Report - metroexpresslanes.net-vggb.cc/pay/

Report Overview

Visited public
2025-05-06 14:35:13
Tags
phishing
URL
metroexpresslanes.net-vggb.cc/pay/
Finishing URL
metroexpresslanes.net-vggb.cc/pay/
IP / ASN
47.253.190.164
#45102 Alibaba US Technology Co., Ltd.
Title
Metro ExpressLanes – Metro ExpressLanes
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.metroexpresslanes.net	unknown	unknown	No data	No data	1.5 kB	8.5 kB	45.55.98.55
fonts.googleapis.com	8877	unknown	No data	No data	474 B	25 kB	142.250.74.10
metroexpresslanes.net-vggb.cc	unknown	unknown	No data	No data	4.4 kB	1.9 MB	47.253.190.164
fonts.gstatic.com	unknown	unknown	No data	No data	1.6 kB	105 kB	142.250.74.35
www.gstatic.com	unknown	unknown	No data	No data	957 B	4.1 kB	142.250.74.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	metroexpresslanes.net-vggb.cc/pay/	ScriptElement	314 B	2023-03-11	2025-05-22
Pretty URL metroexpresslanes.net-vggb.cc/pay/ IP 47.253.190.164 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-05-22 02:43 Times Seen4078 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	metroexpresslanes.net-vggb.cc/pay/assets/fliceXIj.js	ScriptElement	36 kB	2025-04-26	2025-05-13
Pretty URL metroexpresslanes.net-vggb.cc/pay/assets/fliceXIj.js IP 47.253.190.164 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 11:39 Last Seen2025-05-13 10:49 Times Seen24 Hash 0aec76b3abeebc277b093b1c351ac411 a3f2676efafcfa0e93917505bcdb124394f40ff1 b49fdb97dc26aa183e76aadd0ee26fc84a8d67788731c2f3fde56a0785046463 Loading...

	metroexpresslanes.net-vggb.cc/pay/assets/BlkCn0PI.js	ScriptElement	852 kB	2025-04-26	2025-05-13
Pretty URL metroexpresslanes.net-vggb.cc/pay/assets/BlkCn0PI.js IP 47.253.190.164 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 11:39 Last Seen2025-05-13 10:49 Times Seen24 Hash 9be43bd6ecad32262496c63bdbb79117 10865b16d084976df86745e589bf6521f701c6cf c81515525d404dc82d0102987554d0f7691ebcf23a941fbd06c8dfca8e1d230d Loading...

	metroexpresslanes.net-vggb.cc/pay/	ScriptElement	84 B	2023-04-07	2025-05-22
Pretty URL metroexpresslanes.net-vggb.cc/pay/ IP 47.253.190.164 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-05-22 02:43 Times Seen12619 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

HTTP Transactions (18)

URL IP Response Size

fonts.googleapis.com/css?family=Open+Sans:300,400,700,800&display=swap

142.250.74.10

200 OK

24 kB

URL GET
fonts.googleapis.com/css?family=Open+Sans:300,400,700,800&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
ASCII text, with very long lines (1572)
Size
24 kB (24056 bytes)
Hash
04163dd22c4bfb06ed52c9d07444cde5
8c96bbfb84f47db801b6cd44b512d11046f42612
34a0f03f3248c357adc13db9788b62750bf7f81576f48c20965667891e015bf4

HTTP Headers

GET /css?family=Open+Sans:300,400,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 May 2025 14:34:53 GMT
date: Tue, 06 May 2025 14:34:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

metroexpresslanes.net-vggb.cc/pay/assets/C7owu5Xl.css

47.253.190.164

200

854 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/assets/C7owu5Xl.css
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
ASCII text
Size
854 kB (853758 bytes)
Hash
4f755f7acb94131839b05fe01cb18a18
872c29f57dff5244d56fc0f046bb3dd6cb873b20
e0ca1b589db563c4b2cdad4644d0c0d297cdb351f5a3f11f6ebdb66bd7c4cb3f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/C7owu5Xl.css HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:52 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://metroexpresslanes.net-vggb.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:12:20 GMT
expires: Fri, 01 May 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 447753
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://metroexpresslanes.net-vggb.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:12:20 GMT
expires: Fri, 01 May 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 447753
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

metroexpresslanes.net-vggb.cc/pay/assets/BFlzPuQd.woff2

47.253.190.164

200

75 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/assets/BFlzPuQd.woff2
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74800, version 329.-17761
Size
75 kB (74800 bytes)
Hash
68c177c286c34e1b7b975807dd5d9ed0
2fe2eba4ac1828a76457a1b7b7af642a9b880708
03b742a6efdb17797c84c2b5db25f5cda6a3361fa5e62b98662e321b26f77331

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BFlzPuQd.woff2 HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/assets/C7owu5Xl.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:53 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains

wss://metroexpresslanes.net-vggb.cc/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTcyNDB9.l6tLPrevPg0t4Pm6LJQf_X5NOIPdUnvpqM5xaWHyxAc

47.253.190.164

101

0 B

URL GET
wss://metroexpresslanes.net-vggb.cc/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTcyNDB9.l6tLPrevPg0t4Pm6LJQf_X5NOIPdUnvpqM5xaWHyxAc
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTcyNDB9.l6tLPrevPg0t4Pm6LJQf_X5NOIPdUnvpqM5xaWHyxAc HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://metroexpresslanes.net-vggb.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cCwXycvccneWDCqYe49u/g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:54 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9ZbyehkBazskTP0w4gEbz15lMjs=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

142.250.74.99

200 OK

910 B

URL GET
www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced
Size
910 B (910 bytes)
Hash
efa6bb2bfe459bc6f4bdafa3db0383f6
52d15ce52fe50643e542c17812de43f4ed1b6ee0
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

HTTP Headers

GET /images/branding/googlelogo/1x/googlelogo_color_42x16dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 910
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:24:54 GMT
expires: Fri, 01 May 2026 10:24:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/png
vary: Origin
age: 447000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

metroexpresslanes.net-vggb.cc/pay/

47.253.190.164

200

2.7 kB

URL User Request GET
metroexpresslanes.net-vggb.cc/pay/
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
d72697466e464aa0591a93a4912636bd
95dde0ae4ba6ff0bf171b52c20dc39853a44f65f
20d55fb69628253a3619136e979283b3d666de3f0c9897733d9c5d4449fd8021

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/ HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

metroexpresslanes.net-vggb.cc/pay/assets/fliceXIj.js

47.253.190.164

200

36 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/assets/fliceXIj.js
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36290), with no line terminators
Size
36 kB (36291 bytes)
Hash
0aec76b3abeebc277b093b1c351ac411
a3f2676efafcfa0e93917505bcdb124394f40ff1
b49fdb97dc26aa183e76aadd0ee26fc84a8d67788731c2f3fde56a0785046463

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:42:41 GMT
expires: Fri, 01 May 2026 10:42:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 445932
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

metroexpresslanes.net-vggb.cc/pay/favicon.ico

47.253.190.164

200

4.7 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/favicon.ico
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
PNG image data, 192 x 192, 8-bit gray+alpha, non-interlaced
Size
4.7 kB (4669 bytes)
Hash
7e775a25a736df198231432d07f6e08c
a28fa09ab9ef86fc308ee01f9b77c08965111027
6240313e9888a084ef1508514221f2a3fda765af4e782d0c09488254b8ccad61

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/favicon.ico HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:54 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

metroexpresslanes.net-vggb.cc/front/checkIp?token=123

47.253.190.164

200

240 B

URL GET
metroexpresslanes.net-vggb.cc/front/checkIp?token=123
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
JSON text data
Size
240 B (240 bytes)
Hash
493b47c26728c232cdbcdf0c268cda28
23cbdfca08e3e400fd4e54414daea1cd3a9779ed
ef0d88d49702edbdca235bebbfb45f42dad13481fa85e079526782e760e4bab5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://metroexpresslanes.net-vggb.cc/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:53 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 240
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Strict-Transport-Security: max-age=31536000; includeSubDomains

www.metroexpresslanes.net/app/uploads/2019/08/metro_express_logo_wt.png

45.55.98.55

200 OK

3.3 kB

URL GET
www.metroexpresslanes.net/app/uploads/2019/08/metro_express_logo_wt.png
IP
45.55.98.55:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerDigiCert Inc
Subjectlametrobos.metroexpresslanes.net
FingerprintD5:16:49:65:AE:2F:E3:5A:AE:A6:52:BA:C3:48:10:B1:C0:24:1B:63
ValidityFri, 15 Nov 2024 00:00:00 GMT - Sun, 30 Nov 2025 23:59:59 GMT

File type
PNG image data, 413 x 26, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3281 bytes)
Hash
b5addca3c6f362a04e090ea509d3a80d
941e8f020f32ebbfd8c7217f56c334d473b16983
e26f17e9e44a94d050571cc4bf0466d42d2fa2a19ca4fbe2c8260e25903f0c2b

HTTP Headers

GET /app/uploads/2019/08/metro_express_logo_wt.png HTTP/1.1
Host: www.metroexpresslanes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 06 May 2025 14:34:53 GMT
content-type: image/png
content-length: 3281
last-modified: Mon, 28 Oct 2019 19:15:18 GMT
etag: "5db73e46-cd1"
expires: Wed, 06 May 2026 14:34:53 GMT
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
X-Firefox-Spdy: h2

www.metroexpresslanes.net/app/themes/la/dist/images/footer_background_09d084f9.png

45.55.98.55

200 OK

1.9 kB

URL GET
www.metroexpresslanes.net/app/themes/la/dist/images/footer_background_09d084f9.png
IP
45.55.98.55:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerDigiCert Inc
Subjectlametrobos.metroexpresslanes.net
FingerprintD5:16:49:65:AE:2F:E3:5A:AE:A6:52:BA:C3:48:10:B1:C0:24:1B:63
ValidityFri, 15 Nov 2024 00:00:00 GMT - Sun, 30 Nov 2025 23:59:59 GMT

File type
PNG image data, 1407 x 500, 2-bit colormap, non-interlaced
Size
1.9 kB (1861 bytes)
Hash
3655a82edd04a027160e627cca723b2c
a34e527874e0a009cd8f798fdd7399e76b9c9eb6
8271fb0e17bb7bf07605a6ccfd20ee32e4d1f95235777784a9b69e82fa1e8b42

HTTP Headers

GET /app/themes/la/dist/images/footer_background_09d084f9.png HTTP/1.1
Host: www.metroexpresslanes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 06 May 2025 14:34:53 GMT
content-type: image/png
content-length: 1861
last-modified: Thu, 24 Apr 2025 14:41:38 GMT
etag: "680a4da2-745"
expires: Wed, 06 May 2026 14:34:53 GMT
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
X-Firefox-Spdy: h2

metroexpresslanes.net-vggb.cc/pay/assets/BlkCn0PI.js

47.253.190.164

200

852 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/assets/BlkCn0PI.js
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
JavaScript source, ASCII text, with very long lines (30916)
Size
852 kB (851916 bytes)
Hash
9be43bd6ecad32262496c63bdbb79117
10865b16d084976df86745e589bf6521f701c6cf
c81515525d404dc82d0102987554d0f7691ebcf23a941fbd06c8dfca8e1d230d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BlkCn0PI.js HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

metroexpresslanes.net-vggb.cc/pay/assets/BHcjXi3x.gif

47.253.190.164

200

60 kB

URL GET
metroexpresslanes.net-vggb.cc/pay/assets/BHcjXi3x.gif
IP
47.253.190.164:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerLet's Encrypt
Subjectmetroexpresslanes.net-vggb.cc
FingerprintD4:E5:4E:73:98:92:38:91:11:28:B8:A4:41:63:A8:F5:54:FA:D2:61
ValidityMon, 05 May 2025 11:08:32 GMT - Sun, 03 Aug 2025 11:08:31 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: metroexpresslanes.net-vggb.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Tue, 06 May 2025 14:34:53 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

www.metroexpresslanes.net/app/themes/la/dist/images/header_design_90be2036.png

45.55.98.55

200 OK

1.8 kB

URL GET
www.metroexpresslanes.net/app/themes/la/dist/images/header_design_90be2036.png
IP
45.55.98.55:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerDigiCert Inc
Subjectlametrobos.metroexpresslanes.net
FingerprintD5:16:49:65:AE:2F:E3:5A:AE:A6:52:BA:C3:48:10:B1:C0:24:1B:63
ValidityFri, 15 Nov 2024 00:00:00 GMT - Sun, 30 Nov 2025 23:59:59 GMT

File type
PNG image data, 1380 x 140, 4-bit colormap, non-interlaced
Size
1.8 kB (1779 bytes)
Hash
e6257168011f11b473b4a4b93f36b880
ab0a10229a1357d4d5d270efb4ca0031063d22c4
2e43a7d4944b9d92574faba2b898588615af44d4f935c1c9efcee9aa55ae472f

HTTP Headers

GET /app/themes/la/dist/images/header_design_90be2036.png HTTP/1.1
Host: www.metroexpresslanes.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 06 May 2025 14:34:53 GMT
content-type: image/png
content-length: 1779
last-modified: Thu, 24 Apr 2025 14:41:38 GMT
etag: "680a4da2-6f3"
expires: Wed, 06 May 2026 14:34:53 GMT
cache-control: max-age=31536000
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://metroexpresslanes.net-vggb.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metroexpresslanes.net-vggb.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 May 2025 06:15:59 GMT
expires: Tue, 05 May 2026 06:15:59 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 116335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP