YS3.js	ScriptElement	934 kB	2025-05-06	2025-05-10
Pretty URL txdmv.gov-se.xin/pay/assets/DB6y4YS3.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 12:37 Last Seen2025-05-10 21:31 Times Seen30 Hash 8671aa8d81dc7f8c2d0fef87bce96b16 254baa841d38443871841baf2a6c3c428f937cee 22618c39e9b9b19fde7dbd59bf218316677fee714dd993e82938dbd947000e29 Loading...

	txdmv.gov-se.xin/pay/assets/fliceXIj.js	ScriptElement	36 kB	2025-05-06	2025-05-10
Pretty URL txdmv.gov-se.xin/pay/assets/fliceXIj.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 12:37 Last Seen2025-05-10 21:31 Times Seen30 Hash 44f393f92f7b8f1a1c5dc0a7baa13bfa 739c75270e1ae21872388ac366cf6106c45c0b65 9081b6f451b6695a94281ebefc4fb11c38568d9a95917f405d540d805a0338b3 Loading...

HTTP Transactions (17)

URL IP Response Size

txdmv.gov-se.xin/pay/

188.114.97.1

200 OK

2.7 kB

URL User Request GET
txdmv.gov-se.xin/pay/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
72a87a250da4ca32c7acfc528159f334
f7ffc5de64231c9553e238bd76a0ec5cb2260913
c9d6ec7c43f7b5ce2da121af637e5eff72f08563417ae388238dfca9ab36990b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/ HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 21:42:22 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Dmy%2FU%2F%2B%2BAhB0J9dEewwmEgSZrd8efqXaADqloCL2n3%2F6ttSu%2FVjMjp4EhprOVcFVUSNu9IexL1MMnrXXEYBArKN9fXT5yECmjcyH1s%2B4Jd37xmtq4Z3x6tkg%2Bos27nVnFDw4"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93bba5a7ab2cb50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

txdmv.gov-se.xin/pay/assets/BHcjXi3x.gif

188.114.97.1

200 OK

60 kB

URL GET
txdmv.gov-se.xin/pay/assets/BHcjXi3x.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:23 GMT
content-type: image/gif
server: cloudflare
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:23 GMT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vL6TcWhd5P3bRv11SK3P9UY38rRMxBP59mBhBM7VAKDUKciU37cJr1XehbAOq82CsdUDReUFZEV3zH%2BjctWpb25tuO1rFwZRBpqMNSjF8IYTniC0sdX0WvzdGxRIeelUjS7o"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5ab5e95b4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-facebook.png

3.167.7.79

200 OK

3.6 kB

URL GET
d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-facebook.png
IP
3.167.7.79:443
ASN
#0

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
3.6 kB (3613 bytes)
Hash
380237ca533c1842e8445efad482b797
bec8fdc3582501aa2938f141e39fdf36f2e58331
603e6fbb80b1059eb72191f3a4db07f4d4bcebff3906c9db9e023939ab0e8ca1

HTTP Headers

GET /themes/custom/txdmv/images/icon/icon-facebook.png HTTP/1.1
Host: d3eaozktcyljdh.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3613
server: Apache
x-content-type-options: nosniff
last-modified: Wed, 11 Dec 2019 18:15:01 GMT
accept-ranges: bytes
date: Tue, 06 May 2025 08:59:24 GMT
expires: Tue, 20 May 2025 08:59:24 GMT
cache-control: max-age=1209600
etag: "e1d-599719b651340"
x-cache: Hit from cloudfront
via: 1.1 74cb6ad66f88e47ae011abd64e57e7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 7B-09KJkV4eN5vEMyyhNDHu__1Z3XhYtzVb8qHYtjsNIsCmG3CCgbA==
age: 45780
X-Firefox-Spdy: h2

txdmv.gov-se.xin/pay/assets/DB6y4YS3.js

188.114.97.1

200 OK

934 kB

URL GET
txdmv.gov-se.xin/pay/assets/DB6y4YS3.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
JavaScript source, ASCII text, with very long lines (31147)
Size
934 kB (933723 bytes)
Hash
8671aa8d81dc7f8c2d0fef87bce96b16
254baa841d38443871841baf2a6c3c428f937cee
22618c39e9b9b19fde7dbd59bf218316677fee714dd993e82938dbd947000e29

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/DB6y4YS3.js HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:23 GMT
content-type: application/javascript
server: cloudflare
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:23 GMT
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hcrWNldX%2FTHSdax10fRcYS9v9GDkHQkyQlFRItZd7EzFBwxr3F8WPCgyZX9okFeawXkVovKzfxqMpZ3LY8KLeIdXpYcZKxutHSx0mpYhSv8dyyRDKc4dYvtOGzuzd3MYjKjq"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5ab5e8db4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:42:41 GMT
expires: Fri, 01 May 2026 10:42:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 471583
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-twitter.png

3.167.7.79

200 OK

3.8 kB

URL GET
d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-twitter.png
IP
3.167.7.79:443
ASN
#0

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3778 bytes)
Hash
d0f1b15d1ff1a4ab5806940b36d27a69
001d19ee2d8494f5e617b17315652c138955756d
0adf2e5b3437719963b8ff5ed71b7449c90046125fedece6fb193742ed0c08e9

HTTP Headers

GET /themes/custom/txdmv/images/icon/icon-twitter.png HTTP/1.1
Host: d3eaozktcyljdh.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3778
server: Apache
x-content-type-options: nosniff
last-modified: Wed, 11 Dec 2019 18:15:01 GMT
accept-ranges: bytes
date: Tue, 06 May 2025 04:12:09 GMT
expires: Tue, 20 May 2025 04:12:09 GMT
cache-control: max-age=1209600
etag: "ec2-599719b651340"
x-cache: Hit from cloudfront
via: 1.1 74cb6ad66f88e47ae011abd64e57e7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: KFlNdBanVlzd-R8mIiRVe4eO927DzBG8BBZFVN0hterq4OKQpjO28A==
age: 63015
X-Firefox-Spdy: h2

txdmv.gov-se.xin/pay/assets/fliceXIj.js

188.114.97.1

200 OK

36 kB

URL GET
txdmv.gov-se.xin/pay/assets/fliceXIj.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36517), with no line terminators
Size
36 kB (36518 bytes)
Hash
44f393f92f7b8f1a1c5dc0a7baa13bfa
739c75270e1ae21872388ac366cf6106c45c0b65
9081b6f451b6695a94281ebefc4fb11c38568d9a95917f405d540d805a0338b3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:23 GMT
content-type: application/javascript
server: cloudflare
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:23 GMT
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=l6S2C%2Fd%2Bc8eSYSOInatWDvxEyPtz2Lgg54vQGci0EF%2FdqIDk0itg2hGM3mcEWsfA6Ah52HjW0mwsSerx8qLd37QIsBMUjxA3DE6RG6XwAOkvwVmq3HMavjPk1WGFBEUnWyk1"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5ab5e8bb4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/front/checkIp?token=123

188.114.97.1

200 OK

225 B

URL GET
txdmv.gov-se.xin/front/checkIp?token=123
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
00388a403f1bbd4d5d2d262ec1c2ab49
67aef1f1496bba7f1bdcdf9d23a4ab1d205eb7c3
8630d1139c84f308b2697b313e883528c80c459cc26d5153295f66eb95d1bf61

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txdmv.gov-se.xin/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:24 GMT
content-type: text/plain;charset=UTF-8
server: cloudflare
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=8ghnTptceX6%2FFeG3%2FFWzBZGBTjZiAhixdYzVzz1%2BibPy2n5Xx33bmM43WIjSjNoUhP0bF%2FKv9iQ3HvO%2FkGIEp%2BSpFL716okQCoRKwFG2C1NsOtcfC9rd3vmmkPGn2CKxKwZD"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 93bba5b0bdc6b4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/pay/assets/CnK1DPp4.jpg

188.114.97.1

200 OK

77 kB

URL GET
txdmv.gov-se.xin/pay/assets/CnK1DPp4.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x347, components 3
Size
77 kB (76737 bytes)
Hash
7aa613618e3312ae00420e36a61b769f
74ccde94289b0d7957d2b6d72a238a78220767a9
a1bdf5d2aa824216c4df8125308a7e5f3daea3a2ed10353191e2ee6e9c24ee78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/CnK1DPp4.jpg HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:24 GMT
content-type: image/jpeg
server: cloudflare
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:24 GMT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Vn6qakuCTkhYik6TYvFxJe9rfNBLo1ScHjCFSFGpmcl%2BUwNmBidAXganJkTe4Nfpya%2ByqEuv31DW7iXnoIS5MfLewaD5phX%2BhDJPHborhI96xeAlViaGq3vMMaIdNjQZalai"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5b2a8d8b4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.ttf?v=67

188.114.97.1

404 Not Found

0 B

URL GET
txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.ttf?v=67
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/assets/BtUmk59N.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 21:42:25 GMT
content-length: 0
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=y6eJiX6rXMQLZnncPfxhlnlE6ZRivTpTVpNSlX51Pi55Rf876y9eVMfRGNsXZl6KaMOhJ8804NJ14O60m%2FIjRVgVYNo%2BorXGukGcodgobuC8hAJsaGT3GH8uFR0ehGuLSXOR"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5b71ebbb4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/pay/assets/BtUmk59N.css

188.114.97.1

200 OK

721 kB

URL GET
txdmv.gov-se.xin/pay/assets/BtUmk59N.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
Unicode text, UTF-8 text, with very long lines (36407), with CRLF, LF line terminators
Size
721 kB (720641 bytes)
Hash
84b40b27beb83f1933d81d278c2abf8f
503f84f74be876aff3b35a5b512cdb4e1a0f0b1e
728e9f5d0dcdf9b655879adde84b41511a01f59a75cbd54ee1dd811ae2478734

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BtUmk59N.css HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:23 GMT
content-type: text/css
server: cloudflare
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:23 GMT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tYpos7Q6OKe%2FD6Ga5KlhUZd7ZOJDo7Sf4ZXYXAZ6%2BVfcLZ634UHYr3CAjLPM3nFRyyrb5aaARynPSNWuMQQt3vgef04IHgyIsyCaXkUbgoWWsKfG8RCapToQSY86G0Fqeyi2"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5ab5e92b4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.woff2?v=67

188.114.97.1

404 Not Found

0 B

URL GET
txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/assets/BtUmk59N.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 21:42:24 GMT
content-length: 0
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KLVoqRVosuw7DgDxk87jrWxqBlTW8AJaDZu0p%2FN39P7197wJ0PbB2Qb14iSZ9dLjBYYACEP%2B%2FH3%2BjnUeDrWs1QEjG3O1b9QHu93Vx5Eul5tfoiSISoDH53DlGssHKvILWA29"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5b349bab4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

wss://txdmv.gov-se.xin/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg5MDJ9.IazieS6Y1ykxKR94e7XxQHvzR5Y9oYcwU6x2UMLauAg

188.114.97.1

101

0 B

URL GET
wss://txdmv.gov-se.xin/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg5MDJ9.IazieS6Y1ykxKR94e7XxQHvzR5Y9oYcwU6x2UMLauAg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mjg5MDJ9.IazieS6Y1ykxKR94e7XxQHvzR5Y9oYcwU6x2UMLauAg HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://txdmv.gov-se.xin
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OcEZfFnuz75O6qRzduZNTw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Tue, 06 May 2025 21:42:24 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: FR5BZxTf/ajRfGK9jG4dfmlrUTM=
Sec-Websocket-Extensions: permessage-deflate
Cf-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ellWhLHRjY2I8zbM0Yf9pn1pqe9TALXMMXsyBtq5WwqHdHmHqfvuYrm64YHnAsd7SPZtqE%2BtTAAucEWuQ67jenmpzpA0XNDmaV2gssQhdzKCG0ZOI2rvj05G5KOKaJnAWfJn"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Cf-Ray: 93bba5b46c675687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=482&min_rtt=437&rtt_var=165&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3107&recv_bytes=1266&delivery_rate=7086460&cwnd=252&unsent_bytes=0&cid=3338d93e0776aa4d&ts=264&x=0"

d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-email-updates.png

3.167.7.79

200 OK

3.8 kB

URL GET
d3eaozktcyljdh.cloudfront.net/themes/custom/txdmv/images/icon/icon-email-updates.png
IP
3.167.7.79:443
ASN
#0

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3789 bytes)
Hash
c879935243b7ab7865e798c5580f9f5d
fb724c2a81e3aa5bcafa3f07eaa2e8f3036aa33d
de3e57146fb6cc89ca7b32816ccdc792d8396e580029d0bbbf48dcbf92d9948f

HTTP Headers

GET /themes/custom/txdmv/images/icon/icon-email-updates.png HTTP/1.1
Host: d3eaozktcyljdh.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3789
server: Apache
x-content-type-options: nosniff
last-modified: Wed, 11 Dec 2019 18:15:01 GMT
accept-ranges: bytes
date: Tue, 06 May 2025 05:52:47 GMT
expires: Tue, 20 May 2025 05:52:47 GMT
cache-control: max-age=1209600
etag: "ecd-599719b651340"
x-cache: Hit from cloudfront
via: 1.1 74cb6ad66f88e47ae011abd64e57e7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: JFZuX9VC412eO1zkqXpNoG865nZ4-TqNUWJktjCVxAXsTe4AXBAH5A==
age: 56977
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 May 2025 06:15:59 GMT
expires: Tue, 05 May 2026 06:15:59 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 141986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

txdmv.gov-se.xin/pay/favicon.ico

188.114.97.1

200 OK

1.0 kB

URL GET
txdmv.gov-se.xin/pay/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1015 bytes)
Hash
e9aed955acdb9626f9b74eeb9d8541ce
3942591068c427179a57adf6c53cdaec439453cc
26a85946924a9afb2cd3a46abfbc2b4973b9f6976cf6afedbc095576d8563c21

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/favicon.ico HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 21:42:25 GMT
content-type: image/vnd.microsoft.icon
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 21:42:25 GMT
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MO7r%2B4g2p6t%2BQSGxOXb9QwBcnsHmW6Ilzj6uz5QjkiDbGxqjyfQtykyJao3FvTLrgAX6rh2y0YrjoQvWvL7IKWH27hG1NgZhlr4cqhylmqNWZFSQ19Iq0hF0cmVcCeh9%2F2XW"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 93bba5b4dc06b4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.woff?v=67

188.114.97.1

404 Not Found

0 B

URL GET
txdmv.gov-se.xin/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txdmv.gov-se.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-se.xin
Fingerprint2F:7F:D2:D2:D0:3F:1E:96:D2:6F:FB:10:F3:B7:82:E1:F5:DE:E5:37
ValidityTue, 06 May 2025 08:14:53 GMT - Mon, 04 Aug 2025 09:13:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: txdmv.gov-se.xin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://txdmv.gov-se.xin/pay/assets/BtUmk59N.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 21:42:25 GMT
content-length: 0
server: cloudflare
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=a62QDZH2qpNeQTwbpaJ275WiwjkbGo1c7fxwLxZaBdHPDvGWwiihEaJH9YEb2aKEiJCzn8tqf4RsO3uEQb4CatYG53Inhev9ILkBrfgpUDxWx9SUb0HrPdRgsU7%2Bi3F1oKRB"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93bba5b4fc3ab4f4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET