Report - tndmv.gov-orz.win/pay/

Report Overview

Visited public
2025-05-16 12:45:07
Tags
phishing
Submit Tags
URL
tndmv.gov-orz.win/pay/
Finishing URL
tndmv.gov-orz.win/pay/
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Title
TN Driver Services
Phishing - Generic phishing
Phishing - Generic Phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-14	456 B	7.1 kB	142.250.178.99
tndmv.gov-orz.win	unknown	2025-05-15	2025-05-16	2025-05-16	5.7 kB	1.7 MB	104.21.112.1
dl.safety.tn.gov	unknown	unknown	2025-05-16	2025-05-16	3.0 kB	406 kB	170.141.168.75

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	tndmv.gov-orz.win/pay/assets/fliceXIj.js	ScriptElement	36 kB	2025-05-16	2025-06-19
Pretty URL tndmv.gov-orz.win/pay/assets/fliceXIj.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 12:45 Last Seen2025-06-19 09:34 Times Seen13 Hash aeec9ee671d9baef56586f1f6bf73e9b 5b00e97dae06d9035bc105d2d2ebb63a63411e03 51a99ac06b546934b79891d19279461485bcccaced9ff7419f41dbed8758c704 Loading...

	tndmv.gov-orz.win/pay/assets/D1QuQop7.js	ScriptElement	817 kB	2025-05-16	2025-06-19
Pretty URL tndmv.gov-orz.win/pay/assets/D1QuQop7.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 12:45 Last Seen2025-06-19 09:34 Times Seen13 Hash 1e1faf06740efa31d07ce2f04ca02b6d c3ffabc7642aefca07f2c980c5036bb2bee8b35c b5012ff9aea482c20798cc4fb956b035b59ac528e637accefde95d4b0a12509e Loading...

	tndmv.gov-orz.win/pay/	ScriptElement	314 B	2023-03-11	2025-07-01
Pretty URL tndmv.gov-orz.win/pay/ IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 11:23 Last Seen2025-07-01 05:37 Times Seen7253 Hash cd7a34e714de94d5c29b8ac5acdde24b b722bccb435490630d97ef88cafeb02d92f70fd0 312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71 Loading...

	tndmv.gov-orz.win/pay/	ScriptElement	84 B	2023-04-07	2025-07-01
Pretty URL tndmv.gov-orz.win/pay/ IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 06:55 Last Seen2025-07-01 05:37 Times Seen15780 Hash 528dd01eb509d1fc3c68b48e165c9d77 8d702f33d869eb8c53cf75c17014f96385322395 b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a Loading...

HTTP Transactions (19)

URL IP Response Size

GET tndmv.gov-orz.win/pay/assets/DLY0dWON.css

104.21.112.1

200 OK

724 kB

URL GET
tndmv.gov-orz.win/pay/assets/DLY0dWON.css
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
Unicode text, UTF-8 text, with very long lines (36407), with CRLF, LF line terminators
Size
724 kB (724079 bytes)
Hash
3f85d1a26eb6b66c41bd8e1adca7fe25
7a24d7bd06c7d3b9abbb2add9c9209e0a5691d19
0b23c1e1092f44364fd8038f056ef0a424044214bfca7f8a8320510fb110605d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/DLY0dWON.css HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 12:44:47 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:47 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=v60nkLmFE6S6VC5pQmRhCt5%2FfgOPPyMs2o%2BL9QtCK5KCjAtvcHyzCCl%2Bx78iQxyB6DPDgFH2M7xMl%2BAW%2FNOQoNu4ZRZpTRA%2FVwPHGISu5O%2BddvGg%2FwGPUHfqT2iHs2Cvudysvw%3D%3D"}]}
cf-ray: 940af7e97da056ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff2?v=67

170.141.168.75

200 OK

16 kB

URL GET
dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff2?v=67
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
Web Open Font Format (Version 2), TrueType, length 94744, version 1.0
Size
16 kB (16384 bytes)
Hash
8eec179372bfa462c2bc4c58cd3a37f7
0dcd6ddb092eb147d4c9194c50e1c9b6ec23ac1b
add2b58e8dba188e05aa6b795152db0f1bf96534855f92663eef2fc9dc64c4a8

HTTP Headers

GET /Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tndmv.gov-orz.win
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: font/woff2
Expires: Fri, 16-May-2025 20:44:49 GMT
Last-Modified: Sun, 11-May-2025 08:46:59 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET tndmv.gov-orz.win/front/checkIp?token=123

104.21.112.1

200 OK

225 B

URL GET
tndmv.gov-orz.win/front/checkIp?token=123
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
JSON text data
Size
225 B (225 bytes)
Hash
d21fed70a60d86297f1fa21f260c60dd
ac28cf9400196d983e51cc215e165b9267880a92
c3230a353346e0017d27d5da4b1d3e5e9f45cf84b03a5ec7201bf6c2fda893a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/checkIp?token=123 HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tndmv.gov-orz.win/pay/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 12:44:48 GMT
content-type: text/plain;charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mR4S6%2F5HDHIP0Gk97985WbJu8iZ09q%2FvXJQT0vWV%2FH8UD3tVVUhkjFsITauzr2IDJFdPkbdh3q6105qWny1tYp0sYr1li3EXbdfRK1%2BO6UO7YvJDEcm9cczpspwaqLumxE8XBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 940af7f1fa0c5684-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1492&min_rtt=628&rtt_var=560&sent=264&recv=410&lost=0&retrans=0&sent_bytes=17759&recv_bytes=22352&delivery_rate=2466&cwnd=12000&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=2099&x=16"

GET fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

142.250.178.99

200 OK

6.2 kB

URL GET
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint15:8B:D4:EA:7E:CB:34:1B:6F:2E:20:9E:39:44:7A:D6:D7:30:26:AB
ValidityMon, 21 Apr 2025 08:41:49 GMT - Mon, 14 Jul 2025 08:41:48 GMT

File type
SVG Scalable Vector Graphics image
Size
6.2 kB (6225 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 May 2025 20:18:51 GMT
expires: Sun, 10 May 2026 20:18:51 GMT
cache-control: public, max-age=31536000
age: 491158
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff?v=67

170.141.168.75

200 OK

16 kB

URL GET
dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff?v=67
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
Web Open Font Format, TrueType, length 121528, version 1.1
Size
16 kB (16043 bytes)
Hash
046790a410bffa63ca2670e2e0a56a85
060fbd4f1e98506c77273907e9af6aabe23959cf
9289a6cd530ca2d44b63e03c51be54bc8dae363a2d3c7c06edf565fc2fdd339e

HTTP Headers

GET /Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tndmv.gov-orz.win
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: application/font-woff
Expires: Fri, 16-May-2025 20:44:50 GMT
Last-Modified: Sun, 11-May-2025 08:46:59 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET dl.safety.tn.gov/Resource/MaterialIcons-Regular.ttf?v=67

170.141.168.75

200 OK

34 kB

URL GET
dl.safety.tn.gov/Resource/MaterialIcons-Regular.ttf?v=67
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
TrueType Font data, 15 tables, 1st "GDEF"
Size
34 kB (33469 bytes)
Hash
56fa41184cf10e42978a5bfcc3656b8f
83fd2d71c6ecd9732f05de88837a9279685f4f1c
7d26813936417ef163d0faf1e10749fc03b7d5f9de6c871650066d9b26a8cedf

HTTP Headers

GET /Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tndmv.gov-orz.win
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: application/font-sfnt
Content-Encoding: gzip
Expires: Fri, 16-May-2025 20:44:50 GMT
Last-Modified: Sun, 11-May-2025 08:47:34 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.woff?v=67

104.21.112.1

404 Not Found

0 B

URL GET
tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.woff?v=67
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff?v=67 HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/assets/DLY0dWON.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 12:44:51 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5J5W46rXM6wKROAmxo5dJgxfbE88iPIPds%2BidTJtM0xkX2idJZNPbF7FE1b2u0RQsgSyChWMiIyb618buYHQXTuIclV2PM%2BKfl2ffNRxqsb82mXPe3XmOvcTTSwa5xjJ6FDsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940af800ea9d5684-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2435&min_rtt=628&rtt_var=2106&sent=338&recv=421&lost=0&retrans=0&sent_bytes=98844&recv_bytes=23695&delivery_rate=1397&cwnd=37200&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=4502&x=16"

GET tndmv.gov-orz.win/pay/assets/D1QuQop7.js

104.21.112.1

200 OK

817 kB

URL GET
tndmv.gov-orz.win/pay/assets/D1QuQop7.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (30774)
Size
817 kB (817242 bytes)
Hash
1e1faf06740efa31d07ce2f04ca02b6d
c3ffabc7642aefca07f2c980c5036bb2bee8b35c
b5012ff9aea482c20798cc4fb956b035b59ac528e637accefde95d4b0a12509e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/D1QuQop7.js HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 12:44:47 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:47 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FniXnFdW%2FmOLfZ5u7A73mcu%2FhT7E1OreHAfSPNBirVEFjX2T3KLttU30keDxhf9e3Q96VvggiXQqd6CkEfuDGa0zuvRmk975pxB9tlKJYRR0RIh2%2BMkybG6dV8YRIO8SWIZ3MA%3D%3D"}]}
cf-ray: 940af7e97d9d56ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tndmv.gov-orz.win/pay/assets/BHcjXi3x.gif

104.21.112.1

200 OK

60 kB

URL GET
tndmv.gov-orz.win/pay/assets/BHcjXi3x.gif
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
GIF image data, version 89a, 256 x 256
Size
60 kB (59994 bytes)
Hash
fadd89694f57f3d6143989b62b09b288
1c6d340af3c4b392538a96c9313136fb23087aa0
7515437df23c4af47700948c1650f0f9460da07e86a9447d33cfda1f36c91052

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/BHcjXi3x.gif HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 12:44:47 GMT
content-type: image/gif
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:47 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=AbaMrYkuc%2BBtjeNE4BMZBRxiG3avEIJQ%2FLC0O%2FMF0U61skPiCbRmTW%2BR%2BSPevKCoBLK6BGwfojg%2B91dDUN4CxNvUYzyy0K7GzRFNoXDBQe5cYeFCcb3g%2BuhcgFaG4asn%2F4uuWQ%3D%3D"}]}
cf-ray: 940af7e97da456ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET dl.safety.tn.gov/Image/ENG/TN.Home.png

170.141.168.75

200 OK

262 B

URL GET
dl.safety.tn.gov/Image/ENG/TN.Home.png
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Size
262 B (262 bytes)
Hash
1a181b5cfe966641b51a51ead7ac4a80
3486c681a31f3c92c1661fbb8361bfc0ebed2905
7e9e8990656f4e77f733eeb7b7445a43069d21a29afbe5adfcd63c1b8a80df5a

HTTP Headers

GET /Image/ENG/TN.Home.png HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: image/png
Expires: Fri, 16-May-2025 20:44:49 GMT
Last-Modified: Sun, 11-May-2025 08:47:34 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET dl.safety.tn.gov/image/ENG/eServicesHeaderBackground.png

170.141.168.75

200 OK

322 kB

URL GET
dl.safety.tn.gov/image/ENG/eServicesHeaderBackground.png
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
PNG image data, 1300 x 383, 8-bit/color RGBA, non-interlaced
Size
322 kB (321828 bytes)
Hash
fb480ce6bc4ca8c5c9177938e6795cd1
a9b89e8ad7d659b09750617ec98fae5c36983e50
f15cbfd985c2ba9e48836d21c86bf49c7504a227f61914961181cec672dd34b4

HTTP Headers

GET /image/ENG/eServicesHeaderBackground.png HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: image/png
Expires: Fri, 16-May-2025 20:44:49 GMT
Last-Modified: Sun, 11-May-2025 08:46:59 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET tndmv.gov-orz.win/pay/assets/CnK1DPp4.jpg

104.21.112.1

200 OK

77 kB

URL GET
tndmv.gov-orz.win/pay/assets/CnK1DPp4.jpg
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=paint.net 4.1.5], baseline, precision 8, 600x347, components 3
Size
77 kB (76737 bytes)
Hash
7aa613618e3312ae00420e36a61b769f
74ccde94289b0d7957d2b6d72a238a78220767a9
a1bdf5d2aa824216c4df8125308a7e5f3daea3a2ed10353191e2ee6e9c24ee78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/CnK1DPp4.jpg HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 12:44:48 GMT
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eOc403a%2B1hV4%2BiNHp7gJQnza1rE9cwkTJZQZj16dWKXy7nVQn50fJjK03d3kSD7trzyw3m9j1lx%2FxfDaZyuhgOhE1qJ4VpX%2B%2FOA1l8CLOFxC8l9bpcZ%2Fa%2BAatOesy9Afbt9NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:48 GMT
cf-ray: 940af7f38a1f5684-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1495&min_rtt=628&rtt_var=426&sent=265&recv=411&lost=0&retrans=0&sent_bytes=18632&recv_bytes=22397&delivery_rate=2019&cwnd=12000&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=2362&x=16"

GET wss://tndmv.gov-orz.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mzc0NTB9.gSnCgs6rhANaM0IMwLrGDlyNtzpM4kcVm-G1Esx9LKA

104.21.112.1

101

0 B

URL GET
wss://tndmv.gov-orz.win/front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mzc0NTB9.gSnCgs6rhANaM0IMwLrGDlyNtzpM4kcVm-G1Esx9LKA
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /front/im/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6Mzc0NTB9.gSnCgs6rhANaM0IMwLrGDlyNtzpM4kcVm-G1Esx9LKA HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tndmv.gov-orz.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GQuuQCPHRdWtgck3vrMdkw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 
Date: Fri, 16 May 2025 12:44:49 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: 5vC6WMAJjicG0jyzp3t2LQ0dQnw=
Sec-Websocket-Extensions: permessage-deflate
Cf-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3%2F00Y6%2BIgcNL83NcW0yZm5IEuHfKaClK5qLpmd%2FbEvkgoPvRWFCjKJeM3CuVrC81xEi5WacGaun0WqqKGAsKmabNyrtLJ6tLRkQ9dTB8K166LXssWSlJKzbEHEYVndfmoBxvg%3D%3D"}],"group":"cf-nel","max_age":604800}
Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Cf-Ray: 940af7f52bda7130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=525&min_rtt=481&rtt_var=169&sent=5&recv=8&lost=0&retrans=0&sent_bytes=3322&recv_bytes=1256&delivery_rate=6995169&cwnd=252&unsent_bytes=0&cid=be6c08e9a38a658d&ts=423&x=0"

GET dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff2?v=67

170.141.168.75

200 OK

16 kB

URL GET
dl.safety.tn.gov/Resource/MaterialIcons-Regular.woff2?v=67
IP
170.141.168.75:443
ASN
#4454 TNET-AS

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerEntrust, Inc.
Subjectdl.safety.tn.gov
Fingerprint4E:F4:32:13:78:C6:24:76:FA:5F:5B:9B:76:82:2F:AA:15:01:28:BD
ValidityTue, 15 Oct 2024 14:47:53 GMT - Sat, 15 Nov 2025 14:47:52 GMT

File type
Web Open Font Format (Version 2), TrueType, length 94744, version 1.0
Size
16 kB (16384 bytes)
Hash
8eec179372bfa462c2bc4c58cd3a37f7
0dcd6ddb092eb147d4c9194c50e1c9b6ec23ac1b
add2b58e8dba188e05aa6b795152db0f1bf96534855f92663eef2fc9dc64c4a8

HTTP Headers

GET /Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: dl.safety.tn.gov
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tndmv.gov-orz.win
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private,max-age=2592000
Transfer-Encoding: chunked
Content-Type: font/woff2
Expires: Fri, 16-May-2025 20:44:49 GMT
Last-Modified: Sun, 11-May-2025 08:46:59 GMT
X-XSS-Protection: 1; mode=block
Fast-WDC-Response: 1
X-Content-Type-Options: nosniff
Date: Fri, 16 May 2025 12:44:49 GMT

GET tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.ttf?v=67

104.21.112.1

404 Not Found

0 B

URL GET
tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.ttf?v=67
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.ttf?v=67 HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/assets/DLY0dWON.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 12:44:51 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1IZMlonVCWiLDfUIlivROGPSNUXWi37g3t9b1M3UiJSJ7bM1l2KuVqGHMfq9SfdVLph3qlDsSLEOE%2BswsANnXqZctd1q0yyraLMHTakwgrf5s2U%2BeDfkCmPNKAqHhtmdVKmZ6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940af803aab65684-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2221&min_rtt=628&rtt_var=2007&sent=340&recv=423&lost=0&retrans=0&sent_bytes=99465&recv_bytes=24082&delivery_rate=26006&cwnd=37200&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=4942&x=16"

GET tndmv.gov-orz.win/pay/

104.21.112.1

200 OK

2.7 kB

URL User Request GET
tndmv.gov-orz.win/pay/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (433)
Size
2.7 kB (2733 bytes)
Hash
b9d69b3d902f7f706b42e79b5e39063c
157d964698dd9aa1b4284bf4f9564f46cb63cc11
41a25d19aaf6e9cd4e46644d3f028ecf647819e17fdcb22574e2fc4458308375

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/ HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 12:44:46 GMT
content-type: text/html
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cAb0UItTkx%2BsmYvHCENGVM69Tle4kTpIsTvuFoQWODkbWNeqTRkVOnkOu%2BvLSaxXVeFnhmMFrhNHqb4eWKjf9umb7pNyOmfssjrS3GrMZqcYVgLr1mpd8Y7TG7po8Y2%2Fkd%2FhmA%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 940af7e4bd2956ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tndmv.gov-orz.win/pay/assets/fliceXIj.js

104.21.112.1

200 OK

36 kB

URL GET
tndmv.gov-orz.win/pay/assets/fliceXIj.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36262), with no line terminators
Size
36 kB (36263 bytes)
Hash
aeec9ee671d9baef56586f1f6bf73e9b
5b00e97dae06d9035bc105d2d2ebb63a63411e03
51a99ac06b546934b79891d19279461485bcccaced9ff7419f41dbed8758c704

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/assets/fliceXIj.js HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 16 May 2025 12:44:47 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:47 GMT
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=W9yC%2FbotZQF8IavyrdqXv%2F2MYy0i8rN6WuXluIRIJvHR6Kg53iHcgrAl%2FF2N9SKHFHktYGiKhe%2FR%2BtQOaZIOVE7%2FiANSvuPowUcHnPCp%2B7CoV6wwlNZcnPCHLuILdwEBJl%2FZdA%3D%3D"}]}
cf-ray: 940af7e96d9756ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET tndmv.gov-orz.win/pay/favicon.ico

104.21.112.1

200 OK

1.2 kB

URL GET
tndmv.gov-orz.win/pay/favicon.ico
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
70bc28f833c58cf21092ae3fafa8e9c4
65d8625cf90eeecf35c799617dc5744858444a43
efcd05ecf9c628918e26065bb1f6732b7e976340afc5eb4c1020cb5b2440b9ce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/favicon.ico HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 16 May 2025 12:44:49 GMT
content-type: image/vnd.microsoft.icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxdOcpsgEtXgO5AFzFY87wTIm07ay3moxhLl22eXLirNgefL7%2Bgxr3vEjV%2FYja1xbWHPc7ZpHBeEuYPz4IzLyDG82KP56lv4AkuftXz%2BjDojxmPplsCy7CPM7jVAKv87JPC%2Fcg%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 16 May 2025 12:44:49 GMT
cf-ray: 940af7f86a585684-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2891&min_rtt=628&rtt_var=2305&sent=333&recv=417&lost=0&retrans=0&sent_bytes=96658&recv_bytes=22903&delivery_rate=648589&cwnd=37200&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=3104&x=16"

GET tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.woff2?v=67

104.21.112.1

404 Not Found

0 B

URL GET
tndmv.gov-orz.win/pay/Resource/MaterialIcons-Regular.woff2?v=67
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tndmv.gov-orz.win/pay/
Certificate
IssuerCLOUDFLARE, INC.
Subjectgov-orz.win
Fingerprint2E:31:14:20:60:90:C4:C3:20:F1:97:89:DE:7A:04:9A:54:1A:3C:99
ValidityThu, 15 May 2025 11:36:40 GMT - Wed, 13 Aug 2025 11:43:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Phishing

HTTP Headers

GET /pay/Resource/MaterialIcons-Regular.woff2?v=67 HTTP/1.1
Host: tndmv.gov-orz.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tndmv.gov-orz.win/pay/assets/DLY0dWON.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 16 May 2025 12:44:50 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=stXvrjJWW8WJNvlxR%2Flo2HVNhcmdAfCJNVUAATcBENki2Zz9PjECRULhmmD%2FdcicqyWYvBKv2J4%2Bo19ZPWA3BnArjJRnYDRLpRk3uXmP6Z1UxBqYQhvZ5O2PmLoS9wQo94e9Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 940af7fe3a8b5684-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2687&min_rtt=628&rtt_var=2136&sent=336&recv=419&lost=0&retrans=0&sent_bytes=98219&recv_bytes=23300&delivery_rate=846833&cwnd=37200&unsent_bytes=0&cid=ffdcfc8e17105be8&ts=4051&x=16"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET