Report - mydmv.gov-oe.xin/pay/

Report Overview

Visited public
2025-05-06 14:31:22
Tags
phishing
URL
mydmv.gov-oe.xin/pay/
Finishing URL
mydmv.gov-oe.xin/pay/
IP / ASN
104.21.96.1
#13335 CLOUDFLARENET
Title
MyDMV
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	unknown	No data	No data	455 B	7.1 kB	142.250.178.99
mydmv.gov-oe.xin	unknown	unknown	No data	No data	6.7 kB	5.2 MB	104.21.16.1
mydmv.revenue.alabama.gov	unknown	unknown	No data	No data	1.8 kB	32 kB	170.10.106.56

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	mydmv.gov-oe.xin/pay/assets/fliceXIj.js	ScriptElement	37 kB	2025-05-06	2025-06-17
Pretty URL mydmv.gov-oe.xin/pay/assets/fliceXIj.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 14:31 Last Seen2025-06-17 23:08 Times Seen4 Hash db3a7c800f762594e613b482134e8566 ba0f23aea3c7a65326a2f21d30b139ee9cfb1f4d c0d22c23ff406a9761d70ff176215a9c1523389f9fa207b536271fcdc6cf8263 Loading...

	mydmv.gov-oe.xin/pay/	ScriptElement	314 B	2023-03-11	2025-06-25
Pretty URL mydmv.gov-oe.xin/pay/ IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-06-25 06:18 Times Seen6817 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	mydmv.gov-oe.xin/pay/	ScriptElement	84 B	2023-04-07	2025-06-25
Pretty URL mydmv.gov-oe.xin/pay/ IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-25 06:18 Times Seen15363 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	mydmv.gov-oe.xin/pay/assets/F4mDo4fx.js	ScriptElement	798 kB	2025-05-06	2025-06-17
Pretty URL mydmv.gov-oe.xin/pay/assets/F4mDo4fx.js IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 14:31 Last Seen2025-06-17 23:08 Times Seen4 Hash f02fe9e544214e85c293f0261f27393d 0edea102f98223dacb926d8453146b1e229bbcce c19b3a244dabd40a6b17588a545c4a56c1447a49f5049efb06317f88f3097b1d Loading...

HTTP Transactions (19)

URL IP Response Size

GET mydmv.gov-oe.xin/pay/assets/fliceXIj.js

104.21.16.1

200 OK

37 kB

URL GET
mydmv.gov-oe.xin/pay/assets/fliceXIj.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36620), with no line terminators
Size
37 kB (36621 bytes)
Hash
db3a7c800f762594e613b482134e8566
ba0f23aea3c7a65326a2f21d30b139ee9cfb1f4d
c0d22c23ff406a9761d70ff176215a9c1523389f9fa207b536271fcdc6cf8263

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 14:31:01 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 14:31:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Gytn8uJBl5zDUAfqDLZkZkOMrysZkwoGiJWjc9gmHzfsTrwP9TULAjjm0kXBX4gaq7VTsaY6UajXPGCbqAlDmrpLEY9QFnHomkkRParYSfeXqfR9kGVZxlobtbvFfBdwF%2BXX"}]}
cf-ray: 93b92dc8b948b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css

104.21.16.1

200 OK

979 kB

URL GET
mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
Unicode text, UTF-8 text, with very long lines (50752)
Size
979 kB (979358 bytes)
Hash
9cff49cd5f81940f7d09a911fc99f06d
3df090ed5f6fdbbc3ddccabb9ca8e784a55e958a
65a073e7dcf9e3ba637220a2127aa57c49335aab9f77757f2474c63f28180a04

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/DN1KWBc9.css HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 14:31:01 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 14:31:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gK5VsZ73%2F33ThPhHIJkLFOT1ND7b%2Bf4AalrGLdrm%2BXALHaqUeVzotS0qsLwRepbh8ApZsbxzygf9ZMXKvlUjq%2B25NHM8XLZsbg4%2Bj0fy7YArxYIM1kfcNqykJnop5nVXzEnW"}]}
cf-ray: 93b92dc8b955b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.ttf?v=220919

104.21.16.1

404 Not Found

0 B

URL GET
mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.ttf?v=220919
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.ttf?v=220919 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 14:31:03 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Uk4xw79L36zi20sLtE%2FihvhRfX1ZrW%2Fp9%2BFw0w%2BLhGWgfQbizt%2Bd0bnhheruMgHxzIZMyz9eWMHtfr7HBBzw6EyAYzUJ28qYyQC%2BvXWXHFMg3zJHTSVjB%2FRiuOplrg%2Bs6H2"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: EXPIRED
cf-ray: 93b92dd708458477-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21256&min_rtt=19993&rtt_var=1141&sent=3179&recv=72&lost=299&retrans=299&sent_bytes=3751749&recv_bytes=6326&delivery_rate=42657&cwnd=268670&unsent_bytes=0&cid=35d104b0e5c7f838&ts=2820&x=16"

GET mydmv.gov-oe.xin/front/checkIp?token=123

104.21.16.1

200 OK

225 B

URL GET
mydmv.gov-oe.xin/front/checkIp?token=123
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
42a9108562486fcfc0cba068242e6ee6
b17c6568789066ae7511062cdc7786b678410ac4
031240e353ffd54afc0397d7d59b997a6287e77a24e978509b780fded60b1f91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mydmv.gov-oe.xin/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 14:31:02 GMT
content-type: text/plain;charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ryR9DuM3P1v8SF1VCSFcI7KKIVtKAnfZYoryFF2j0ZyctsdUJN3buwnrb8g6Fr3O97b8oWbWWAeXA5R8vCMzh%2FfQozYEiRsGIWZ%2BJu6wTlc0jgD2C66Ft5i2h8auKfn8waY"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93b92dceeeb08477-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23965&min_rtt=19993&rtt_var=9764&sent=25&recv=27&lost=0&retrans=0&sent_bytes=4437&recv_bytes=2150&delivery_rate=1298&cwnd=12000&unsent_bytes=0&cid=35d104b0e5c7f838&ts=1523&x=16"

GET mydmv.revenue.alabama.gov/TAP/Resource/Images/blank.gif

170.10.106.56

200 OK

43 B

URL GET
mydmv.revenue.alabama.gov/TAP/Resource/Images/blank.gif
IP
170.10.106.56:443
ASN
#12171 FASTENTERPRISES

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGlobalSign nv-sa
Subject*.mydmv.revenue.alabama.gov
Fingerprint4B:DB:DB:CE:3F:7D:BD:6A:B0:98:D5:1F:90:22:0C:9A:EE:DD:E0:C3
ValidityWed, 04 Dec 2024 16:11:09 GMT - Mon, 05 Jan 2026 16:11:08 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /TAP/Resource/Images/blank.gif HTTP/1.1
Host: mydmv.revenue.alabama.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 May 2025 14:31:02 GMT
Cache-Control: max-age=28800, private
ETag: "2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A"
Expires: Tue, 06 May 2025 22:31:03 GMT
Last-Modified: Tue, 06 May 2025 00:08:25 GMT
Set-Cookie: wlb-tap-token=wchFVc2cMN3U+KceD+gn8w; path=/TAP/; HttpOnly; SameSite=lax; Partitioned; Secure;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Fast-WDC-Response: 1
X-Frame-Options: DENY
Server-Timing: wdc;dur=0, wlb;dur=0, wlb;dur=0
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google.com/ https://*.gstatic.com/ https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' *.google.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com; object-src  'none'; frame-ancestors 'none';

GET mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff?v=220919

104.21.16.1

404 Not Found

0 B

URL GET
mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff?v=220919
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff?v=220919 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 14:31:03 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzZrGwARiBEFf4wI11fePyDyO2cMDXO6qpVmb20MVn9Uet5Fss%2BRBHFSG1geZQIbiEQ9ppC4aa1kxB8YObWaTVHNJIxWeVWuSz43yYhQClnO4Y%2Fe%2FOivwR3ajsZ%2FGdXJi9gc"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: EXPIRED
cf-ray: 93b92dd5a8038477-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21597&min_rtt=19993&rtt_var=977&sent=3177&recv=69&lost=299&retrans=299&sent_bytes=3751122&recv_bytes=5878&delivery_rate=2189&cwnd=268670&unsent_bytes=0&cid=35d104b0e5c7f838&ts=2586&x=16"

GET mydmv.gov-oe.xin/pay/assets/F4mDo4fx.js

104.21.16.1

200 OK

798 kB

URL GET
mydmv.gov-oe.xin/pay/assets/F4mDo4fx.js
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31090)
Size
798 kB (797527 bytes)
Hash
f02fe9e544214e85c293f0261f27393d
0edea102f98223dacb926d8453146b1e229bbcce
c19b3a244dabd40a6b17588a545c4a56c1447a49f5049efb06317f88f3097b1d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/F4mDo4fx.js HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 14:31:01 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 14:31:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mbkEwZfuuWFuUpTHYnIRpLYHztSz1K5R%2FyJP%2FfOyTk98MQqgBUXHoA4Q9SEjKw%2FvrEgTcnIsXSqzfrLI9UC%2FzuljjjrPQ5qgjdLkiEpo5ErwyMxq27WcOc3%2Froxk73IF1jyn"}]}
cf-ray: 93b92dc8b953b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mydmv.gov-oe.xin/pay/assets/BHcjXi3x.gif

104.21.16.1

200 OK

60 kB

URL GET
mydmv.gov-oe.xin/pay/assets/BHcjXi3x.gif
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 14:31:01 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 06 May 2025 14:31:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4DWim8lyBZoPS6E%2F1SQECM7AwFyYqQ5tgL%2Bq%2BhJS2aysE49hSf4BNSaRvHX9b4%2FRtFqWPvhk64TXFTQSzYQTXE5LmyIAGTJNbahZxDTOM4gKeJcT6NsIDEuBZfn173yctkg8"}]}
cf-ray: 93b92dc8b959b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mydmv.gov-oe.xin/pay/assets/C0f4R_jQ.jpg

104.21.16.1

200 OK

3.1 MB

URL GET
mydmv.gov-oe.xin/pay/assets/C0f4R_jQ.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 6808x3656, components 3
Size
3.1 MB (3138349 bytes)
Hash
13cf0940d3bab4b396b58898e59a90d8
53dd6cce51841ab358725b3b629a9e21f63edbca
043e4a73fd6543b4ce1e3fee9d26ca6c5113a70eb950a226890f60b0f4f50cd6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/C0f4R_jQ.jpg HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 14:31:02 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6PCnJONU8jYuURNqvnx%2BRpsqXbDeatGz%2Bv6aNz36ePw6zmTGOBM7mTjQBKiznbwJDQse8SUZK7dOf39c0NMCIAOTKVlsK%2F%2FlW9AsDl980HQO1VFTb962HWAPSBUw%2FuwkNtpp"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
age: 6681
cache-control: max-age=14400
cf-cache-status: HIT
last-modified: Tue, 06 May 2025 12:39:40 GMT
cf-ray: 93b92dd0cf088477-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23936&min_rtt=19993&rtt_var=7382&sent=29&recv=31&lost=0&retrans=0&sent_bytes=5383&recv_bytes=3115&delivery_rate=3521&cwnd=12000&unsent_bytes=0&cid=35d104b0e5c7f838&ts=1636&x=16"

GET mydmv.gov-oe.xin/pay/assets/kAwBdRge.woff2

104.21.16.1

200 OK

128 kB

URL GET
mydmv.gov-oe.xin/pay/assets/kAwBdRge.woff2
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/kAwBdRge.woff2 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 14:31:02 GMT
content-type: application/octet-stream
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BY%2B2%2B442yrvDjj7DTJoXsVmA5wFNbQDDkkIb01PczBQXgwYx1oiycFXE3cn1JwPouRmDPOYk6XDvWrLfFKVjosKODPZoQMegSDrsH0Rk3V6Qp7sSd5%2BS0Iy6eEHnW2iRwNK"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Tue, 06 May 2025 14:31:02 GMT
cf-ray: 93b92dd0df0e8477-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24162&min_rtt=19993&rtt_var=4072&sent=1002&recv=39&lost=62&retrans=62&sent_bytes=1163383&recv_bytes=3476&delivery_rate=213591&cwnd=372330&unsent_bytes=0&cid=35d104b0e5c7f838&ts=1828&x=16"

GET wss://mydmv.gov-oe.xin/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NjA3NTl9.DLx_ILPyd7ZqWmO8uqXyTFo4qAmgEG6yRM7La6TrGs0

104.21.16.1

101

0 B

URL GET
wss://mydmv.gov-oe.xin/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NjA3NTl9.DLx_ILPyd7ZqWmO8uqXyTFo4qAmgEG6yRM7La6TrGs0
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NjA3NTl9.DLx_ILPyd7ZqWmO8uqXyTFo4qAmgEG6yRM7La6TrGs0 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://mydmv.gov-oe.xin
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5e8qJskBZLWB5SG1qUqVAQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Tue, 06 May 2025 14:31:02 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: WmmH+tgKDcfEAoForr+vz7tCtLQ=
Sec-Websocket-Extensions: permessage-deflate
Cf-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxvtWnGTiQQv0REpSHL6fM537xHPhjibfHixd%2F3oaHXBTNDSbQcGlRcZDf53EqizXytCpOEupoPV4%2BpdxfIaCZJNTd3TMvnGkDYkdRPGI%2BMuAMtyrcm9DihPM7kaypNsaozy"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Cf-Ray: 93b92dd22e055925-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19634&min_rtt=19606&rtt_var=4163&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3109&recv_bytes=1254&delivery_rate=220787&cwnd=127&unsent_bytes=0&cid=260a7542346fb989&ts=230&x=0"

GET mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff2?v=220919

104.21.16.1

404 Not Found

0 B

URL GET
mydmv.gov-oe.xin/pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff2?v=220919
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/Fonts/MaterialIcons/MaterialIcons-Regular.woff2?v=220919 HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/assets/DN1KWBc9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 May 2025 14:31:03 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q94MJ%2B7nC0uh8jp8uB6uXVIa9Kj9P4UuWNFGbBsGFkg2AC6nwjqZZmDaz3A1NzkgamEH%2F7NJlnEKL4g4F7IloA4EKlyz1z3Ibf0%2B3p8n8kgxmWwrwn3p3Z9%2BuD8rbWLjYHY9"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: EXPIRED
cf-ray: 93b92dd43fa98477-AMS
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21632&min_rtt=19993&rtt_var=1210&sent=3172&recv=66&lost=299&retrans=299&sent_bytes=3749627&recv_bytes=5186&delivery_rate=5727633&cwnd=268670&unsent_bytes=0&cid=35d104b0e5c7f838&ts=2360&x=16"

GET mydmv.gov-oe.xin/pay/

104.21.16.1

200 OK

2.7 kB

URL User Request GET
mydmv.gov-oe.xin/pay/
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
a1a2f825cd2b1b5497259912010bbac9
b1610b632b123b0a1956ba23d64f92734a245d9e
1f7977ea1ea5a16ab0c9cb798a4242d8cf8a4dc55376a051d2cc3747912d4835

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/ HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 06 May 2025 14:31:00 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=eNBg1KWKBjlPZfY0Czfewa9eegRpIrzTWQXLy713CTjDmbYXISc64RfUaoLEeY4aDYSv3vavAl4KVsz7yfeN%2Bo3zroXvoVScilhCD6QJ00nMDhPmTOEAgp3%2FHfdtc8yuQhKZ"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93b92dc4ab9bb51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mydmv.revenue.alabama.gov/TAP/Image/ENG/AA.ADORLogo.svg

170.10.106.56

200 OK

26 kB

URL GET
mydmv.revenue.alabama.gov/TAP/Image/ENG/AA.ADORLogo.svg
IP
170.10.106.56:443
ASN
#12171 FASTENTERPRISES

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGlobalSign nv-sa
Subject*.mydmv.revenue.alabama.gov
Fingerprint4B:DB:DB:CE:3F:7D:BD:6A:B0:98:D5:1F:90:22:0C:9A:EE:DD:E0:C3
ValidityWed, 04 Dec 2024 16:11:09 GMT - Mon, 05 Jan 2026 16:11:08 GMT

File type
SVG Scalable Vector Graphics image
Size
26 kB (25644 bytes)
Hash
5f23d4997a73f58a92fcce06539c3ae4
c28d851cb4c64f2f1d56d0898786d06928000299
577964163798598e64e1dccc96077c05938a1d2f440e6ca470c18258b8e0eb6b

HTTP Headers

GET /TAP/Image/ENG/AA.ADORLogo.svg HTTP/1.1
Host: mydmv.revenue.alabama.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 9054
Content-Type: image/svg+xml
Date: Tue, 06 May 2025 14:31:02 GMT
Cache-Control: max-age=28800, private
Content-Encoding: br
Expires: Tue, 06 May 2025 22:31:03 GMT
Last-Modified: Tue, 06 May 2025 00:08:25 GMT
Set-Cookie: wlb-tap-token=G9F517pGZt066RaVBLKgsQ; path=/TAP/; HttpOnly; SameSite=lax; Partitioned; Secure;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Fast-WDC-Response: 1
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google.com/ https://*.gstatic.com/ https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' *.google.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com; object-src  'none'; frame-ancestors 'none';

GET mydmv.revenue.alabama.gov/TAP/Image/ENG/AAContact.svg

170.10.106.56

200 OK

324 B

URL GET
mydmv.revenue.alabama.gov/TAP/Image/ENG/AAContact.svg
IP
170.10.106.56:443
ASN
#12171 FASTENTERPRISES

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGlobalSign nv-sa
Subject*.mydmv.revenue.alabama.gov
Fingerprint4B:DB:DB:CE:3F:7D:BD:6A:B0:98:D5:1F:90:22:0C:9A:EE:DD:E0:C3
ValidityWed, 04 Dec 2024 16:11:09 GMT - Mon, 05 Jan 2026 16:11:08 GMT

File type
SVG Scalable Vector Graphics image
Size
324 B (324 bytes)
Hash
97866ec4329bc0bd9cfb8350facc1ff7
984a748be8d0ea470920803e111ccc884ab79291
d916749a59b47f41d3aa3b8de2ff342eb0b052e183c19d08796ffbc14f0e8eee

HTTP Headers

GET /TAP/Image/ENG/AAContact.svg HTTP/1.1
Host: mydmv.revenue.alabama.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 220
Content-Type: image/svg+xml
Date: Tue, 06 May 2025 14:31:02 GMT
Cache-Control: max-age=28800, private
Content-Encoding: br
Expires: Tue, 06 May 2025 22:31:03 GMT
Last-Modified: Tue, 06 May 2025 00:08:25 GMT
Set-Cookie: wlb-tap-token=1sNaVfDJrFru4bc2KBXGig; path=/TAP/; HttpOnly; SameSite=lax; Partitioned; Secure;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Fast-WDC-Response: 1
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google.com/ https://*.gstatic.com/ https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' *.google.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com; object-src  'none'; frame-ancestors 'none';

GET mydmv.revenue.alabama.gov/TAP/Image/ENG/AALogon.svg

170.10.106.56

200 OK

274 B

URL GET
mydmv.revenue.alabama.gov/TAP/Image/ENG/AALogon.svg
IP
170.10.106.56:443
ASN
#12171 FASTENTERPRISES

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGlobalSign nv-sa
Subject*.mydmv.revenue.alabama.gov
Fingerprint4B:DB:DB:CE:3F:7D:BD:6A:B0:98:D5:1F:90:22:0C:9A:EE:DD:E0:C3
ValidityWed, 04 Dec 2024 16:11:09 GMT - Mon, 05 Jan 2026 16:11:08 GMT

File type
SVG Scalable Vector Graphics image
Size
274 B (274 bytes)
Hash
edd794e32cdad5c9f1f433e806bde287
e37b057308b1b597f014fa9c3205e21c59bbef70
2aa2621a36e3f0e53570209cee8793d7f1c27d20597446bce76d4ee330563769

HTTP Headers

GET /TAP/Image/ENG/AALogon.svg HTTP/1.1
Host: mydmv.revenue.alabama.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 194
Content-Type: image/svg+xml
Date: Tue, 06 May 2025 14:31:02 GMT
Cache-Control: max-age=28800, private
Content-Encoding: br
Expires: Tue, 06 May 2025 22:31:03 GMT
Last-Modified: Tue, 06 May 2025 00:08:25 GMT
Set-Cookie: wlb-tap-token=F9sgMT+MW29rLNR4aJ0dxA; path=/TAP/; HttpOnly; SameSite=lax; Partitioned; Secure;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Fast-WDC-Response: 1
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; script-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google.com/ https://*.gstatic.com/ https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' *.google.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com; object-src  'none'; frame-ancestors 'none';

GET mydmv.gov-oe.xin/pay/assets/BHS-ZI4W.jpg

104.21.16.1

200 OK

57 kB

URL GET
mydmv.gov-oe.xin/pay/assets/BHS-ZI4W.jpg
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x358, components 3
Size
57 kB (56649 bytes)
Hash
837840fa375cfd2ece1c9351e884e299
d0dd483b95c6bcf024ee5bc8bcadcf9c1606f52c
12f5d35e2fbc215201257f9f0f08fa22b7eefbb9b8612a95fb3029a14de744be

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHS-ZI4W.jpg HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 14:31:02 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ggKpxQ5Yw4pXDrFQqkgL5%2BMhyJv6n%2FAxJxyJ5C7sYTXsTOpbG9urJwiLNGA1nnAYaQYsNDJlEeMLrvPB2gGrpYaGLynvGQvc65qcwPSbcVS9I2v%2FHhoSn1Zf0mFsYy%2B7g2mp"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 6682
last-modified: Tue, 06 May 2025 12:39:40 GMT
cf-ray: 93b92dd0df0b8477-AMS
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=23936&min_rtt=19993&rtt_var=7382&sent=40&recv=31&lost=0&retrans=0&sent_bytes=17383&recv_bytes=3115&delivery_rate=3521&cwnd=12000&unsent_bytes=0&cid=35d104b0e5c7f838&ts=1643&x=16"

GET fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.178.99

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 May 2025 20:18:49 GMT
expires: Sun, 03 May 2026 20:18:49 GMT
cache-control: public, max-age=31536000
age: 238334
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mydmv.gov-oe.xin/pay/favicon.ico

104.21.16.1

200 OK

446 B

URL GET
mydmv.gov-oe.xin/pay/favicon.ico
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mydmv.gov-oe.xin/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-oe.xin
FingerprintB0:A6:7C:89:7F:0E:EF:73:CB:FD:19:BD:2D:DC:F5:64:9C:69:68:31
ValidityMon, 05 May 2025 10:32:45 GMT - Sun, 03 Aug 2025 11:31:11 GMT

File type
data
Size
446 B (446 bytes)
Hash
7e6fa9a8e35d25bbffd601bcec23f03c
12fb906fa79c0ee023250dc29ae6139fe3039561
24b5dcfaf0c8eb21056ca22cd3384c7a5246c3ab8ddecc0f7bdddaf1dcb8476a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/favicon.ico HTTP/1.1
Host: mydmv.gov-oe.xin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mydmv.gov-oe.xin/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 May 2025 14:31:03 GMT
content-type: image/vnd.microsoft.icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZWAmpU%2FY8htLnAeHanWHEdJ6PVVaTgNAMlWzWAwLySzd7Hm07CrCuKXt3RGnHuJHxvofaqWeUjI29V7lz4%2F6MR2vMPCrojJzk%2FmSCUUBbm2xE%2F6BMtwkBoU3ajSIRjP7Fbi"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: HIT
age: 6683
last-modified: Tue, 06 May 2025 12:39:40 GMT
content-encoding: br
cf-ray: 93b92dd6b8368477-AMS
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21597&min_rtt=19993&rtt_var=977&sent=3175&recv=69&lost=299&retrans=299&sent_bytes=3750283&recv_bytes=5878&delivery_rate=2189&cwnd=268670&unsent_bytes=0&cid=35d104b0e5c7f838&ts=2580&x=16"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections