Report - driveezmd.com-dpem.win/us/

Report Overview

Visited public
2025-05-07 11:01:55
Tags
phishing
Submit Tags
URL
driveezmd.com-dpem.win/us/
Finishing URL
driveezmd.com-dpem.win/us/
IP / ASN
47.253.156.168
#45102 Alibaba US Technology Co., Ltd.
Title
E-ZPass or Pay-By-Plate Account | DriveEzMD.com
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
content.psplugin.com	66513	unknown	No data	No data	972 B	3.2 kB	46.21.96.230
trkn.us	2659	unknown	No data	No data	1.1 kB	1.3 kB	95.100.107.139
www.gstatic.com	unknown	unknown	No data	No data	465 B	2.5 kB	142.250.178.99
us-content.vergic.com	47829	unknown	No data	No data	505 B	1.0 kB	46.21.96.230
fonts.gstatic.com	unknown	unknown	No data	No data	461 B	7.1 kB	142.250.74.35
content.govdelivery.com	11788	unknown	No data	No data	447 B	290 B	23.44.37.58
driveezmd.com-dpem.win	unknown	unknown	No data	No data	4.8 kB	3.1 MB	47.253.156.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	driveezmd.com-dpem.win/us/assets/SxHz5F18.js	ScriptElement	844 kB	2025-05-06	2025-05-10
Pretty URL driveezmd.com-dpem.win/us/assets/SxHz5F18.js IP 47.253.156.168 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 11:08 Last Seen2025-05-10 18:02 Times Seen8 Hash 81af7a527d8af0f11719797b08b34d91 a31aa4daf3f388894620ef150198416d0b2d8dd6 695de35132ad142480779727817985ae66380bcf5da11a44079ccc3288716cef Loading...

	driveezmd.com-dpem.win/us/	ScriptElement	314 B	2023-03-11	2025-07-05
Pretty URL driveezmd.com-dpem.win/us/ IP 47.253.156.168 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-07-05 03:44 Times Seen7458 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	driveezmd.com-dpem.win/us/	ScriptElement	84 B	2023-04-07	2025-07-05
Pretty URL driveezmd.com-dpem.win/us/ IP 47.253.156.168 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-07-05 03:44 Times Seen15974 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	driveezmd.com-dpem.win/us/assets/fliceXIj.js	ScriptElement	36 kB	2025-05-06	2025-05-10
Pretty URL driveezmd.com-dpem.win/us/assets/fliceXIj.js IP 47.253.156.168 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 11:08 Last Seen2025-05-10 18:02 Times Seen8 Hash 48b6f4ccfbcba5dc05aa897ef16e66a5 958429499b31bd8898eda07b59ceb7b5d5247a7c d8a3a49216f52365b5a176d3c6bc889d93422c2eed25127fb5d6716b3fee1880 Loading...

HTTP Transactions (18)

URL IP Response Size

GET driveezmd.com-dpem.win/us/assets/BHcjXi3x.gif

47.253.156.168

200

60 kB

URL GET
driveezmd.com-dpem.win/us/assets/BHcjXi3x.gif
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/BHcjXi3x.gif HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:33 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET content.psplugin.com/images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_agent_outline.svg

46.21.96.230

200 OK

1.7 kB

URL GET
content.psplugin.com/images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_agent_outline.svg
IP
46.21.96.230:443
ASN
#42708 GleSYS AB

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subject*.psplugin.com
Fingerprint35:9B:1B:0C:73:D4:DB:63:61:72:E9:11:0C:8D:A6:65:AD:5E:C9:2A
ValidityMon, 17 Mar 2025 07:08:59 GMT - Sun, 15 Jun 2025 07:08:58 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1686 bytes)
Hash
df060c45bdad4a25b443658203cc3c68
71c1a727f921fa0f8d79635ad3ef99d99a7db2db
90a8d074f43acbcd4ac24985eba147a946bb5003fc790965583c83a38d53a63a

HTTP Headers

GET /images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_agent_outline.svg HTTP/1.1
Host: content.psplugin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
last-modified: Wed, 09 Apr 2025 07:15:59 GMT
etag: W/"696-1961967dc1d"
date: Wed, 07 May 2025 10:43:08 GMT
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=600
age: 1106
x-cache: HIT
accept-ranges: bytes
content-length: 805
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains

GET trkn.us/pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120;ip=91.90.42.154;cuidchk=1

95.100.107.139

200 OK

42 B

URL GET
trkn.us/pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120;ip=91.90.42.154;cuidchk=1
IP
95.100.107.139:443
ASN
#20940 Akamai International B.V.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectcert1-prod.aut.a24365.net
Fingerprint0B:5E:E7:B4:B1:AE:9B:2F:86:CA:98:AF:96:22:D1:AE:8F:BA:54:A3
ValidityThu, 06 Mar 2025 00:36:05 GMT - Wed, 04 Jun 2025 00:36:04 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120;ip=91.90.42.154;cuidchk=1 HTTP/1.1
Host: trkn.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://driveezmd.com-dpem.win/
DNT: 1
Connection: keep-alive
Cookie: barometric[cuid]=cuid_681b3d8e-a76a-4645-9fd9-f2f367122e6e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 42
Content-Type: image/gif
Pragma: no-cache
Date: Wed, 07 May 2025 11:01:34 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Sun, 9 Nov 1980 12:58:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Set-Cookie: barometric[cuid]=cuid_681b3d8e-a76a-4645-9fd9-f2f367122e6e; expires=Thu, 07-May-2026 11:01:34 GMT; Max-Age=31536000; path=/; SameSite=None;  Secure; domain=.trkn.us;
barometric[idfa]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; SameSite=None; Secure; domain=.trkn.us

GET wss://driveezmd.com-dpem.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NzA1Nzd9.Pu5UzYoJnm5CObOhngRKsKpp97b79BjtrNNSo4r71_E

47.253.156.168

101

0 B

URL GET
wss://driveezmd.com-dpem.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NzA1Nzd9.Pu5UzYoJnm5CObOhngRKsKpp97b79BjtrNNSo4r71_E
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NzA1Nzd9.Pu5UzYoJnm5CObOhngRKsKpp97b79BjtrNNSo4r71_E HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://driveezmd.com-dpem.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zung1uCTtCdGvPCv8lElDg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:34 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +gblnx6dYaK41BzQwPGi/IxcmYU=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.178.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Apr 2025 21:30:03 GMT
expires: Thu, 30 Apr 2026 21:30:03 GMT
cache-control: public, max-age=31536000
age: 567092
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET driveezmd.com-dpem.win/us/assets/gGsea-uo.css

47.253.156.168

200

2.0 MB

URL GET
driveezmd.com-dpem.win/us/assets/gGsea-uo.css
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
2.0 MB (1989570 bytes)
Hash
3a12275021cad7701cee11d3394ab423
469ab5bf15e9aafbc606b7914def42039f1aee1d
80cdd56534e4f4e760044ca99fbf218cf4d0cfea2312ccc85b9211e7bfad209d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/gGsea-uo.css HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET driveezmd.com-dpem.win/front/checkIp?token=123

47.253.156.168

200

240 B

URL GET
driveezmd.com-dpem.win/front/checkIp?token=123
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
JSON text data
Size
240 B (240 bytes)
Hash
afd916762d7b4cc3602d8728b0040447
39929d3ce78f6abcb939face67bdfd834d709fa7
cb40acf936421973171a739cdd88625edc0c05cf86cb0c91f5816933184c4751

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://driveezmd.com-dpem.win/us/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:34 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 240
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET us-content.vergic.com/cdn/accounts/6654999F-38D7-4241-AE95-C0AAA92512AE/images/vngage-mtda-figure.svg

46.21.96.230

200 OK

528 B

URL GET
us-content.vergic.com/cdn/accounts/6654999F-38D7-4241-AE95-C0AAA92512AE/images/vngage-mtda-figure.svg
IP
46.21.96.230:443
ASN
#42708 GleSYS AB

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subject*.psplugin.com
Fingerprint35:9B:1B:0C:73:D4:DB:63:61:72:E9:11:0C:8D:A6:65:AD:5E:C9:2A
ValidityMon, 17 Mar 2025 07:08:59 GMT - Sun, 15 Jun 2025 07:08:58 GMT

File type
SVG Scalable Vector Graphics image
Size
528 B (528 bytes)
Hash
4a390cb15fe7a943eebefcba972a1d27
3331f54eda67b7268550b7d732fdb0c50a079dec
4c5b262230d477bbb153ed19abf7e9036e82aa6f9dd627c594e7246e1bb0aa49

HTTP Headers

GET /cdn/accounts/6654999F-38D7-4241-AE95-C0AAA92512AE/images/vngage-mtda-figure.svg HTTP/1.1
Host: us-content.vergic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
last-modified: Tue, 08 Apr 2025 05:44:11 GMT
etag: W/"210-19613ed7656"
date: Wed, 07 May 2025 11:00:02 GMT
content-type: image/svg+xml
content-length: 528
vary: Accept-Encoding
cache-control: public, max-age=600
age: 92
x-cache: HIT
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains

GET fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 May 2025 10:42:41 GMT
expires: Fri, 01 May 2026 10:42:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 519534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET driveezmd.com-dpem.win/us/favicon.ico

47.253.156.168

200

6.1 kB

URL GET
driveezmd.com-dpem.win/us/favicon.ico
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
6.1 kB (6116 bytes)
Hash
de6ef562e7373382f6e5a4f49a47ce9e
a4d09c9bb7b64d8a2ea8c414399a1d567adedf66
887e677cd8df5fc6ce012f8848d07c61e90710f277de512ad38109adf31c6723

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/favicon.ico HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:34 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET driveezmd.com-dpem.win/us/

47.253.156.168

200

2.7 kB

URL User Request GET
driveezmd.com-dpem.win/us/
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
21b52c851fea0d11a0cb38cc5c5c5229
e17a9a5c8078ff7652f21bf5ddb23625002a7a27
7dcff8bd3ff3cdf8b49c94876414757af8bfb4cece86248f376afc668942feb8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/ HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET content.govdelivery.com/images/required.gif

23.44.37.58

200 OK

59 B

URL GET
content.govdelivery.com/images/required.gif
IP
23.44.37.58:443
ASN
#16625 AKAMAI-AS

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerDigiCert Inc
Subjectcontent.govdelivery.com
FingerprintDB:4A:E5:EB:27:39:99:DB:C8:87:18:63:FA:17:54:A1:A9:59:33:63
ValidityFri, 21 Mar 2025 00:00:00 GMT - Sat, 21 Mar 2026 23:59:59 GMT

File type
GIF image data, version 89a, 10 x 11
Size
59 B (59 bytes)
Hash
8cbb1b1a5fa0bc5842abb1c76106200d
2ddac1373949edc949ae6b997654cf7a615acc25
139b548414c88442cfc0772133ef4b70da67b21046b31a86cea9bf6a0dc7c9d3

HTTP Headers

GET /images/required.gif HTTP/1.1
Host: content.govdelivery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: image/gif
Content-Length: 59
Last-Modified: Wed, 18 Dec 2024 03:03:55 GMT
Strict-Transport-Security: max-age=31536000
Date: Wed, 07 May 2025 11:01:34 GMT
Connection: keep-alive

GET trkn.us/pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120

95.100.107.139

302 Moved Temporarily

42 B

URL GET
trkn.us/pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120
IP
95.100.107.139:443
ASN
#20940 Akamai International B.V.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectcert1-prod.aut.a24365.net
Fingerprint0B:5E:E7:B4:B1:AE:9B:2F:86:CA:98:AF:96:22:D1:AE:8F:BA:54:A3
ValidityThu, 06 Mar 2025 00:36:05 GMT - Wed, 04 Jun 2025 00:36:04 GMT

File type

Size
42 B (42 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120 HTTP/1.1
Host: trkn.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Location: /pixel/conv/ppt=23746;g=marylandtransportationauthority_lp_visitor;gid=58137;ord=5520796857648.657;v=120;ip=91.90.42.154;cuidchk=1
Date: Wed, 07 May 2025 11:01:34 GMT
Connection: keep-alive
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: barometric[cuid]=cuid_681b3d8e-a76a-4645-9fd9-f2f367122e6e; expires=Thu, 07-May-2026 11:01:34 GMT; Max-Age=31536000; path=/; SameSite=None;  Secure; domain=.trkn.us;
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET driveezmd.com-dpem.win/us/assets/BJvLkLUZ.woff

47.253.156.168

200

68 kB

URL GET
driveezmd.com-dpem.win/us/assets/BJvLkLUZ.woff
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
Web Open Font Format, TrueType, length 67540, version 1.10
Size
68 kB (67540 bytes)
Hash
71184349f4d000a8dda37aa80ccfd4b2
9ae0b400ba05aae3c1f9a91af17dab3a65eb7995
7d216b09c3be4aa0ce54e809b08b8aeaa71281018134a48aedaa73718e31ff33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/BJvLkLUZ.woff HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/assets/gGsea-uo.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:34 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET driveezmd.com-dpem.win/us/assets/fliceXIj.js

47.253.156.168

200

36 kB

URL GET
driveezmd.com-dpem.win/us/assets/fliceXIj.js
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36144), with no line terminators
Size
36 kB (36145 bytes)
Hash
48b6f4ccfbcba5dc05aa897ef16e66a5
958429499b31bd8898eda07b59ceb7b5d5247a7c
d8a3a49216f52365b5a176d3c6bc889d93422c2eed25127fb5d6716b3fee1880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/fliceXIj.js HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET driveezmd.com-dpem.win/us/assets/SxHz5F18.js

47.253.156.168

200

844 kB

URL GET
driveezmd.com-dpem.win/us/assets/SxHz5F18.js
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
JavaScript source, ASCII text, with very long lines (30958)
Size
844 kB (844316 bytes)
Hash
81af7a527d8af0f11719797b08b34d91
a31aa4daf3f388894620ef150198416d0b2d8dd6
695de35132ad142480779727817985ae66380bcf5da11a44079ccc3288716cef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/SxHz5F18.js HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET content.psplugin.com/images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_close.svg

46.21.96.230

200 OK

559 B

URL GET
content.psplugin.com/images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_close.svg
IP
46.21.96.230:443
ASN
#42708 GleSYS AB

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subject*.psplugin.com
Fingerprint35:9B:1B:0C:73:D4:DB:63:61:72:E9:11:0C:8D:A6:65:AD:5E:C9:2A
ValidityMon, 17 Mar 2025 07:08:59 GMT - Sun, 15 Jun 2025 07:08:58 GMT

File type
SVG Scalable Vector Graphics image
Size
559 B (559 bytes)
Hash
b6555ff3a634f1942850f172b8c35182
3cf778c66c49edcba889738a6956234221660d94
f62fd1f5bf5fd35432bed5d778eaca7c47ed9d1981d027cf4ca25a64b021c04c

HTTP Headers

GET /images/8733B8BB-49D3-4187-B9D4-719BCC78C769/ico_close.svg HTTP/1.1
Host: content.psplugin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
last-modified: Wed, 09 Apr 2025 07:15:59 GMT
etag: W/"22f-1961967dc1d"
date: Wed, 07 May 2025 10:51:05 GMT
content-type: image/svg+xml
content-length: 559
vary: Accept-Encoding
cache-control: public, max-age=600
age: 629
x-cache: HIT
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains

GET driveezmd.com-dpem.win/us/assets/DPwvFWeZ.woff

47.253.156.168

200

70 kB

URL GET
driveezmd.com-dpem.win/us/assets/DPwvFWeZ.woff
IP
47.253.156.168:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://driveezmd.com-dpem.win/us/
Certificate
IssuerLet's Encrypt
Subjectdriveezmd.com-dpem.win
FingerprintFD:E9:44:35:28:30:72:2C:04:99:4E:BA:3F:2F:1C:C8:ED:58:F3:4B
ValidityTue, 06 May 2025 07:42:45 GMT - Mon, 04 Aug 2025 07:42:44 GMT

File type
Web Open Font Format, TrueType, length 69884, version 1.10
Size
70 kB (69884 bytes)
Hash
f98f6a22fe615ef9edd26dc715044ddb
9da0c2315809c116f3f9b6d13366811af7413650
2017376de5d9668b6293f8552ae2a52da9818d4bf351e87dda6b8bbb2a6102f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /us/assets/DPwvFWeZ.woff HTTP/1.1
Host: driveezmd.com-dpem.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://driveezmd.com-dpem.win/us/assets/gGsea-uo.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 07 May 2025 11:01:34 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET