Report - colorado.gov-mnlc.vip/pay/

Report Overview

Visited public
2025-06-11 17:25:31
Tags
phishing
URL
colorado.gov-mnlc.vip/pay/
Finishing URL
colorado.gov-mnlc.vip/pay/
IP / ASN
43.159.143.77
#132203 Tencent Building, Kejizhongyi Avenue
Title
Traffic Tickets
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
colorado.gov-mnlc.vip	unknown	2025-06-05	2025-06-11	2025-06-11	4.8 kB	1.3 MB	43.159.143.77
use.typekit.net	494	2010-08-02	2012-07-05	2025-06-04	1.9 kB	54 kB	23.36.77.75
dmv.colorado.gov	807805	unknown	2022-06-04	2025-06-05	537 B	1.3 kB	54.240.174.8
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-11	472 B	7.1 kB	142.250.178.99
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-06-11	476 B	2.5 kB	142.250.178.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-06-10	medium	colorado.gov-mnlc.vip/pay/	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed
2025-06-11	medium	gov-mnlc.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	colorado.gov-mnlc.vip/pay/assets/fliceXIj.js	ScriptElement	37 kB	2025-06-05	2025-06-11
Pretty URL colorado.gov-mnlc.vip/pay/assets/fliceXIj.js IP 43.159.143.77 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 18:56 Last Seen2025-06-11 22:38 Times Seen9 Hash 4e31b89a07bd7be81019cdbf6fa66e6d 3880afe3c2e216d2e0fcbf484f25177e931f8604 5edba7293c6678f523edb43d17617cdefbc293d83515c426bda2e45d5ddc81e0 Loading...

	colorado.gov-mnlc.vip/pay/	ScriptElement	314 B	2023-03-11	2025-06-20
Pretty URL colorado.gov-mnlc.vip/pay/ IP 43.159.143.77 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-06-20 02:03 Times Seen6304 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	colorado.gov-mnlc.vip/pay/	ScriptElement	84 B	2023-04-07	2025-06-20
Pretty URL colorado.gov-mnlc.vip/pay/ IP 43.159.143.77 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-06-20 02:03 Times Seen14874 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

	colorado.gov-mnlc.vip/pay/assets/DLheONWn.js	ScriptElement	979 kB	2025-06-05	2025-06-11
Pretty URL colorado.gov-mnlc.vip/pay/assets/DLheONWn.js IP 43.159.143.77 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 18:56 Last Seen2025-06-11 22:38 Times Seen9 Hash a5ee7989e672bb72355dc1f5a443ac96 a442afa675cf8ff8b4e0065323544448442acc5e 9046cc81aad982bb827ffdeeeeb5eb00f6ea1398e3a0e30fb576dfb27ecfb312 Loading...

HTTP Transactions (16)

URL IP Response Size

GET colorado.gov-mnlc.vip/pay/assets/BfGm9j6d.css

43.159.143.77

200

94 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/BfGm9j6d.css
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
assembler source, Unicode text, UTF-8 text, with very long lines (11562), with CRLF, LF line terminators
Size
94 kB (94484 bytes)
Hash
1c4c68e6960abb70c4f78c344a514cf9
d6baf57af5acdf0f75f487585aed83bb8c1e2df0
d7c67c17af7867b3d475cf6f858ce5baffe23de27a0226effca11d2d6f234cd8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BfGm9j6d.css HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:30 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET use.typekit.net/af/a28b50/00000000000000000000e803/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3

23.36.77.75

200 OK

17 kB

URL GET
use.typekit.net/af/a28b50/00000000000000000000e803/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
IP
23.36.77.75:443
ASN
#20940 Akamai International B.V.

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
FingerprintF3:36:2A:08:11:E8:8C:54:E5:3C:6A:03:53:BF:AA:D7:7A:84:8B:89
ValidityTue, 10 Dec 2024 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16808, version 1.0
Size
17 kB (16808 bytes)
Hash
e0ba364087ced101e98cb22c66a3de71
8a6fc598bf108239d94fabea4eb0fe686618a55a
09244974d9decf20f9cd3402621e4844a454f3ae43cdf509538f43c0456ba6c4

HTTP Headers

GET /af/a28b50/00000000000000000000e803/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://colorado.gov-mnlc.vip
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 16808
etag: "a6c1fa20004e862da7c922781204c8a0ef8794a4"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 11 Jun 2025 17:24:31 GMT
akamai-grn: 0.4d4d2417.1749662671.6e7d3de
X-Firefox-Spdy: h2

GET dmv.colorado.gov/themes/custom/ci_xy/images/icons/arrow-up-right-from-square-solid.svg

54.240.174.8

200 OK

660 B

URL GET
dmv.colorado.gov/themes/custom/ci_xy/images/icons/arrow-up-right-from-square-solid.svg
IP
54.240.174.8:443
ASN
#16509 AMAZON-02

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerAmazon
Subject*.colorado.gov
Fingerprint58:01:EB:29:8D:98:90:48:39:31:4D:75:B6:A7:70:0F:D5:E1:B8:52
ValidityWed, 07 Aug 2024 00:00:00 GMT - Fri, 05 Sep 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
660 B (660 bytes)
Hash
74a2b764b49a75f66f2732c41e875b72
29093f6f8f0098aadf4cef3ce4583dc90f5431b4
a47d90439bbe92ea745391d093dc84bc91dccb575889288ca62a572cabacac74

HTTP Headers

GET /themes/custom/ci_xy/images/icons/arrow-up-right-from-square-solid.svg HTTP/1.1
Host: dmv.colorado.gov
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://colorado.gov-mnlc.vip
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 660
server: nginx
date: Wed, 11 Jun 2025 17:23:55 GMT
last-modified: Wed, 07 May 2025 04:35:19 GMT
cache-control: max-age=31536000
expires: Fri, 05 Jun 2026 06:03:32 GMT
x-request-id: v-cf796488-41d2-11f0-be70-1b064d53aa29
x-ah-environment: prod
via: varnish, 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-cache-hits: 91275
accept-ranges: bytes
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qGwi8B8qHJNC-XSt3J2dJ8F_j7ufw3cdqVu6n6lRfy9rS4hYusufWQ==
age: 559258
X-Firefox-Spdy: h2

GET use.typekit.net/af/e3ca36/00000000000000000000e805/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3

23.36.77.75

200 OK

17 kB

URL GET
use.typekit.net/af/e3ca36/00000000000000000000e805/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP
23.36.77.75:443
ASN
#20940 Akamai International B.V.

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
FingerprintF3:36:2A:08:11:E8:8C:54:E5:3C:6A:03:53:BF:AA:D7:7A:84:8B:89
ValidityTue, 10 Dec 2024 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17116, version 1.0
Size
17 kB (17116 bytes)
Hash
34d56709ccec98b48945ca2e3c085473
47e244eeb006e577549cf550a59cb6499e603a01
97f752f1bdffe4e12de8fe349f77012495c8926f74f64874a3e740960b365977

HTTP Headers

GET /af/e3ca36/00000000000000000000e805/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://colorado.gov-mnlc.vip
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 17116
etag: "4577a8003f294766a3a783ec5fba19dc646ecf7c"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 11 Jun 2025 17:24:31 GMT
akamai-grn: 0.4d4d2417.1749662671.6e7d3db
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.178.99

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 07 Jun 2025 20:19:01 GMT
expires: Sun, 07 Jun 2026 20:19:01 GMT
cache-control: public, max-age=31536000
age: 335131
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET colorado.gov-mnlc.vip/pay/assets/BML5x76n.ico

43.159.143.77

200

20 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/BML5x76n.ico
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
20 kB (20519 bytes)
Hash
096e21a1cf368116ee8852839843420c
314f5e6914831ae171a05d66fbc7d5cba9d1d049
c2efda14c14a1c23862ff0785d4db8f1db217b7d1fbd408e87bb5eab2a17213c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BML5x76n.ico HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:32 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET colorado.gov-mnlc.vip/pay/assets/fliceXIj.js

43.159.143.77

200

37 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/fliceXIj.js
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36628), with no line terminators
Size
37 kB (36629 bytes)
Hash
4e31b89a07bd7be81019cdbf6fa66e6d
3880afe3c2e216d2e0fcbf484f25177e931f8604
5edba7293c6678f523edb43d17617cdefbc293d83515c426bda2e45d5ddc81e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET colorado.gov-mnlc.vip/pay/assets/DLheONWn.js

43.159.143.77

200

979 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/DLheONWn.js
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
JavaScript source, ASCII text, with very long lines (30958)
Size
979 kB (979125 bytes)
Hash
a5ee7989e672bb72355dc1f5a443ac96
a442afa675cf8ff8b4e0065323544448442acc5e
9046cc81aad982bb827ffdeeeeb5eb00f6ea1398e3a0e30fb576dfb27ecfb312

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/DLheONWn.js HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET colorado.gov-mnlc.vip/pay/assets/BHcjXi3x.gif

43.159.143.77

200

60 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/BHcjXi3x.gif
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:30 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET use.typekit.net/af/c225e2/000000000000000000011aff/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3

23.36.77.75

200 OK

19 kB

URL GET
use.typekit.net/af/c225e2/000000000000000000011aff/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP
23.36.77.75:443
ASN
#20940 Akamai International B.V.

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
FingerprintF3:36:2A:08:11:E8:8C:54:E5:3C:6A:03:53:BF:AA:D7:7A:84:8B:89
ValidityTue, 10 Dec 2024 00:00:00 GMT - Sat, 10 Jan 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19028, version 1.0
Size
19 kB (19028 bytes)
Hash
9e62001fb5268425e5ec47afb19a4328
a2832dacc8f95c022db518fba7cceec7b5d1598b
be08b553524afe2516979423c8147de88c9ad54ae7fb1ccdcb14bfcd6f862c7d

HTTP Headers

GET /af/c225e2/000000000000000000011aff/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://colorado.gov-mnlc.vip
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19028
etag: "aac07d12e2650fd1a93de82aff4c98527ab9f303"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 11 Jun 2025 17:24:31 GMT
akamai-grn: 0.4d4d2417.1749662671.6e7d362
X-Firefox-Spdy: h2

GET colorado.gov-mnlc.vip/pay/assets/D_FexwS0.png

43.159.143.77

200

62 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/D_FexwS0.png
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
PNG image data, 225 x 224, 8-bit/color RGBA, non-interlaced
Size
62 kB (62286 bytes)
Hash
697ffbd930ffcaf17ecf30b42ff8e111
5982c6c5c6425b1c5ee15567572233b592bf7f45
50ee3d628ce51d93001f72589021d97863c66832459e73fe27dbda8f8b2d6537

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/D_FexwS0.png HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:31 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.178.99

200 OK

1.8 kB

URL GET
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 04 Jun 2025 21:30:14 GMT
expires: Thu, 04 Jun 2026 21:30:14 GMT
cache-control: public, max-age=31536000
age: 590058
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET wss://colorado.gov-mnlc.vip/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTI2NTE0fQ.yHfDAOdbhaxU8rqY6N2PNzHKxAn2mgnwbw2BWMB2aeA

43.159.143.77

101

0 B

URL GET
wss://colorado.gov-mnlc.vip/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTI2NTE0fQ.yHfDAOdbhaxU8rqY6N2PNzHKxAn2mgnwbw2BWMB2aeA
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MTI2NTE0fQ.yHfDAOdbhaxU8rqY6N2PNzHKxAn2mgnwbw2BWMB2aeA HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://colorado.gov-mnlc.vip
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dCy9vZKXO9NQPkO//xm+gQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:32 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vqSCEo6rca/D+CspkgLN7DVHUQQ=
Sec-WebSocket-Extensions: permessage-deflate
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET colorado.gov-mnlc.vip/pay/

43.159.143.77

200

3.3 kB

URL User Request GET
colorado.gov-mnlc.vip/pay/
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
3.3 kB (3317 bytes)
Hash
fe86b17d17e9d4878d38a262c9258875
b46bb744da29f8a3cddaee501f41b044cbac590e
0c2ff9d079050e61a44648b29fff9b7175408fa60ce8577811387458d31c0c6f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
OpenPhish	phishing	Generic/Spear Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/ HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

GET colorado.gov-mnlc.vip/front/checkIp?token=123

43.159.143.77

200

228 B

URL GET
colorado.gov-mnlc.vip/front/checkIp?token=123
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
JSON text data
Size
228 B (228 bytes)
Hash
10286b83e54c0a2f3e3aeba1ea514b0b
75e233fc47d6c8080213415fbb0b55215876a3a0
5e37dfe67aa35e2a45aff8c162eeff1c37fb0de0bddb075d7a226e8666443b60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://colorado.gov-mnlc.vip/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:31 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET colorado.gov-mnlc.vip/pay/assets/fmTkokkn.jpg

43.159.143.77

200

46 kB

URL GET
colorado.gov-mnlc.vip/pay/assets/fmTkokkn.jpg
IP
43.159.143.77:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://colorado.gov-mnlc.vip/pay/
Certificate
IssuerLet's Encrypt
Subjectcolorado.gov-mnlc.vip
Fingerprint78:D5:F4:87:0B:53:93:25:5C:58:CA:8A:D4:C4:59:49:F0:B3:3C:58
ValidityThu, 05 Jun 2025 13:24:14 GMT - Wed, 03 Sep 2025 13:24:13 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=16, height=4024, bps=206, PhotometricInterpretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON Z 6_2, orientation=upper-left, width=6048], baseline, precision 8, 250x250, components 3
Size
46 kB (45568 bytes)
Hash
49d66b0637a1343284fe44412e67f134
65c362db48745abab305f082239bd978411312f3
05cf9187bd3929955037319153970c87521d7094891dbdcb46b23850dfb09bac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pay/assets/fmTkokkn.jpg HTTP/1.1
Host: colorado.gov-mnlc.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colorado.gov-mnlc.vip/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Server: nginx/1.27.4
Date: Wed, 11 Jun 2025 17:24:31 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP