Report - nmdmv.gov-ffq.win/pay/

Report Overview

Visited public
2025-05-13 10:59:43
Tags
phishing
URL
nmdmv.gov-ffq.win/pay/
Finishing URL
nmdmv.gov-ffq.win/pay/
IP / ASN
172.67.143.84
#13335 CLOUDFLARENET
Title
Transportation & Public Facilities
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nmdmv.gov-ffq.win	unknown	unknown	No data	No data	6.7 kB	1.8 MB	104.21.95.56
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-07	2.7 kB	230 kB	142.250.74.35
www.dot.nm.gov	unknown	unknown	2022-08-14	2025-03-25	1.0 kB	224 kB	3.167.2.50

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed
2025-05-13	medium	gov-ffq.win	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	nmdmv.gov-ffq.win/pay/assets/fliceXIj.js	ScriptElement	36 kB	2025-05-13	2025-05-13
Pretty URL nmdmv.gov-ffq.win/pay/assets/fliceXIj.js IP 104.21.95.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-13 10:59 Last Seen2025-05-13 14:24 Times Seen2 Hash 5f9cadef3ac24dc1c90a406134f07426 6033d66c4a0a9b1c69f346c2eb001de0902ed17f fd5daf58b2b6b0e42f90bfe6664ac6322386c77204e7a4eead8d50f61dd7fa1b Loading...

	nmdmv.gov-ffq.win/pay/	ScriptElement	314 B	2023-03-11	2025-05-17
Pretty URL nmdmv.gov-ffq.win/pay/ IP 104.21.95.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-05-17 03:29 Times Seen3998 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	nmdmv.gov-ffq.win/pay/	ScriptElement	84 B	2023-04-07	2025-05-17
Pretty URL nmdmv.gov-ffq.win/pay/ IP 104.21.95.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-05-17 03:29 Times Seen12538 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	nmdmv.gov-ffq.win/pay/assets/B05a9PCF.js	ScriptElement	896 kB	2025-05-13	2025-05-13
Pretty URL nmdmv.gov-ffq.win/pay/assets/B05a9PCF.js IP 104.21.95.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-13 10:59 Last Seen2025-05-13 14:24 Times Seen2 Hash c6e1492532b0bf4ed146eafa0aacb941 700f5e73167fb0b1e6bb9b8ec068c09d46deb8bf 5dba9c20cbd68a4162f0fa5a5756dcce137776b9a52b200757bfc19f6ce97b30 Loading...

HTTP Transactions (21)

URL IP Response Size

nmdmv.gov-ffq.win/pay/assets/fliceXIj.js

104.21.95.56

200 OK

36 kB

URL GET
nmdmv.gov-ffq.win/pay/assets/fliceXIj.js
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (35831), with no line terminators
Size
36 kB (35832 bytes)
Hash
5f9cadef3ac24dc1c90a406134f07426
6033d66c4a0a9b1c69f346c2eb001de0902ed17f
fd5daf58b2b6b0e42f90bfe6664ac6322386c77204e7a4eead8d50f61dd7fa1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 10:59:22 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:22 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vM6LH%2F35zoll%2Bf1%2FijpqHdPLkvBDDa289S9W6YK1AMEsH1fFYCT4L7j%2FJk2QvAftk0UQ3aVG%2FRZRPZeAgzvHB1g7%2FRNTsRgc%2FXOL%2Fz3yrr74Wtts0Opkr5ohXMSKfI%2BqbgLKKg%3D%3D"}]}
cf-ray: 93f1a560deb156c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nmdmv.gov-ffq.win/pay/assets/B05a9PCF.js

104.21.95.56

200 OK

896 kB

URL GET
nmdmv.gov-ffq.win/pay/assets/B05a9PCF.js
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
JavaScript source, ASCII text, with very long lines (30744)
Size
896 kB (895945 bytes)
Hash
c6e1492532b0bf4ed146eafa0aacb941
700f5e73167fb0b1e6bb9b8ec068c09d46deb8bf
5dba9c20cbd68a4162f0fa5a5756dcce137776b9a52b200757bfc19f6ce97b30

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/B05a9PCF.js HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 10:59:22 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:22 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FN1Rqnw4ycGHuob4nxV1bWaCzHzj2244M%2FBfpCtH4JcoeH4MqftMKDLYD3c0ixypAT3cDWS8PuF6Q9ZWRfnULneEzeP1edjyFj5kY5TI7YpgOwG5XoFTD8PHRd3p%2FVQICqGT%2Bw%3D%3D"}]}
cf-ray: 93f1a560deb356c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nmdmv.gov-ffq.win/front/checkIp?token=123

104.21.95.56

200 OK

225 B

URL GET
nmdmv.gov-ffq.win/front/checkIp?token=123
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
8d9913f29e8368199e36401d911fa3d7
d1e89d0b6c5d0c9b94ceeb5ed6285af517846812
4248aa67a1e93542cf96d928a5614dad1123d6dd489b3d0a5b4292b1541389fd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nmdmv.gov-ffq.win/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 13 May 2025 10:59:24 GMT
content-type: text/plain;charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2BqoVXAVz3l%2BmeQx2ffaRWZgBskKhjcQXlusaQlPmS9SNqGmyK4vvnjr8mVHR5YR0ovhEWZwVShMaVZAAh4%2BgcTUbJNOJxraL%2Fle%2B%2BBrJwN6EZcooGjJjATuDhA3%2FY9SoXuKGA%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93f1a5693fd00b3d-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7937&min_rtt=1746&rtt_var=5444&sent=71&recv=87&lost=0&retrans=0&sent_bytes=6882&recv_bytes=5526&delivery_rate=2115&cwnd=12000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=2078&x=16"

nmdmv.gov-ffq.win/pay/assets/CnK1DPp4.jpg

104.21.95.56

200 OK

77 kB

URL GET
nmdmv.gov-ffq.win/pay/assets/CnK1DPp4.jpg
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x347, components 3
Size
77 kB (76737 bytes)
Hash
7aa613618e3312ae00420e36a61b769f
74ccde94289b0d7957d2b6d72a238a78220767a9
a1bdf5d2aa824216c4df8125308a7e5f3daea3a2ed10353191e2ee6e9c24ee78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/CnK1DPp4.jpg HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 13 May 2025 10:59:24 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GuGpxs3ZYQ%2BekW%2F%2FJj%2FBViMvvrSeBbHJDE1pIRHYnmLty8vm8XDe5VuzWXrkhnwfhFzMd39B3dq3lT4%2FDCesveZmN%2B0CYe2s3O%2FQSA5UZDu3r9yeLirLDlZnHAiDsfQ%2B6loA5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:24 GMT
cf-ray: 93f1a56b3fd50b3d-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8667&min_rtt=1746&rtt_var=7510&sent=74&recv=90&lost=0&retrans=0&sent_bytes=8391&recv_bytes=5968&delivery_rate=1498&cwnd=12000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=2601&x=16"

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXo.woff2

142.250.74.35

200 OK

42 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 42216, version 1.0
Size
42 kB (42216 bytes)
Hash
717858b67da6c66d57ac566268249be6
a631cee1463a6752d66e4dd835aad8d86728d6a2
c83ff176d8611bf6de41cb0c922ea8ce5484037f818166cd69c990bca2b212f4

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 42216
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 May 2025 19:20:05 GMT
expires: Thu, 07 May 2026 19:20:05 GMT
cache-control: public, max-age=31536000
age: 488359
last-modified: Wed, 06 Nov 2024 17:30:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXw.woff

142.250.74.35

200 OK

53 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXw.woff
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format, TrueType, length 52688, version 1.1
Size
53 kB (52688 bytes)
Hash
14bcca3e3400946da2b6786adebef647
4ccba4807a8d78feb2dc996bdd182a7ce7224311
ee9042c24901e83d1cffea3826bc84bb01a3d2592397efad13973ddfb31c0a3d

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw3aXw.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 52688
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 May 2025 09:36:00 GMT
expires: Fri, 08 May 2026 09:36:00 GMT
cache-control: public, max-age=31536000
age: 437004
last-modified: Wed, 06 Nov 2024 17:30:47 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.dot.nm.gov/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff

3.167.2.50

200 OK

92 kB

URL GET
www.dot.nm.gov/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff
IP
3.167.2.50:443
ASN
#0

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerAmazon
Subjectdot.nm.gov
Fingerprint74:1A:6A:BD:D3:EC:D5:8D:13:92:F2:24:FD:83:CB:E0:79:79:19:E2
ValiditySun, 18 Aug 2024 00:00:00 GMT - Tue, 16 Sep 2025 23:59:59 GMT

File type
Web Open Font Format, TrueType, length 92084, version 2.4
Size
92 kB (92084 bytes)
Hash
4f7c51948ce1b802a13ebbccec151d0c
5b1d3cd0929108da4b6334c4a487db08c9520f1d
fe67b77ac7e0ef4b482dafb86adfa403db1b89a2f337d2dc8bd1278cfe975196

HTTP Headers

GET /wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff HTTP/1.1
Host: www.dot.nm.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff
content-length: 92084
server: Apache
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: *
date: Mon, 12 May 2025 19:17:33 GMT
etag: "167b4-627cb5af77fa4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7bc180ff569f641823300f4c342cb63a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: nWUUM8CU8oMb2cMq3WyrbgTlfOBdJgC1uiwktZwQphW9UvWf9QZaCg==
age: 56511
X-Firefox-Spdy: h2

nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff2?v=67

104.21.95.56

404 Not Found

0 B

URL GET
nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 13 May 2025 10:59:24 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Z9Q%2Fw2blzoNzFTTYE6WVH9i4w1CVQI9Eb%2BEZNyGRmrzFJOJWU5p%2B88FUK8cLSntiV%2FwTIyj1kfT2TrI7Nm4gzZqE%2BSsdt03oYbAOhI4PJcN3ILREEZc%2BweN5F%2FAjxVZ63g%2FLg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 93f1a56c3fdb0b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9625&min_rtt=1746&rtt_var=7459&sent=73&recv=89&lost=0&retrans=0&sent_bytes=7787&recv_bytes=5923&delivery_rate=2053&cwnd=12000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=2541&x=16"

nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff2?v=67

104.21.95.56

404 Not Found

0 B

URL GET
nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 13 May 2025 10:59:24 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PkiycH6g1IjuQmeIyjtgbYUnYeGS4emm%2FLscXth2wdY1S5f3O4Mrp4nSEPp0HJfu9sbz3d368kV9k8YFn%2Fg4utl1TCITLye9bBdxL9jUWtPKy0Z2N8S01fetcRT5LqCUwdhgsA%3D%3D"}],"group":"cf-nel","max_age":604800}
age: 0
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93f1a570eff00b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5261&min_rtt=1265&rtt_var=5609&sent=142&recv=97&lost=0&retrans=0&sent_bytes=86413&recv_bytes=6898&delivery_rate=29592591&cwnd=48000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=2917&x=16"

nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff?v=67

104.21.95.56

404 Not Found

0 B

URL GET
nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 13 May 2025 10:59:25 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dL%2FqEjJXhQK4ODI%2BJawe3v%2F%2FzwcxxzXIKiFP8mgi%2F7xGW1ldf5TGwuQ6Aro20Mn8Qg78F9JsawMwLF4WqRjIAC9cRCIT6s5oMQwTTzpr%2BAWuu%2BIDW9Fs6O0EqvafgtWWoJHz%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
age: 0
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93f1a5710ff10b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6246&min_rtt=1265&rtt_var=6177&sent=145&recv=99&lost=0&retrans=0&sent_bytes=87638&recv_bytes=7294&delivery_rate=19437&cwnd=48000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=3046&x=16"

nmdmv.gov-ffq.win/pay/favicon.png

104.21.95.56

200 OK

957 B

URL GET
nmdmv.gov-ffq.win/pay/favicon.png
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
957 B (957 bytes)
Hash
b09bab828d0c43c52e3372a9c4e0a8ca
9c891b797781997dcb342b45dbc811cbfb48a6a9
4a94d5353b7755d99075102f8020da37db6386e72eb012b2a79719aea7889bc2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/favicon.png HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 13 May 2025 10:59:25 GMT
content-type: image/png
content-length: 957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0cd5sw%2BCVUgWwqiaGxndEpHFUXzJ9E42ZEN2s2vqhdnKsYFOZx9%2BkK7NkwKOXXcFGzev47hohl5nCEzgTasfUyINKyNASpjBybOCNoIy%2FxIE7JuqhosK3DU88gqxAEuaeIxFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:25 GMT
cf-ray: 93f1a5728ffe0b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5388&min_rtt=1265&rtt_var=4902&sent=149&recv=103&lost=0&retrans=0&sent_bytes=88897&recv_bytes=8008&delivery_rate=1457&cwnd=48000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=3543&x=16"

nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css

104.21.95.56

200 OK

750 kB

URL GET
nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
Unicode text, UTF-8 text, with very long lines (36407), with CRLF, LF line terminators
Size
750 kB (750529 bytes)
Hash
75d088caf23e2081b59151c5346ecbda
8a479f9a4a3f95211d0124e5eeed07ba4253d579
4d30ee32d58b56b0fdc76080a799eae907518eeaa790b8410ead29fcdcc4f20b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/D6Gm6dl_.css HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 10:59:22 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:22 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WbqdZldWlm4JanaSogl%2BDCqoA8yVV5H19T%2BsEzHadFiaib7VT38OVMYJ4WRe7bgEExHy5VKE%2BQPT4ASkkxkgeEXVd4e9yoi%2BfqdkGD%2FMux4JTA18ilpaooyCirOyxNKqXaZj4Q%3D%3D"}]}
cf-ray: 93f1a560eebe56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr73w3aXo.woff2

142.250.74.35

200 OK

44 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr73w3aXo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43804, version 1.0
Size
44 kB (43804 bytes)
Hash
0d884ffb852b08a520578be89c42bdd6
f8bdda8c97665704ba0465324c1aa5196f93d18d
0e5b4643dcc42154130c3ebcb95da980bd3c93852468ab3857167a6644ec7a97

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr73w3aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 May 2025 14:31:39 GMT
expires: Sat, 09 May 2026 14:31:39 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Nov 2024 17:30:45 GMT
content-type: font/woff2
age: 332865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff?v=67

104.21.95.56

404 Not Found

0 B

URL GET
nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 13 May 2025 10:59:25 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AxCEWxEL4Hzk2Jk7oSMEZRrHXlQ7dDAnL%2FB1pEvyZ5%2B%2Fzb2xMqBQPujifmtYZSoTtOo%2F5%2FJmMXWsyhNBNrwY%2BwTfsVWSBDo3QASItIfR2fG6QDumZJRzDYOqFechJU88V9SSlg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 93f1a56f1fe60b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6246&min_rtt=1265&rtt_var=6177&sent=144&recv=99&lost=0&retrans=0&sent_bytes=87034&recv_bytes=7294&delivery_rate=19437&cwnd=48000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=3040&x=16"

fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w3aXo.woff2

142.250.74.35

200 OK

43 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w3aXo.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43004, version 1.0
Size
43 kB (43004 bytes)
Hash
90dd106c2de7bd0c95405981d00c29fb
7648647d63e30b3e68c34cae71cdba55e763b6ab
355e0ec2c5dcaf6855e1d1a97c073dc07b3789f515701e9a9f39eb3643b91e1a

HTTP Headers

GET /s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w3aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43004
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 May 2025 03:05:42 GMT
expires: Sat, 09 May 2026 03:05:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Nov 2024 17:30:47 GMT
content-type: font/woff2
age: 374022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wss://nmdmv.gov-ffq.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzY5ODl9.SO5Xb2wLWeAGbC573pMOve0f_bQzI4UuHEHp6P-nevw

104.21.95.56

101

0 B

URL GET
wss://nmdmv.gov-ffq.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzY5ODl9.SO5Xb2wLWeAGbC573pMOve0f_bQzI4UuHEHp6P-nevw
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzY5ODl9.SO5Xb2wLWeAGbC573pMOve0f_bQzI4UuHEHp6P-nevw HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://nmdmv.gov-ffq.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WPlzghqC7KmRHXEqrreREw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Tue, 13 May 2025 10:59:24 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: LtHkffyY79Xd0PaLNpIKAwZEsug=
Sec-Websocket-Extensions: permessage-deflate
Cf-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bll5np2aq1Bhz4TDKfyZKGK5jMxpxa%2Fev6Kj5q58dDVHHr3uFXx%2BcdcNuqPN9XuAq6B2Bsnm4Kz6dhHvU7H8%2BiECvFD2jpt6aaVYBk0A99hJyT1WBDydLJ7LQIVQgFH1M3GmVw%3D%3D"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Cf-Ray: 93f1a56ce81e569a-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=488&min_rtt=477&rtt_var=119&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3109&recv_bytes=1256&delivery_rate=8196226&cwnd=252&unsent_bytes=0&cid=16d47ab71a92cf60&ts=453&x=0"

nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.ttf?v=67

104.21.95.56

404 Not Found

0 B

URL GET
nmdmv.gov-ffq.win/pay/Resource/MaterialIcons-Regular.ttf?v=67
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/assets/D6Gm6dl_.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 13 May 2025 10:59:25 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ODuDkIcmIlZPsIHJOU19d7l8nh3fYawYb2XS8NJvvmgP%2F1JEzcoZ%2B1hVigJgYEASYxUqy38OxvNmAFRDWG6n1Ud8Wj%2Fgch%2BVLIJ%2FzwrP3TauPXcVSejSEhAXlFvOkd91x8doxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 93f1a571eff90b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5670&min_rtt=1265&rtt_var=5785&sent=148&recv=102&lost=0&retrans=0&sent_bytes=88295&recv_bytes=7963&delivery_rate=144846&cwnd=48000&unsent_bytes=0&cid=cae3f9eed83736a0&ts=3453&x=16"

nmdmv.gov-ffq.win/pay/

104.21.95.56

200 OK

2.7 kB

URL User Request GET
nmdmv.gov-ffq.win/pay/
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
c6b4e0beed8c0aa82d95f6e1736f7163
d9d9f2449496185ae582316efcdd614c61362dc3
b93cd28d08944dcc859118f37e032fc1186b37cb512890f3c87a5e3185e64527

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/ HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 10:59:22 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CyxcTETYLmRvPugF1tCsJeDVf0QBbYPOadSQP4e%2FukflI0RhvxXhfeaNcdRAgCbg33mMjsFSDPoHEmdxgKeptrw1KmANLVf9gV4rZpq07XYJTp5JMjnYpVJ3knAIZ5gwxa0%2B1A%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93f1a55bbdc356c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nmdmv.gov-ffq.win/pay/assets/BHcjXi3x.gif

104.21.95.56

200 OK

60 kB

URL GET
nmdmv.gov-ffq.win/pay/assets/BHcjXi3x.gif
IP
104.21.95.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-ffq.win
Fingerprint0A:0B:5D:BF:CF:C0:07:BD:CD:6C:C9:31:BE:DD:7C:48:70:9A:F9:3E
ValidityMon, 12 May 2025 10:10:23 GMT - Sun, 10 Aug 2025 11:09:10 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: nmdmv.gov-ffq.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 13 May 2025 10:59:22 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 13 May 2025 10:59:22 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DXQGqSwQ414PvHoDheYJN1WRX2I5llvsihX6SGZ0LHQ9BqmeA9Fq9bQhlOYowqvbobHV2e%2BF%2Bw3Mb77z4X76%2FatJqXjEm8KHIZMqyEOMKCQNw%2Bq8aqHt6f3ynFO3%2FxZkAB555A%3D%3D"}]}
cf-ray: 93f1a560eecf56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.dot.nm.gov/wp-content/uploads/2025/01/nmdotIdentityAllWhite-1280x440.png

3.167.2.50

200 OK

131 kB

URL GET
www.dot.nm.gov/wp-content/uploads/2025/01/nmdotIdentityAllWhite-1280x440.png
IP
3.167.2.50:443
ASN
#0

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerAmazon
Subjectdot.nm.gov
Fingerprint74:1A:6A:BD:D3:EC:D5:8D:13:92:F2:24:FD:83:CB:E0:79:79:19:E2
ValiditySun, 18 Aug 2024 00:00:00 GMT - Tue, 16 Sep 2025 23:59:59 GMT

File type
PNG image data, 1280 x 440, 8-bit/color RGBA, non-interlaced
Size
131 kB (131319 bytes)
Hash
2883db6fb091a1bb620f145c952af88a
a250661a5138afc8b8bea8e500d968a32ce9d1c8
bcba7535f4efabc1641a3e29eb382acf13054daa779ce0d1bc0940c9ca2e6a71

HTTP Headers

GET /wp-content/uploads/2025/01/nmdotIdentityAllWhite-1280x440.png HTTP/1.1
Host: www.dot.nm.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 131319
server: Apache
last-modified: Wed, 22 Jan 2025 17:38:47 GMT
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Tue, 13 May 2025 10:55:04 GMT
etag: "200f7-62c4ef73879ec"
x-cache: Hit from cloudfront
via: 1.1 c99d057689db169d0b27b6e562e255c2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: Bleus1mt7-q2xRkoEoJzX5MJuTAP9sJxVWfCcltfUiZ4CAueJuzrMg==
age: 260
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v29/JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq6R9WXZ0pg.woff2

142.250.74.35

200 OK

44 kB

URL GET
fonts.gstatic.com/s/montserrat/v29/JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq6R9WXZ0pg.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://nmdmv.gov-ffq.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43940, version 1.0
Size
44 kB (43940 bytes)
Hash
f0d279d3722ac8f1c03edeb162381705
84425705e949932efea47296ad175fb5a2bde952
def83959418a89ccc48ce632e40fe0cda1809841063eadfb30d4e94025364320

HTTP Headers

GET /s/montserrat/v29/JTUFjIg1_i6t8kCHKm459Wx7xQYXK0vOoz6jq6R9WXZ0pg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nmdmv.gov-ffq.win
DNT: 1
Connection: keep-alive
Referer: https://nmdmv.gov-ffq.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 43940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 May 2025 08:35:26 GMT
expires: Sat, 09 May 2026 08:35:26 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 06 Nov 2024 17:30:55 GMT
content-type: font/woff2
age: 354238
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections