Report - scdmv.gov-rycm.cc/pay/

Report Overview

Visited public
2025-06-09 21:09:34
Tags
phishing
URL
scdmv.gov-rycm.cc/pay/
Finishing URL
scdmv.gov-rycm.cc/pay/
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Title
SCDMV
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
scdmv.gov-rycm.cc	unknown	2025-06-09	2025-06-09	2025-06-09	4.3 kB	3.9 MB	104.21.112.1
www.google.com	7	1997-09-15	2015-05-10	2025-06-04	445 B	739 B	142.250.74.68
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-04	468 B	7.1 kB	142.250.74.35
translate.googleapis.com	1005	2005-01-25	2012-05-31	2025-06-04	469 B	2.1 kB	142.250.178.42
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-06-04	472 B	2.5 kB	142.250.74.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	scdmv.gov-rycm.cc/pay/	ScriptElement	314 B	2023-03-11	2025-06-17
Pretty URL scdmv.gov-rycm.cc/pay/ IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-06-17 04:51 Times Seen6013 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	scdmv.gov-rycm.cc/pay/	ScriptElement	84 B	2023-04-07	2025-06-17
Pretty URL scdmv.gov-rycm.cc/pay/ IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-17 04:51 Times Seen14584 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	scdmv.gov-rycm.cc/pay/assets/fliceXIj.js	ScriptElement	36 kB	2025-06-03	2025-06-17
Pretty URL scdmv.gov-rycm.cc/pay/assets/fliceXIj.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 18:50 Last Seen2025-06-17 04:51 Times Seen25 Hash 34c304a06c9493852a17e444a712c97e 75816bc562c70d995bef2bc4d346798ffc0e3006 f543c0e8385b811ea6474859638fcf8bfa27977d76b61aeadb13257e843e9afe Loading...

	scdmv.gov-rycm.cc/pay/assets/Bp_2Eq37.js	ScriptElement	861 kB	2025-06-03	2025-06-17
Pretty URL scdmv.gov-rycm.cc/pay/assets/Bp_2Eq37.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-03 18:50 Last Seen2025-06-17 04:51 Times Seen25 Hash e10186d9401ac26e806c16e6254debb8 e644a134476ad4c10a1e65f34e32445f622a82c2 e68191fa80d37b2c2de00d066fe7b6994fbe9240c67d5ced462826e6f9c46f4e Loading...

HTTP Transactions (13)

URL IP Response Size

scdmv.gov-rycm.cc/pay/assets/B2WDgonS.jpg

104.21.112.1

200 OK

782 kB

URL GET
scdmv.gov-rycm.cc/pay/assets/B2WDgonS.jpg
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2384x1560, components 3
Size
782 kB (782368 bytes)
Hash
a0f4e9595dbb1fa148e20852ff229332
2381aaffc0781c1b3207994350b0e55c1e350504
744eaba239734b324f360d7499f981811297d5953ab5cd0e407bc09fd30ce6a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/B2WDgonS.jpg HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 09 Jun 2025 21:09:03 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWortXX8Ry6Z0ysUsvBrdsXV2I6JzpouQrLOtLyqye%2FFVCb9PrFyQoxr7XgJ3ACrHvc5JlwkOi1%2BmmAGyvdAOrT1Gq6QvxSsUdaOq5bcDeGeqrudXJQ51k7C4oVQYvrUrpHbUA%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:03 GMT
cf-ray: 94d39b986e7656b7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2636&min_rtt=720&rtt_var=1755&sent=191&recv=291&lost=0&retrans=0&sent_bytes=14290&recv_bytes=16386&delivery_rate=595694&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=cbcf2840fc9980c6&ts=2663&inflight_dur=34&x=80"

www.google.com/images/cleardot.gif

142.250.74.68

200 OK

43 B

URL GET
www.google.com/images/cleardot.gif
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint84:BD:0D:9A:51:CC:86:3E:E9:2F:6E:7C:2D:58:AC:4C:FB:B5:3D:8C
ValidityMon, 12 May 2025 08:44:44 GMT - Mon, 04 Aug 2025 08:44:43 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/cleardot.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/gif
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 43
date: Mon, 09 Jun 2025 21:09:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

scdmv.gov-rycm.cc/pay/

104.21.112.1

200 OK

2.7 kB

URL User Request GET
scdmv.gov-rycm.cc/pay/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
31917dc742c3d23dc9892d349663a200
e041b59c48d5e46535534f0946c21dcb62748c7a
29728f8e50c04a00aa7d04e799bc9ed8cf1af060c525238c10c35df3f5989c6c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/ HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Jun 2025 21:09:01 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BSM6JjBuLHN1x6TDOgOlQ5vs7FVNL5NY7ncy4P%2BFJjXp8Oj1okZNL6hi7QOjwwXDg%2F%2BaetqAca9zG3qa5E%2F0MCOO1QfB%2FoKzabkWBhfLEg%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 94d39b86aae80b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

scdmv.gov-rycm.cc/pay/assets/BHcjXi3x.gif

104.21.112.1

200 OK

60 kB

URL GET
scdmv.gov-rycm.cc/pay/assets/BHcjXi3x.gif
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Jun 2025 21:09:01 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q5xjWUO4OOAbcdiZi5V9A5bnnrfxHqUdchTw0x%2FbhjMCPjljokT02sB2nupHnvZmdx0idQecO%2BNvy9w92vFdQ3kNOy%2BM2bx7wv%2Foutfy4w%3D%3D"}]}
cf-ray: 94d39b8bd8a30b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.74.35

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jun 2025 13:29:04 GMT
expires: Fri, 05 Jun 2026 13:29:04 GMT
cache-control: public, max-age=31536000
age: 373199
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

scdmv.gov-rycm.cc/pay/assets/fliceXIj.js

104.21.112.1

200 OK

36 kB

URL GET
scdmv.gov-rycm.cc/pay/assets/fliceXIj.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36515), with no line terminators
Size
36 kB (36516 bytes)
Hash
34c304a06c9493852a17e444a712c97e
75816bc562c70d995bef2bc4d346798ffc0e3006
f543c0e8385b811ea6474859638fcf8bfa27977d76b61aeadb13257e843e9afe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Jun 2025 21:09:01 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OuMJzZi%2Bto%2BXaIvopytUH3nKAB%2FIOJx5XeOmMP2XhMaHpRVI6jAm6%2B1CblbO5V1WEZqeOKnrvXZTCkDm5OlKCXxCFZr1cs7G2FNWBvLF1w%3D%3D"}]}
cf-ray: 94d39b8bc8970b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

scdmv.gov-rycm.cc/pay/assets/Bp_2Eq37.js

104.21.112.1

200 OK

861 kB

URL GET
scdmv.gov-rycm.cc/pay/assets/Bp_2Eq37.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
JavaScript source, ASCII text, with very long lines (31004)
Size
861 kB (860974 bytes)
Hash
e10186d9401ac26e806c16e6254debb8
e644a134476ad4c10a1e65f34e32445f622a82c2
e68191fa80d37b2c2de00d066fe7b6994fbe9240c67d5ced462826e6f9c46f4e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/Bp_2Eq37.js HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Jun 2025 21:09:01 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QRMLTV%2BAIkDooF7XicEfZD5RJRXGvPlLKZdLrBE3ZwkAY8AvI4EHFRInr%2FsV7d%2FhZcr41S7hLIQfBzn4x1T5NcCrBBVgwAqEU45Nu6pTXA%3D%3D"}]}
cf-ray: 94d39b8bc89e0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

translate.googleapis.com/translate_static/img/te_ctrl3.gif

142.250.178.42

200 OK

1.4 kB

URL GET
translate.googleapis.com/translate_static/img/te_ctrl3.gif
IP
142.250.178.42:443
ASN
#15169 GOOGLE

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
GIF image data, version 89a, 84 x 19
Size
1.4 kB (1412 bytes)
Hash
9afe50090c0bc612953d081295eab5b1
71a4da2a622879c29176ecfa5afe1bbe3e8cfa40
d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171

HTTP Headers

GET /translate_static/img/te_ctrl3.gif HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Jun 2025 20:50:03 GMT
expires: Fri, 05 Jun 2026 20:50:03 GMT
cache-control: public, max-age=31536000
age: 346740
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

scdmv.gov-rycm.cc/pay/favicon.ico

104.21.112.1

200 OK

1.2 kB

URL GET
scdmv.gov-rycm.cc/pay/favicon.ico
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
5a886991c2b1c8552909543eec12efbe
b867064b902e4931725ede8fe7353bcda082aa7f
4438db47bd44c9f24f35b0aba1bbee725a995ea5e33409c070e3fd222ec0f90c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/favicon.ico HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 09 Jun 2025 21:09:04 GMT
content-type: image/vnd.microsoft.icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cIbaKNdtHRSr9iY98zUS2RshDHgFBTvd6IYKBcoKhF5C7COknaD1x0Q440ZggrUnr9jb73COeDLvsShDvQ5R6QQM8bboPQ%2Bk9I06KTzi2DE14bCzp9nyQh6gBQWj0H%2FrgD18TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:04 GMT
cf-ray: 94d39b9a3e8456b7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2143&min_rtt=720&rtt_var=1205&sent=229&recv=295&lost=0&retrans=0&sent_bytes=58150&recv_bytes=16567&delivery_rate=14933176&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=48000&unsent_bytes=0&cid=cbcf2840fc9980c6&ts=2986&inflight_dur=41&x=80"

scdmv.gov-rycm.cc/front/checkIp?token=123

104.21.112.1

200 OK

225 B

URL GET
scdmv.gov-rycm.cc/front/checkIp?token=123
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
ed1b92061c473d42a8a4fc09dcd18ea8
163a46334be1fb55db1ee40d2a09c81f518b5d50
cc2dc9a562b27f22884c7e697142a2c402726127d6c461b3807c592ef014ebcd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scdmv.gov-rycm.cc/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 09 Jun 2025 21:09:03 GMT
content-type: text/plain;charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj6pms56nh2iSV2cdG%2Fqldzs2o6iw6vD8d2GcOAPZxQ6U%2B1sk62VWkOHRWII4VjxoTe%2BaUQLLBq85UZIBtWEIAYKVJ3vCTIlPFrzeEElfS0ExfC8uokl9raLqf1qoA8cGzb6Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 94d39b962e6c56b7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2849&min_rtt=720&rtt_var=1772&sent=188&recv=289&lost=0&retrans=0&sent_bytes=13329&recv_bytes=16053&delivery_rate=556043&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=cbcf2840fc9980c6&ts=2321&inflight_dur=33&x=80"

wss://scdmv.gov-rycm.cc/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NDE3MH0.0_YTQNjj0VSKU8H-AFkwnpDCRE5M4Pv9ouyMAbZ-XSw

104.21.112.1

101

0 B

URL GET
wss://scdmv.gov-rycm.cc/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NDE3MH0.0_YTQNjj0VSKU8H-AFkwnpDCRE5M4Pv9ouyMAbZ-XSw
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6NDE3MH0.0_YTQNjj0VSKU8H-AFkwnpDCRE5M4Pv9ouyMAbZ-XSw HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://scdmv.gov-rycm.cc
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FZUmVuipVdN/HKgjMtyd0g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Mon, 09 Jun 2025 21:09:04 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VUcqDOlrwoW+DT5/G0/vZZyq3Xg=
Sec-WebSocket-Extensions: permessage-deflate
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71yD5E8moHLekIcfIiTy18jo%2BHy6IIO3YHX%2BTg%2B6vvepI0qQl%2BukX%2Fi9Y6OauPzW1uIueeqYPLFx2Nv7tqzUSI%2B%2F3KAOVpVDTlC%2BbqD7KRqst%2Fkxts8o68k8OIS%2FVXaB%2B7XK1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 94d39b9aedb11bfa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=487&min_rtt=424&rtt_var=189&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3114&recv_bytes=1267&delivery_rate=6776911&cwnd=252&unsent_bytes=0&cid=aec9a524252252e0&ts=454&x=0"

scdmv.gov-rycm.cc/pay/assets/DDvFmLsE.css

104.21.112.1

200 OK

2.1 MB

URL GET
scdmv.gov-rycm.cc/pay/assets/DDvFmLsE.css
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subjectgov-rycm.cc
Fingerprint60:4F:69:3C:78:5C:CC:34:50:AA:19:EF:10:BF:54:D9:E8:74:3B:33
ValidityMon, 09 Jun 2025 10:07:35 GMT - Sun, 07 Sep 2025 11:05:05 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
2.1 MB (2142679 bytes)
Hash
96c45057249d43dd4817c428014ec298
76fd12f9b5aa972638e2da8063b5ba3b8ade6c4a
79f0e98075daea7f7358d3a47d823d9f59eb4127e5688b6a24a1b1e332bf1903

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/DDvFmLsE.css HTTP/1.1
Host: scdmv.gov-rycm.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 09 Jun 2025 21:09:01 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Mon, 09 Jun 2025 21:09:01 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mE7teSwj38TrlZ5132Q%2BAdbZ5B96L%2BBDHzUNi5GnST13HOtHb3xpku0EADrbhTEyaba0YlE4BJHCduxMBddMq35%2FZMgkWCmK3a5eSznIRg%3D%3D"}]}
cf-ray: 94d39b8bd8a10b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://scdmv.gov-rycm.cc/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://scdmv.gov-rycm.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jun 2025 19:03:51 GMT
expires: Tue, 09 Jun 2026 19:03:51 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 7512
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET