Report - mt.gov-pfx.win/pay/

Report Overview

Visited public
2025-05-16 11:15:14
Tags
phishing
URL
mt.gov-pfx.win/pay/
Finishing URL
mt.gov-pfx.win/pay/
IP / ASN
172.67.202.54
#13335 CLOUDFLARENET
Title
Kansas Department Of Transportation | Home
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mt.gov-pfx.win	unknown	2025-05-14	2025-05-16	2025-05-16	5.6 kB	1.7 MB	104.21.14.22
www.mdt.mt.gov	unknown	unknown	2012-07-02	2025-05-16	1.3 kB	714 B	161.7.14.31
template.mt.gov	364518	unknown	2013-10-01	2025-05-16	1.3 kB	268 kB	161.7.35.25

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	mt.gov-pfx.win/pay/assets/fliceXIj.js	ScriptElement	37 kB	2025-05-16	2025-05-16
Pretty URL mt.gov-pfx.win/pay/assets/fliceXIj.js IP 104.21.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 11:15 Last Seen2025-05-16 13:41 Times Seen11 Hash 16ec5da3f69cbb50d4bce865bbcea848 35c4fe929790a7aeabed1dcee6ebad3f19680226 684a8edb648cc6ceba96f888bc5d458303bd2b69766691a1ed0788aa210e6a9f Loading...

	mt.gov-pfx.win/pay/	ScriptElement	314 B	2023-03-11	2025-06-16
Pretty URL mt.gov-pfx.win/pay/ IP 104.21.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-06-16 06:35 Times Seen5914 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	mt.gov-pfx.win/pay/	ScriptElement	84 B	2023-04-07	2025-06-16
Pretty URL mt.gov-pfx.win/pay/ IP 104.21.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-16 06:35 Times Seen14483 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	mt.gov-pfx.win/pay/assets/C5qEAMPF.js	ScriptElement	795 kB	2025-05-16	2025-05-16
Pretty URL mt.gov-pfx.win/pay/assets/C5qEAMPF.js IP 104.21.14.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 11:15 Last Seen2025-05-16 13:41 Times Seen11 Hash 910e633aa9a43b9e2381246c223743ee 76fcaf4307c4505d0e407f11fd0e691a1b6f98a1 951a30879d272e1b1ae0e270371981088e157d648f523091df5c02b280442d62 Loading...

HTTP Transactions (18)

URL IP Response Size

mt.gov-pfx.win/pay/assets/fliceXIj.js

104.21.14.22

200 OK

37 kB

URL GET
mt.gov-pfx.win/pay/assets/fliceXIj.js
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36776), with no line terminators
Size
37 kB (36777 bytes)
Hash
16ec5da3f69cbb50d4bce865bbcea848
35c4fe929790a7aeabed1dcee6ebad3f19680226
684a8edb648cc6ceba96f888bc5d458303bd2b69766691a1ed0788aa210e6a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 11:14:53 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:53 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HwVpfg4kprXus1BJoPuPuJ9PS0it3nDl6Xv5rCYYARh10kWL2sTVrRr%2B%2FPEZB1vrj736HRxGYUn9fEOqtbJ%2FIv4go%2FVeEQux1W%2FIK%2FjrfNSrQDdcbpek1BL8AvZym1zK9g%3D%3D"}]}
cf-ray: 940a743cde080b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.mdt.mt.gov/_resources/images/mdtLogo-white.png

161.7.14.31

200 OK

0 B

URL GET
www.mdt.mt.gov/_resources/images/mdtLogo-white.png
IP
161.7.14.31:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.mdt.mt.gov
FingerprintF6:7D:E5:1C:11:FC:CF:45:14:EE:B1:05:71:6D:99:AE:C8:3F:7C:5E
ValidityFri, 21 Mar 2025 21:30:42 GMT - Fri, 27 Mar 2026 15:32:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_resources/images/mdtLogo-white.png HTTP/1.1
Host: www.mdt.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 1019

template.mt.gov/resources/template/images/background101.jpg

161.7.35.25

200 OK

263 kB

URL GET
template.mt.gov/resources/template/images/background101.jpg
IP
161.7.35.25:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerSectigo Limited
Subject*.mt.gov
Fingerprint89:FD:E9:E5:FB:B4:01:43:63:03:D8:24:7D:3E:AB:14:32:CD:72:69
ValidityWed, 08 May 2024 00:00:00 GMT - Sun, 08 Jun 2025 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], comment: "Optimized by JPEGmini 3.12.0.2 0xe60cc4b5", baseline, precision 8, 1600x1071, components 3
Size
263 kB (263164 bytes)
Hash
660b34a878c98bd270a8ffef8fb2bd7e
31d38d130ee4faeb4f478c33da0e87008b4fac52
f0042512450783d9765c064d9bb70f294b71e1cc66d33ca8c344f2f539bb97a3

HTTP Headers

GET /resources/template/images/background101.jpg HTTP/1.1
Host: template.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Fri, 05 Apr 2024 22:15:29 GMT
Accept-Ranges: bytes
ETag: "47889cc4a687da1:0"
Date: Fri, 16 May 2025 11:14:55 GMT
Content-Length: 263164
Set-Cookie: TS0133061e=01f9310cc2097f38dae50d6438bc5cc6b330cedf587381440463847132f52b895da22292f771b60f30e6aaa5cbc50cffc9f18f4acd; Path=/

mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.woff?v=67

104.21.14.22

404 Not Found

0 B

URL GET
mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/assets/COWarIft.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 11:14:56 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwypDC%2FqZSxXI80MnHLXpYulbCaelHG0v%2Fib8GqKsDjG4YBOVYiJmRlW1atAd%2FIk1VbN7bbX5yI9u7yxL16eAIxB7BdzTqZ7wWOnQQcjUIt0g1PpW1bCw1w3t6Yvnjdy5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940a744a7b6356ae-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2153&min_rtt=647&rtt_var=1181&sent=207&recv=228&lost=0&retrans=0&sent_bytes=89966&recv_bytes=13393&delivery_rate=17855762&cwnd=48000&unsent_bytes=0&cid=fcdbed8762486928&ts=2797&x=16"

mt.gov-pfx.win/pay/assets/COWarIft.css

104.21.14.22

200 OK

701 kB

URL GET
mt.gov-pfx.win/pay/assets/COWarIft.css
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
Unicode text, UTF-8 text, with very long lines (36407), with CRLF, LF line terminators
Size
701 kB (701123 bytes)
Hash
d2256e1f2c0b534a804006ae3a29c8f3
3d7febe398e6b7ca17a6ad21c38031aeff2d5f46
4ec0fbb17066d8a04a7acc0ef644e01690eb3e6ce50a91d66066fdaecaf0d4d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/COWarIft.css HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 11:14:53 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:53 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GtAdr2lFaoQ%2BPEmsdrIyROlMK74GTTSTFxXkwXSTsvoOaPDnooAytMQtDjVJshOgDZ%2F1jC0ZEXUsPpnDJWWvqN35hA6ZL2aCk%2BqX0C0J8JnuNBUTHqKMVe%2Fq04h59V6yvw%3D%3D"}]}
cf-ray: 940a743cde190b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

template.mt.gov/resources/template/montanalogo.png

161.7.35.25

200 OK

3.6 kB

URL GET
template.mt.gov/resources/template/montanalogo.png
IP
161.7.35.25:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerSectigo Limited
Subject*.mt.gov
Fingerprint89:FD:E9:E5:FB:B4:01:43:63:03:D8:24:7D:3E:AB:14:32:CD:72:69
ValidityWed, 08 May 2024 00:00:00 GMT - Sun, 08 Jun 2025 23:59:59 GMT

File type
PNG image data, 248 x 48, 8-bit/color RGBA, non-interlaced
Size
3.6 kB (3635 bytes)
Hash
7bda45a8c6b421ffdeaf5c0cce8fe8f3
39f1f1b2cd65a614e9aedc0cc9100dafdae53299
11e0af26d4be1ba9bc7cc4a62bc83e332a504a0a8e7b7025f0221d3ba0e78424

HTTP Headers

GET /resources/template/montanalogo.png HTTP/1.1
Host: template.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 05 Apr 2024 22:15:29 GMT
Accept-Ranges: bytes
ETag: "706cb0c4a687da1:0"
Date: Fri, 16 May 2025 11:14:55 GMT
Content-Length: 3635
Set-Cookie: TS0133061e=01f9310cc2c2c32b600a6f394041636ba03436069da4b3edf5f079ebc61f4b8598aad21badd4cf3b38fdb634fd5136fc47cbb098bc; Path=/

mt.gov-pfx.win/pay/assets/CnK1DPp4.jpg

104.21.14.22

200 OK

77 kB

URL GET
mt.gov-pfx.win/pay/assets/CnK1DPp4.jpg
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x347, components 3
Size
77 kB (76737 bytes)
Hash
7aa613618e3312ae00420e36a61b769f
74ccde94289b0d7957d2b6d72a238a78220767a9
a1bdf5d2aa824216c4df8125308a7e5f3daea3a2ed10353191e2ee6e9c24ee78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/CnK1DPp4.jpg HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 11:14:55 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FwOLuAp4eIV0SA6KIJsAU8tt0ys8KeYetnXFP4F9uk%2FW2xj%2FM93Jl2zcXg7IoV2iDs4U90aYvcU6zXT2CR53anHDVPt3Ti9NEUOVTQcDuZsByyr3%2Fy2w0ka0NHa%2BB0%2FFg%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:55 GMT
cf-ray: 940a74471b3556ae-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3055&min_rtt=647&rtt_var=1796&sent=137&recv=221&lost=0&retrans=0&sent_bytes=11314&recv_bytes=12775&delivery_rate=2109&cwnd=12000&unsent_bytes=0&cid=fcdbed8762486928&ts=2221&x=16"

www.mdt.mt.gov/_images/common/footer-bg.png

161.7.14.31

200 OK

0 B

URL GET
www.mdt.mt.gov/_images/common/footer-bg.png
IP
161.7.14.31:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.mdt.mt.gov
FingerprintF6:7D:E5:1C:11:FC:CF:45:14:EE:B1:05:71:6D:99:AE:C8:3F:7C:5E
ValidityFri, 21 Mar 2025 21:30:42 GMT - Fri, 27 Mar 2026 15:32:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_images/common/footer-bg.png HTTP/1.1
Host: www.mdt.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 1019

mt.gov-pfx.win/pay/assets/CXnhfjBt.png

104.21.14.22

200 OK

957 B

URL GET
mt.gov-pfx.win/pay/assets/CXnhfjBt.png
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
957 B (957 bytes)
Hash
b09bab828d0c43c52e3372a9c4e0a8ca
9c891b797781997dcb342b45dbc811cbfb48a6a9
4a94d5353b7755d99075102f8020da37db6386e72eb012b2a79719aea7889bc2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/CXnhfjBt.png HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 11:14:56 GMT
content-type: image/png
content-length: 957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BLZDspk8727HkxM0yd4%2FFwmTNi7d%2B9AiOuLQxIuUFTU8%2BDEo3uKzJSZ9WdtrmMVWGcQH%2Fc64vnQG4VzH0fbB6jTwlTyBfsRe14TgeJZ8FCTClREaJYBtxiP4FvDT1gl%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:56 GMT
cf-ray: 940a744fabb756ae-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2317&min_rtt=647&rtt_var=944&sent=211&recv=232&lost=0&retrans=0&sent_bytes=91209&recv_bytes=14104&delivery_rate=26076&cwnd=48000&unsent_bytes=0&cid=fcdbed8762486928&ts=3584&x=16"

mt.gov-pfx.win/pay/assets/BHcjXi3x.gif

104.21.14.22

200 OK

60 kB

URL GET
mt.gov-pfx.win/pay/assets/BHcjXi3x.gif
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 11:14:54 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:53 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hKV6nZGm2o3%2FtEGCsu38oxod3i7CxLVUUBpkdiwFVASZBDvsnEB8O2H1OHEnARA54qnmghF0A9I3MszNZeoY1XOcgBJRY9dv2%2Fu8RHgRIGR19Jvi6oqfzxC0CA0DMqV8gA%3D%3D"}]}
cf-ray: 940a743cee1f0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mt.gov-pfx.win/front/checkIp?token=123

104.21.14.22

200 OK

225 B

URL GET
mt.gov-pfx.win/front/checkIp?token=123
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
cd3a04550e9baddb0ac5ed14ec62f3bd
79a65517bbfdd3d76bb0bc32e8fbd69b2aeac690
55e94215513f441947694b8522fccdb428d7df0138f03c71c2f603f9a24f7d76

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mt.gov-pfx.win/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 11:14:55 GMT
content-type: text/plain;charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XN4GQ1SSuw5FgilDqs%2FnAZkLYkkK%2BP%2B0%2BWQErEMequ3y9J9uW2xM28rrIjxiZArN7kVcrBtEbv2WjPp6MZPGrr0qGAbQfG2yf4%2FFwFlTiTOqBk5Rw9tyI67an90c4mGlA%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 940a7444bb1b56ae-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3295&min_rtt=647&rtt_var=1755&sent=134&recv=219&lost=0&retrans=0&sent_bytes=10386&recv_bytes=12382&delivery_rate=2271&cwnd=12000&unsent_bytes=0&cid=fcdbed8762486928&ts=1889&x=16"

wss://mt.gov-pfx.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTUzNjR9.pHa2SNMjsEYtaRZwijOpQPO_CVN9NzLTlnpQ8TNal2g

104.21.14.22

101

0 B

URL GET
wss://mt.gov-pfx.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTUzNjR9.pHa2SNMjsEYtaRZwijOpQPO_CVN9NzLTlnpQ8TNal2g
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NTUzNjR9.pHa2SNMjsEYtaRZwijOpQPO_CVN9NzLTlnpQ8TNal2g HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://mt.gov-pfx.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rz3VseSqmbU7/B8VGJWeXA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Fri, 16 May 2025 11:14:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: iwXJkD2pUaamZ4wiJylpYForoMY=
Sec-Websocket-Extensions: permessage-deflate
Cf-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=el68mJeTgpSAPTGcGFy331GT8HNA6HamYKCDN6%2BQn%2FE9qHFGk%2FCH2icv9iG2oCaWg7yPdQ39LY%2F29TLzR6I%2FtnUHSXFx3U0vEcdnmjCyDaDi8B9FEtmG7%2Bmhbzcj%2FdYPnw%3D%3D"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Cf-Ray: 940a7448efa556a9-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=493&min_rtt=459&rtt_var=151&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3111&recv_bytes=1250&delivery_rate=7528596&cwnd=252&unsent_bytes=0&cid=77f4e3961d7ba99b&ts=503&x=0"

mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.ttf?v=67

104.21.14.22

404 Not Found

0 B

URL GET
mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.ttf?v=67
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/assets/COWarIft.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 11:14:56 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bAcW5YLSkrSL7pAUPViWyPbgURmI2yf9ZcKG9CPPAMvM2v4pKRFJtQNyw5eih2ApbyUqz4WWJpZcuvOdeF2M34NmEeExxvP4ERZD1aRn%2Bn7n1WsMhMkXG%2BEtc75%2Byp9nnw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940a744d2b9e56ae-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2251&min_rtt=647&rtt_var=1082&sent=209&recv=230&lost=0&retrans=0&sent_bytes=90589&recv_bytes=13776&delivery_rate=22102&cwnd=48000&unsent_bytes=0&cid=fcdbed8762486928&ts=3004&x=16"

mt.gov-pfx.win/pay/

104.21.14.22

200 OK

2.7 kB

URL User Request GET
mt.gov-pfx.win/pay/
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2741 bytes)
Hash
de0a6d2c5cb3c9b8b247b94b99b6d9ea
737fff36b20d08d599095cdf4ffc85adb20af70f
b31f7d252bd988520d12312d35a6c01eaf37c3aa980a1251ed5caa59babf3586

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/ HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 11:14:53 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Bzxp6QZDhHfkvi7RnrDR5kFo8VogFUtjy9wRz9%2B4vfkY3k%2Bme8Mqz8s05ELhS98c3N3axWmQnyNtn2hDBCKH0zq%2FMuoswYAQHjM5r3R03B%2BX13RRfV1D6cNCgeV23YZcOw%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 940a7438bf4d0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mt.gov-pfx.win/pay/assets/C5qEAMPF.js

104.21.14.22

200 OK

795 kB

URL GET
mt.gov-pfx.win/pay/assets/C5qEAMPF.js
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type
JavaScript source, ASCII text, with very long lines (30578)
Size
795 kB (795319 bytes)
Hash
910e633aa9a43b9e2381246c223743ee
76fcaf4307c4505d0e407f11fd0e691a1b6f98a1
951a30879d272e1b1ae0e270371981088e157d648f523091df5c02b280442d62

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/C5qEAMPF.js HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 11:14:53 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 11:14:53 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xa%2FreV%2FPnh2BHE4pm%2FcczxasRgkieUA%2BVL3XTWWJR2GcU0PQ308%2B7fsEo86clu0vKVZxGWOWz6zhcaxcfvwryqvOIUdYgQo0WRSO%2BshkxHT4XLdxh6VUVj6t7dbW%2FGtsPw%3D%3D"}]}
cf-ray: 940a743cde180b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

template.mt.gov/resources/template/search-icon.png

161.7.35.25

200 OK

648 B

URL GET
template.mt.gov/resources/template/search-icon.png
IP
161.7.35.25:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerSectigo Limited
Subject*.mt.gov
Fingerprint89:FD:E9:E5:FB:B4:01:43:63:03:D8:24:7D:3E:AB:14:32:CD:72:69
ValidityWed, 08 May 2024 00:00:00 GMT - Sun, 08 Jun 2025 23:59:59 GMT

File type
PNG image data, 23 x 22, 8-bit/color RGBA, non-interlaced
Size
648 B (648 bytes)
Hash
9e5759b21de60d602aa763fc7b55ccb5
a6e73244c31eb14abcf4a5c88e2d2de448e048bc
811604b68b2741b56e18cb4990be527fbf225f8ac14c3556bfdb5b13142319a7

HTTP Headers

GET /resources/template/search-icon.png HTTP/1.1
Host: template.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Fri, 05 Apr 2024 22:15:29 GMT
Accept-Ranges: bytes
ETag: "706cb0c4a687da1:0"
Date: Fri, 16 May 2025 11:14:55 GMT
Content-Length: 648
Set-Cookie: TS0133061e=01f9310cc2ac561b7c22a43080f0ba2e0b47cb0779705f2f9fdb4b59c054718b8ca5d947d39f0ae128d6551d4e691c9af78ff061da; Path=/

www.mdt.mt.gov/_resources/images/mdtLogo-white-star.png

161.7.14.31

200 OK

0 B

URL GET
www.mdt.mt.gov/_resources/images/mdtLogo-white-star.png
IP
161.7.14.31:443
ASN
#3482 MTSTGOV

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.mdt.mt.gov
FingerprintF6:7D:E5:1C:11:FC:CF:45:14:EE:B1:05:71:6D:99:AE:C8:3F:7C:5E
ValidityFri, 21 Mar 2025 21:30:42 GMT - Fri, 27 Mar 2026 15:32:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_resources/images/mdtLogo-white-star.png HTTP/1.1
Host: www.mdt.mt.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 1018

mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.woff2?v=67

104.21.14.22

404 Not Found

0 B

URL GET
mt.gov-pfx.win/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
104.21.14.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mt.gov-pfx.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-pfx.win
Fingerprint60:92:19:D9:FA:CE:33:CD:A6:16:9B:CF:E3:07:7B:2E:6B:AC:75:F4
ValidityThu, 15 May 2025 10:13:52 GMT - Wed, 13 Aug 2025 11:13:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: mt.gov-pfx.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mt.gov-pfx.win/pay/assets/COWarIft.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 11:14:55 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9cMoCuhFUfI7TOnkUtb%2FLcqAKa6A8%2FlqTKTLvcTXxgRGrA7BUO0%2FfB2M5UgD%2BnDp2Wr1V1sWJdOqQaygCjKIKfOuS7EYq5dWCbyALbihPfc0bn0e%2BL6uLiAexWhw%2BpR6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940a7447bb3c56ae-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2626&min_rtt=647&rtt_var=1788&sent=150&recv=223&lost=0&retrans=0&sent_bytes=26178&recv_bytes=12863&delivery_rate=3560484&cwnd=24000&unsent_bytes=0&cid=fcdbed8762486928&ts=2368&x=16"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET