Report - app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php

Report Overview

Visited public
2025-04-21 01:02:51
Tags
government tax france phishing suspicious
Submit Tags
URL
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Finishing URL
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
IP / ASN
35.228.201.97
#396982 GOOGLE-CLOUD-PLATFORM
Title
Site officiel unique de télépaiement | Amendes.gouv.fr
Phishing - French Tax Agency
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
app-67234802c1ac181374d0bc03.closte.com	unknown	2015-01-15	2025-04-21	2025-04-21	6.5 kB	1.1 MB	35.228.201.97
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-16	501 B	90 kB	151.101.66.137
www.amendes.gouv.fr	unknown	2003-10-12	2012-07-25	2025-04-20	2.1 kB	33 kB	185.8.53.118
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-16	475 B	6.8 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-20	medium	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	Government of France

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	Function	1.7 kB	2024-01-26	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by Function Embedded in HTML false Observations First Seen2024-01-26 23:55 Last Seen2025-07-17 07:29 Times Seen783 Hash b852c4eaaca1894d1c9149741b28e09a ab035051433149743af3db977f22b69f5e7ae2a4 5e2bb9f4cf78ed3015b9859759d0afc9e74afd58a2a103513808f42a76852f72 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/runtime-es2017.d8ae961f0555d440b720.js	ScriptElement	3.6 kB	2023-03-14	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/runtime-es2017.d8ae961f0555d440b720.js IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:47 Last Seen2025-07-17 07:29 Times Seen379 Hash 359f1c1919a337983e6e4e07620ab459 c6473e4162c594cdf836a180bf9a5fc183d8a9dc c6ae08b826ab67f0dc74c4a61f24c2b988f4c2c9d7dd85b6aa616cae373394e5 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	ScriptElement	59 B	2025-04-21	2025-04-21
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-21 01:02 Last Seen2025-04-21 13:05 Times Seen10 Hash 24c2e62387583d2fbdb3dd8b763967bf 68cdc657a7f50280af77b5082f1d5a322825d67e 32aba1a5f7290e1ac1132e73342a385084623ea6ddcfc68268573457358d6b0d Loading...

	code.jquery.com/jquery-3.6.3.min.js	ScriptElement	90 kB	2023-03-10	2025-07-17
Pretty URL code.jquery.com/jquery-3.6.3.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 04:24 Last Seen2025-07-17 07:29 Times Seen10608 Hash cf2fbbf84281d9ecbffb4993203d543b 832a6a4e86daf38b1975d705c5de5d9e5f5844bc a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	ScriptElement	94 B	2023-03-14	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 03:47 Last Seen2025-07-17 07:29 Times Seen346 Hash 4bdb363c83b9a3aedce67c75fa543087 6ea3c1658bf5dad03f0cdf2f0719199682d934a2 e027cfe2ad260a5a4de9ad3a60ae08a3ed629b91baaea379ed4597cf7c95e428 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js	ScriptElement	5.8 kB	2023-03-07	2025-07-17
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03 Last Seen2025-07-17 07:29 Times Seen479 Hash f757a9aa0bddb4d33e32ba706b94790f dc5e6f6e29da89457e3b313003bfaf49c799b208 a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	Function	916 B	2024-01-26	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by Function Embedded in HTML false Observations First Seen2024-01-26 23:55 Last Seen2025-07-17 07:29 Times Seen783 Hash 68c581ccb00d585fdb0af2e0bc5799be c6bfdf994f3c16e7527c726bc372a04bc3872bdd d2ccf7e379a3f9d443c40e21beb1ee503f57ac7633d2efbfd3f1577cdb752de9 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/polyfills-es2017.533ebfade82697eddcf6.js	ScriptElement	122 kB	2023-03-14	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/polyfills-es2017.533ebfade82697eddcf6.js IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:47 Last Seen2025-07-17 07:29 Times Seen378 Hash b1df07cdfe016ca2fe31198eda64db3c 75cc9808081dac4009e2c04cab156494c1df82fa ad6ad13398a7ccb1ac657a7932716ae2089ed2d95d55cd97b50b630d31062a32 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/libs.js	ScriptElement	369 kB	2024-01-26	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/libs.js IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:55 Last Seen2025-07-17 07:29 Times Seen772 Hash 3191b77970058cdc48b0a4c2123394d1 4e87101a9738a7e5a349c47a966d89658207bc3d 15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	EventHandler	16 B	2023-04-10	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-07-17 07:29 Times Seen74357 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php	ScriptElement	64 B	2023-03-14	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 03:47 Last Seen2025-07-17 07:29 Times Seen502 Hash d245a4c7f9b1676e8bf7a084577cb175 96b1e6c649c4a614baf7b2b93877bd091f3d1413 bc4de9ff8d3defae9652ed9d9b0055c42d25b141546a6a6b6b3d07c24f43db60 Loading...

	app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/main-es2017.8d2eb497bdf1e092bf40.js	ScriptElement	462 kB	2023-03-14	2025-07-17
Pretty URL app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/main-es2017.8d2eb497bdf1e092bf40.js IP 35.228.201.97 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 03:47 Last Seen2025-07-17 07:29 Times Seen370 Hash 4fd77e81274256ec8e5f595bb302756b 50c411ab5069e71e5826815c3ebc1f6d6aead744 5ef1328dfdfd1a8fa20c79d713b123df215edb78539a734074da936947b89cf9 Loading...

HTTP Transactions (17)

URL IP Response Size

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/polyfills-es2017.533ebfade82697eddcf6.js

35.228.201.97

200 OK

122 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/polyfills-es2017.533ebfade82697eddcf6.js
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
122 kB (122405 bytes)
Hash
b1df07cdfe016ca2fe31198eda64db3c
75cc9808081dac4009e2c04cab156494c1df82fa
ad6ad13398a7ccb1ac657a7932716ae2089ed2d95d55cd97b50b630d31062a32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/polyfills-es2017.533ebfade82697eddcf6.js HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: application/x-javascript
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39017
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
access-control-allow-origin: *

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/assets/fonts/open-sans/open-sans-bold.woff2

35.228.201.97

404 Not Found

1.3 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/assets/fonts/open-sans/open-sans-bold.woff2
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/assets/fonts/open-sans/open-sans-bold.woff2 HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/libs.js

35.228.201.97

200 OK

369 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/libs.js
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65434), with no line terminators
Size
369 kB (369005 bytes)
Hash
3191b77970058cdc48b0a4c2123394d1
4e87101a9738a7e5a349c47a966d89658207bc3d
15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/libs.js HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: application/x-javascript
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 121347
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
access-control-allow-origin: *

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/logo-amendes-gouv.svg

35.228.201.97

200 OK

24 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/logo-amendes-gouv.svg
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
24 kB (23741 bytes)
Hash
e0e8bfea36c47ef31ec61169c8b0fb95
5f42e1a67ec658d358b289c42e39e86619cf798b
5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/logo-amendes-gouv.svg HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: image/svg+xml
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7523
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
access-control-allow-origin: *

GET code.jquery.com/jquery-3.6.3.min.js

151.101.66.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.3.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89947 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /jquery-3.6.3.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app-67234802c1ac181374d0bc03.closte.com
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15f5b"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 21 Apr 2025 01:02:32 GMT
age: 4986649
x-served-by: cache-lga13623-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 41, 58953
x-timer: S1745197352.096111,VS0,VE0
vary: Accept-Encoding
content-length: 31046
X-Firefox-Spdy: h2

GET www.amendes.gouv.fr/favicon.ico

185.8.53.118

200 OK

2.2 kB

URL GET
www.amendes.gouv.fr/favicon.ico
IP
185.8.53.118:443
ASN
#47957 Worldline IGSA SA

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerDHIMYOTIS
Subjectwww.amendes.gouv.fr
Fingerprint85:2D:87:9E:F7:F2:AB:68:36:CB:50:70:0D:95:21:F5:A0:C5:95:87
ValiditySun, 27 Oct 2024 23:00:00 GMT - Fri, 28 Nov 2025 22:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Size
2.2 kB (2238 bytes)
Hash
2f34a3977599611db24405c819cb116f
4568ce43171f2a05903b38462891cd064ecc32e2
dd57f113a2eaa7ba3e6b1c507d22910ecd42437f9fef9577cfb8f4719cde59aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.amendes.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Apr 2025 01:02:32 GMT
content-type: image/x-icon
content-length: 2238
last-modified: Fri, 07 Mar 2025 18:06:08 GMT
etag: "67cb3590-8be"
expires: Mon, 21 Apr 2025 02:02:32 GMT
cache-control: max-age=3600
accept-ranges: bytes
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Firefox-Spdy: h2

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php

35.228.201.97

200 OK

59 kB

URL User Request GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (46861)
Size
59 kB (58587 bytes)
Hash
9ca31828b931d88d4bed8a85f2011d18
312aa78f2d830ebb8b54f4df7d3a9dadb8ad97c4
362abb8d7f900bba6106994c27456d941228da1996ae6f23b584dc05b7cdf586

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Government of France

HTTP Headers

GET /aa/aa/infospage.php HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
set-cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 12717
content-encoding: br
vary: Accept-Encoding
date: Mon, 21 Apr 2025 01:02:30 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-bold.woff2

185.8.53.118

200 OK

15 kB

URL GET
www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-bold.woff2
IP
185.8.53.118:443
ASN
#47957 Worldline IGSA SA

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerDHIMYOTIS
Subjectwww.amendes.gouv.fr
Fingerprint85:2D:87:9E:F7:F2:AB:68:36:CB:50:70:0D:95:21:F5:A0:C5:95:87
ValiditySun, 27 Oct 2024 23:00:00 GMT - Fri, 28 Nov 2025 22:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14880, version 1.0
Size
15 kB (14880 bytes)
Hash
819af3d3abdc9f135d49b80a91e2ff4c
0fd9f29faa386a9c8de328f799d2698948ed3d25
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /assets/fonts/open-sans/open-sans-bold.woff2 HTTP/1.1
Host: www.amendes.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app-67234802c1ac181374d0bc03.closte.com/
Origin: https://app-67234802c1ac181374d0bc03.closte.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Apr 2025 01:02:32 GMT
content-type: font/woff2
last-modified: Fri, 07 Mar 2025 18:06:08 GMT
vary: Accept-Encoding
etag: W/"67cb3590-3a20"
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js

104.17.25.14

200 OK

5.8 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (545)
Size
5.8 kB (5819 bytes)
Hash
f757a9aa0bddb4d33e32ba706b94790f
dc5e6f6e29da89457e3b313003bfaf49c799b208
a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6

HTTP Headers

GET /ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app-67234802c1ac181374d0bc03.closte.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Apr 2025 01:02:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 2243
cf-ray: 9338f4da4dcb56ab-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-16bb"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1060342
expires: Sat, 11 Apr 2026 01:02:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZqiuafiULLJWCMz%2FGzpNRBMtB97fHMBnZMchkiqZP%2F8FnAPxxnBn5bbLgoOo8nlosJYLRGlcOilFZSwvgBUB8PJWfc7zPSHtAP9vjtsI0OKcIxnTl%2FKnZw6rK16Zk0mFUGnpM8j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/main-es2017.8d2eb497bdf1e092bf40.js

35.228.201.97

200 OK

462 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/main-es2017.8d2eb497bdf1e092bf40.js
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
462 kB (462201 bytes)
Hash
4fd77e81274256ec8e5f595bb302756b
50c411ab5069e71e5826815c3ebc1f6d6aead744
5ef1328dfdfd1a8fa20c79d713b123df215edb78539a734074da936947b89cf9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/main-es2017.8d2eb497bdf1e092bf40.js HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: application/x-javascript
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 120794
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
access-control-allow-origin: *

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/styles.572738d2b631b3d66c72.css

35.228.201.97

200 OK

18 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/styles.572738d2b631b3d66c72.css
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (11857), with CRLF line terminators
Size
18 kB (17634 bytes)
Hash
ba72fefb956b594655b15214b6c1f197
9f00c489c1b44f94d6bc3241633e05b15ba9d538
42e1510268ebbdf3825ed1cbcef4cd91e7e7f5078bbccfa3ce51b62fd068a082

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/styles.572738d2b631b3d66c72.css HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: text/css
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4792
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-regular.woff2

185.8.53.118

200 OK

14 kB

URL GET
www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-regular.woff2
IP
185.8.53.118:443
ASN
#47957 Worldline IGSA SA

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerDHIMYOTIS
Subjectwww.amendes.gouv.fr
Fingerprint85:2D:87:9E:F7:F2:AB:68:36:CB:50:70:0D:95:21:F5:A0:C5:95:87
ValiditySun, 27 Oct 2024 23:00:00 GMT - Fri, 28 Nov 2025 22:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14380, version 1.0
Size
14 kB (14380 bytes)
Hash
33543c5cc5d88f5695dd08c87d280dfd
600db9374e47e4f73a59ccc0a99bcc42f4a3e02a
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /assets/fonts/open-sans/open-sans-regular.woff2 HTTP/1.1
Host: www.amendes.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://app-67234802c1ac181374d0bc03.closte.com/
Origin: https://app-67234802c1ac181374d0bc03.closte.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 21 Apr 2025 01:02:32 GMT
content-type: font/woff2
last-modified: Fri, 07 Mar 2025 18:06:08 GMT
vary: Accept-Encoding
etag: W/"67cb3590-382c"
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-encoding: gzip
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Firefox-Spdy: h2

GET www.amendes.gouv.fr/bg-intro.9630b0c4c57c3d72d3ec.jpg

185.8.53.118

404 Not Found

0 B

URL GET
www.amendes.gouv.fr/bg-intro.9630b0c4c57c3d72d3ec.jpg
IP
185.8.53.118:443
ASN
#47957 Worldline IGSA SA

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerDHIMYOTIS
Subjectwww.amendes.gouv.fr
Fingerprint85:2D:87:9E:F7:F2:AB:68:36:CB:50:70:0D:95:21:F5:A0:C5:95:87
ValiditySun, 27 Oct 2024 23:00:00 GMT - Fri, 28 Nov 2025 22:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bg-intro.9630b0c4c57c3d72d3ec.jpg HTTP/1.1
Host: www.amendes.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 21 Apr 2025 01:02:32 GMT
content-type: text/html; charset=utf-8
content-length: 1416
etag: "67cb3590-588"
strict-transport-security: max-age=16000000; includeSubDomains; preload;
X-Firefox-Spdy: h2

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/banner.f9855031892baad8a497.svg

35.228.201.97

404 Not Found

1.3 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/banner.f9855031892baad8a497.svg
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/banner.f9855031892baad8a497.svg HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/styles.572738d2b631b3d66c72.css
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/lock.d72c3b80536f448a52ed.svg

35.228.201.97

404 Not Found

1.3 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/lock.d72c3b80536f448a52ed.svg
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/lock.d72c3b80536f448a52ed.svg HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/styles.572738d2b631b3d66c72.css
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/runtime-es2017.d8ae961f0555d440b720.js

35.228.201.97

200 OK

3.6 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/infos_files/runtime-es2017.d8ae961f0555d440b720.js
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3563), with no line terminators
Size
3.6 kB (3563 bytes)
Hash
359f1c1919a337983e6e4e07620ab459
c6473e4162c594cdf836a180bf9a5fc183d8a9dc
c6ae08b826ab67f0dc74c4a61f24c2b988f4c2c9d7dd85b6aa616cae373394e5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/infos_files/runtime-es2017.d8ae961f0555d440b720.js HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Mon, 28 Apr 2025 01:02:31 GMT
content-type: application/x-javascript
last-modified: Sat, 19 Apr 2025 13:43:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1757
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed
access-control-allow-origin: *

GET app-67234802c1ac181374d0bc03.closte.com/aa/aa/assets/fonts/open-sans/open-sans-regular.woff2

35.228.201.97

404 Not Found

1.3 kB

URL GET
app-67234802c1ac181374d0bc03.closte.com/aa/aa/assets/fonts/open-sans/open-sans-regular.woff2
IP
35.228.201.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Certificate
IssuerSectigo Limited
Subject*.closte.com
Fingerprint8E:69:D4:9B:6C:23:5E:09:6B:A2:C4:0E:54:32:E4:60:01:92:61:53
ValidityMon, 27 May 2024 00:00:00 GMT - Fri, 27 Jun 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - French Tax Agency

HTTP Headers

GET /aa/aa/assets/fonts/open-sans/open-sans-regular.woff2 HTTP/1.1
Host: app-67234802c1ac181374d0bc03.closte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://app-67234802c1ac181374d0bc03.closte.com/aa/aa/infospage.php
Cookie: PHPSESSID=6c0d97264a8d15cd6694bc04fb651873
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Mon, 21 Apr 2025 01:02:31 GMT
server: LiteSpeed

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML