Overview

URL pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
IP173.236.171.127
ASNAS26347 New Dream Network, LLC
Location United States
Report completed2019-05-22 00:39:08 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-22 00:38:36 CEST 1  173.236.171.127 Client IP ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
2019-05-22 00:38:36 CEST 1  173.236.171.127 Client IP ET INFO Possible Phish - Mirrored Website Comment Observed
2019-05-22 00:38:38 CEST 1  173.236.171.127 Client IP ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
2019-05-22 00:38:38 CEST 1  173.236.171.127 Client IP ET INFO Possible Phish - Mirrored Website Comment Observed


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
2019-05-22 2 pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5n (...) Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 173.236.171.127

Date UQ / IDS / BL URL IP
2019-05-31 07:09:52 +0200
0 - 8 - 12 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-05-31 07:05:42 +0200
0 - 8 - 12 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-05-23 03:30:34 +0200
0 - 0 - 8 pilotajes.com/articulos/categoria/erwewtert 173.236.171.127
2019-04-05 19:34:27 +0200
0 - 0 - 1 pilotajes.com/servicios/tipos-de-pantallas 173.236.171.127
2019-03-24 05:15:27 +0100
0 - 0 - 1 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-03-18 02:10:29 +0100
0 - 0 - 1 pilotajes.com/galeria/pilotajes01-20 173.236.171.127

Last 10 reports on ASN: AS26347 New Dream Network, LLC

Date UQ / IDS / BL URL IP
2019-06-21 08:12:51 +0200
0 - 0 - 0 www.alhiwar.net/ShowAdv.php?Tnd=70#.XQxKTogzaUk 75.119.200.173
2019-06-21 00:25:51 +0200
0 - 0 - 1 doddlercon.com 208.113.183.185
2019-06-21 00:21:23 +0200
0 - 0 - 0 ro.doddlercon.com 208.113.183.185
2019-06-21 00:11:16 +0200
0 - 0 - 0 ro.doddlercon.com/images/damagemod.jpg 208.113.183.185
2019-06-20 19:38:19 +0200
0 - 0 - 0 precisionfixture.com/poop/bbm/login/?signin=d (...) 69.163.217.230
2019-06-20 17:00:26 +0200
0 - 0 - 0 cloudsystemnetworks.com 208.113.164.99
2019-06-20 15:58:27 +0200
0 - 0 - 0 danviethouston.com/favicon.ico 66.33.193.168
2019-06-20 14:52:17 +0200
0 - 0 - 0 www.pilferdata.com 75.119.204.114
2019-06-20 12:19:26 +0200
0 - 0 - 0 precisionfixture.com/poop/bbm/ 69.163.217.230
2019-06-20 12:08:11 +0200
0 - 0 - 0 precisionfixture.com/poop/bbm/ 69.163.217.230

Last 6 reports on domain: pilotajes.com

Date UQ / IDS / BL URL IP
2019-05-31 07:09:52 +0200
0 - 8 - 12 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-05-31 07:05:42 +0200
0 - 8 - 12 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-05-23 03:30:34 +0200
0 - 0 - 8 pilotajes.com/articulos/categoria/erwewtert 173.236.171.127
2019-04-05 19:34:27 +0200
0 - 0 - 1 pilotajes.com/servicios/tipos-de-pantallas 173.236.171.127
2019-03-24 05:15:27 +0100
0 - 0 - 1 pilotajes.com/cgialfa/impot2017/impots.gouv/H (...) 173.236.171.127
2019-03-18 02:10:29 +0100
0 - 0 - 1 pilotajes.com/galeria/pilotajes01-20 173.236.171.127


JavaScript

Executed Scripts (9)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (29)


Request Response
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 May 2019 22:38:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10409
Md5:    bd2eef16864bf8fa0d635d76867711d5
Sha1:   debd77ac9c640d4b92428b7eed14e4d8e939e658
Sha256: 12edcc67abe7ca1a188360f48de75bab49ec79999eb49078a9431ee619002d59

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/styles/bootstrap-3.3.6.min.css HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 21 May 2019 22:38:35 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "1d9c0-58458f65860a0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   20043
Md5:    42d7393d59aa96f6339beba50aaba5bb
Sha1:   676e53633a67d910790d168c4b2749e2c247ec74
Sha256: f4ab86b75b13d40b296b5d6b1d59fdfca2e297c0ec7972c980077ced5454ee8d
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/styles/autentification.css HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 21 May 2019 22:38:35 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "3123-58458f65860a0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3613
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   3613
Md5:    7dde88350f41777488d403bc27f03a36
Sha1:   bee415a6159d02eaf6b7bcefb9d45ace700dc40f
Sha256: b738ea081f443bba328601cf2fd2b7d90e7c3c284a451e19124f3c585858f289
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/Small-logoSMART.png HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "cc1-58458f6584160"
Accept-Ranges: bytes
Content-Length: 3265
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 47 x 47, 8-bit/color RGBA, non-interlaced
Size:   3265
Md5:    0ede6030804063696fb10ea2796e94fd
Sha1:   b3d60d5aa10e31ee98e74ceee709795fd5905b74
Sha256: 5557892d7b0f7f22358adb68a61d249d05375320d1fd6e11ea9518b0f9d464a7
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/js/jquery-1.11.3.min.js HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "176da-58458f6585100"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33875
Md5:    f7f293a165e05e86c427015582b910c1
Sha1:   e4520eacb3c355fee51fef7929f99dca5894b2d4
Sha256: 24d2e4d7356115a5fabd158b1f932ad6891895d899679a61eff775de23f4e7ee

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/fermer.svg HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "6dd-58458f6581280"
Accept-Ranges: bytes
Content-Length: 1757
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   1757
Md5:    c2a9168d032fcd7c8a0f8f015b10d211
Sha1:   8376d9a7c74b0b3ba4cbfde3658cf893a4cce7ec
Sha256: bd41f1926d21d2cdcc4522c7d6ad6348e4f79230f97dc81910486b633fc98c23

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/TelechargementStore.gif HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "2ad-58458f6584160"
Accept-Ranges: bytes
Content-Length: 685
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 55 x 44
Size:   685
Md5:    9afb2b7b19c555f6adefb6481976a53f
Sha1:   1a748af11a78af210c9308eac9e41f582b630a53
Sha256: f06dd7f38f2fecb8b4fab54cfa994082c90ebe3d289ed82992d906572b36a187
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/info.png HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "7cb-58458f6582220"
Accept-Ranges: bytes
Content-Length: 1995
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 107 x 105, 8-bit/color RGBA, non-interlaced
Size:   1995
Md5:    99ef60e7a90d88658f2f7b6086c4782f
Sha1:   970b75487fd783a066d1d20d5148e4c408a566ed
Sha256: b8b97e5544aa98b04f13bbb97f44ca648fcea23af0a65a4000eb85889b706c1d
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/aide.svg HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "14d7-58458f6581280"
Accept-Ranges: bytes
Content-Length: 5335
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   5335
Md5:    f7b182639e776e90e75bd08d41c6b27e
Sha1:   a99286e8ef923b37679f523729db1a281e1b4b9d
Sha256: e952750309dc8bd10a6bc568005552dbc541ec388fcd5b959a2e2f918e6a93df

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/num_fiscal.png HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "2c58-58458f65831c0"
Accept-Ranges: bytes
Content-Length: 11352
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 358 x 90, 8-bit/color RGB, non-interlaced
Size:   11352
Md5:    e1ec4daf3bb73fc2d1ae4a8ccaeaab56
Sha1:   95f7c081aba105bb2ee25d136866c974ef37905e
Sha256: 662ee4624be6f67f73e1365f9ed8eaba64b08044eea22f41102b64cfa1b97c6b
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/logo-fc.png HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "1d6c-58458f6582220"
Accept-Ranges: bytes
Content-Length: 7532
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 45 x 50, 8-bit/color RGBA, non-interlaced
Size:   7532
Md5:    34bfd90a0a2d8e31841fa6fa5d8f0773
Sha1:   d5d5274014cb0fdefe1412a48456278012b9ed33
Sha256: 8a1ffefb7605c98a92890e4ab41705314eb5c2aab201d4863cb06a24ee2d383d
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/num_acces.png HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "2a17-58458f65831c0"
Accept-Ranges: bytes
Content-Length: 10775
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image, 358 x 90, 8-bit/color RGB, non-interlaced
Size:   10775
Md5:    4e6c27da9520a8c2ceef91ed89259369
Sha1:   2b08f22f82091ecc2870b479757fd649180e97a2
Sha256: df2b07cd437457754a5c25161c293a2786b7cb8469f1ceb7cc9c9610f9138ed5
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/rfr2.gif HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "1eaa-58458f6584160"
Accept-Ranges: bytes
Content-Length: 7850
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 87a, 500 x 45
Size:   7850
Md5:    9ac569f9172ee2f72b4b8ec60e878200
Sha1:   1aa6a5e76bf8e57df193b9c4c54a695885aeae07
Sha256: c4544c13ad576f40a13c65e029f0b71dd886995a44fe60d8950e4a3ac3c72ef2
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/js/bootstrap.min.js HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "900a-58458f6585100"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9915
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   9915
Md5:    b04cb446dd9340821d693d17acb755d9
Sha1:   34ee5d4f88f2478f1a3e9c90a4dd11a8a652397c
Sha256: b3a4fcb74248acca122829477b802d41599f3b037f626bf3df7b02e402db3232

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/js/auth.js HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "3073-58458f6585100"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1874
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1874
Md5:    7bf5b7c7837979006618851ff5db9af2
Sha1:   4436e4d15f295a66fb8097e0bc937d1eca4100da
Sha256: 9fb69cacdfe29ef57de5248858f17726deb0a66382d32a75735e7d7eb4e2ac70

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/rfr_th.gif HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "2e4a-58458f6584160"
Accept-Ranges: bytes
Content-Length: 11850
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 87a, 500 x 77
Size:   11850
Md5:    e80bd3543a2f020bb1d41127658a71dd
Sha1:   cf385d3e0852316b718f199d4e5da68f05ffeb29
Sha256: 081f617d20c0d2420e4f16b1ea74665263cf1dc94b165344e9db43c8f692fa67
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/js/urls.js HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "17d-58458f65860a0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 203
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   203
Md5:    54d7e0276261cc6e8f8212562b931930
Sha1:   151f0512ba60eab2a5634eab0f88af6a31838a79
Sha256: 6e43c991ffa53a96ee34f036754188b32f5aa06140f9469b643a2ab433fa37c1

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/rfr.gif HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "5277-58458f65831c0"
Accept-Ranges: bytes
Content-Length: 21111
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 261 x 224
Size:   21111
Md5:    3ca9a8d2da0185952738f92c4e8b5af5
Sha1:   3a3fee8aa01051a0fd781928cc99c62849bb2370
Sha256: 30c41fffa269f92fe8cd7f7b8826158257370884de8bd331c88fe32838a2b0fe
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/Miniballs.gif HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "4606-58458f65831c0"
Accept-Ranges: bytes
Content-Length: 17926
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 64 x 64
Size:   17926
Md5:    19df9250795ee08e7c07c9f342422657
Sha1:   97a1f8cd94be6909fdde853ba6f04b1432e03ba5
Sha256: 4d644aae3091c93a949be93b969dcd0f1ac12faf5c233556a6aa9d64b79479d6
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10409
Md5:    bd2eef16864bf8fa0d635d76867711d5
Sha1:   debd77ac9c640d4b92428b7eed14e4d8e939e658
Sha256: 12edcc67abe7ca1a188360f48de75bab49ec79999eb49078a9431ee619002d59

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/Cadenas.svg HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/styles/autentification.css
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "2098-58458f6581280"
Accept-Ranges: bytes
Content-Length: 8344
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   8344
Md5:    85e53db5eca1e60b86ce3a5fb1a521a1
Sha1:   8b6a8081468f6b505401d129be915dbcc92eefbf
Sha256: 6287b87faa9499dab1b10e123f1032f691202ce7e9eaf2d6ba2d63b8b48b7e39

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 116
Content-Type: application/ocsp-request

                                         
                                         151.139.128.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Accept-Ranges: bytes
Last-Modified: Sat, 18 May 2019 08:04:56 GMT
Server: Apache
Etag: E5B08E66E7DAA1AB5DC8011C540174D3C5FBAF66
Cache-Control: max-age=303521,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp1
X-HW: 1558478316.cds047.sk1.h2,1558478316.cds043.sk1.c
Connection: keep-alive
Content-Length: 472


--- Additional Info ---
Magic:  data
Size:   472
Md5:    48a2c7ba4f38459d8860e36a778acdfc
Sha1:   e5b08e66e7daa1ab5dc8011c540174d3c5fbaf66
Sha256: 80b0c554f89e80af003c12084f0438f8f095033cd745fc5171b071403fe3c922
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/images/Logo-Marianne%2bimpots-gouv-fr.svg HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/templates/styles/autentification.css
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Last-Modified: Mon, 18 Mar 2019 07:01:48 GMT
Etag: "13d97-58458f65831c0"
Accept-Ranges: bytes
Content-Length: 81303
Keep-Alive: timeout=2, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   81303
Md5:    3890c54adcf5fb072dac28f6d96ef190
Sha1:   dd50c95fe41624f73a277f34c457dbb996a1a85f
Sha256: cf099e2de9f31c9abc455f32f639de4414d51cacda3b73f51a7eb23e8a5eebb7

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         151.139.128.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 15 May 2019 15:20:45 GMT
Server: Apache
Etag: 56B3BC7F6BA8876DE934AC8E93F80E636A719791
Cache-Control: max-age=302399,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp16
X-HW: 1558478316.cds047.sk1.h2,1558478316.cds043.sk1.c
Connection: keep-alive
Content-Length: 727


--- Additional Info ---
Magic:  data
Size:   727
Md5:    51b4e1c0ae83b2cb9a7c876bc7b09957
Sha1:   56b3bc7f6ba8876de934ac8e93f80e636a719791
Sha256: 751f48a2214dce1bd47f1ef5c47c447d19ac35106888894f3edecb57e1e3c594
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         151.139.128.14
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 15 May 2019 15:20:45 GMT
Server: Apache
Etag: 73D83D448FA3E8835E45F2E1730811DB8B677C8E
Cache-Control: max-age=302399,public,no-transform,must-revalidate
X-OCSP-Responder-ID: mcdpcaocsp13
X-HW: 1558478316.cds056.sk1.h2,1558478316.cds047.sk1.c
Connection: keep-alive
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    ff38d87460f0be278feefc0c10814ddc
Sha1:   73d83d448fa3e8835e45f2e1730811db8b677c8e
Sha256: 9da5368b5a8f1f0a3623c4e95e4f4879b2c267145d52bb4a06e1fb7815e0c3bc
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Range: bytes=0-
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10409
Md5:    bd2eef16864bf8fa0d635d76867711d5
Sha1:   debd77ac9c640d4b92428b7eed14e4d8e939e658
Sha256: 12edcc67abe7ca1a188360f48de75bab49ec79999eb49078a9431ee619002d59

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
                                        
                                            GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pilotajes.com/cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php

                                         
                                         104.19.199.151
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 17 May 2018 09:21:00 GMT
Etag: W/"5afd497c-15283"
Expires: Sun, 10 May 2020 22:38:36 GMT
Cache-Control: public, max-age=30672000
Vary: Accept-Encoding
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Served-In-Seconds: 0.003
CF-Cache-Status: HIT
Strict-Transport-Security: max-age=15780000; includeSubDomains
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4daa0aa8a8ef427d-OSL


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   30388
Md5:    839ea6d40b314e1a1d99365999531070
Sha1:   c3df8f9c3f72c4365b02c9b991896f49c48f15c6
Sha256: 7b8eb2ea2cfda6af8796dde18078b512d6f69f29d31663c95277b43372513209
                                        
                                            GET /cgialfa/impot2017/impots.gouv/HR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==/cf090aa846b3941b9661bc67e1741b5b/index.php HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Range: bytes=0-
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 May 2019 22:38:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   10409
Md5:    bd2eef16864bf8fa0d635d76867711d5
Sha1:   debd77ac9c640d4b92428b7eed14e4d8e939e658
Sha256: 12edcc67abe7ca1a188360f48de75bab49ec79999eb49078a9431ee619002d59

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
    - ET CURRENT_EVENTS Cloned Website Phishing Landing - Mirrored Website Comment Observed
    - ET INFO Possible Phish - Mirrored Website Comment Observed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: pilotajes.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=r30ZJhz018vbU2mzVhExj0

                                         
                                         173.236.171.127
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Tue, 21 May 2019 22:38:37 GMT
Server: Apache
Last-Modified: Sat, 25 Aug 2018 21:59:13 GMT
Etag: "0-574499a50d519"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive


--- Additional Info ---