{"report_id":"01493f84-de45-4cf3-a1a9-8db9172dc468","version":6,"status":"done","tags":["microsoft","phishing"],"date":"2026-01-18T20:54:11Z","url":{"schema":"http","addr":"scsalud.closer.website","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"scsalud.closer.website/","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"title":"Outlook","dom":{"size":6103,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (496)","md5":"3a0f48e7bb11ed7f340e4c4b6334a6e9","sha1":"ca747e5f95105787124cde34a75a3ed2ff482b15","sha256":"b8c319e1c49c8efefb446e45739d2ca14413dc47fc697de0ae77fd68a7ed8a91","sha512":"f4a517567197d54b84ce7153b85f35dab2dd20e20486910a0de0643cf27f0a9075db7c8d0a0eec1bbab3dc1e717f2b383c737bf8245467ea3b9e5bfc06a0d122","ssdeep":"96:nje2v2D1q/xci4qJ5Bwzx6+FxllPpUNw90RLSIS44ix9/2:Xc9qHBw96+HlrUu9iOZZuQ","tlshash":"52c11002a896cd4e5725f4e5d603bc19f4e8ea23e60ec4c972ac1ba55feced44b0b744","dom_hash":"domhash2897eb317b620b727dc5b84a3613655c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"scsalud.closer.website","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-22T20:54:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"summary":[{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-11T22:30:04.050705Z","alert_count":0,"request_count":1,"received_data":86972,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"scsalud.closer.website","ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2022-08-05","domain_rank":0,"first_seen":"2026-01-18T13:12:59.143874Z","last_seen":"2026-01-18T13:12:59.143874Z","alert_count":80,"request_count":20,"received_data":712153,"sent_data":10511,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"scsalud.closer.website/box/box-flex.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ed9820ce0ceb9ab90e8373b6aec410d","sha1":"4663cab1e85cd70ba66f40ff39d8bf8da0fa9f53","sha256":"90bbb367dd61591de215ff7f3a75e1460c559efc5cc92e759d48b49fe7859eac","sha512":"280c7edbe1d4e31006581546a0c2bf31547065bd3fc9063d8ed93051060512994126300d12096b096f440d2fd111ade63399fb167e0e9097fec91fea5cd9efda","ssdeep":"1536:L5f9G+qindJyT3V+fII+7iQjdeB8HZvKPCjXonmehKHzBvsK6LfoNZo8hq3+FTdF:L5+peFmiqjXumfZp8ZTyl","tlshash":"1ce3088832a2303208db62b6d45b53457173300f2449d49cb97dd9c7afb8dae35a7bb9","size":152842,"data":"","first_seen":"2025-06-30T02:57:40.76474Z","last_seen":"2026-04-19T04:02:01.042322Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/helpers/common/cookie.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"15ed8a19c638da87c546d8bf5efd96dc","sha1":"6cfa4d01b6eca726e80b3789d9515a5a89314edc","sha256":"baba8b7d2826fdb03b98aaae3465221673a55296577c2315990ae24d2f126f03","sha512":"dd24328cd51e5a8fe9d15f57fead4c7cacb20fa30827d7c6f690a67fc9b779faeafddc19a4b3eeac647e03d8be8a1067b8cbab6971ca5e47f829651dafbe0063","ssdeep":"","tlshash":"02f02b10b774fc2bc24402920cb843a6b9208afa1599b12cd976ae613550e8266f6966","size":497,"data":"","first_seen":"2026-01-18T13:13:01.487966Z","last_seen":"2026-04-15T05:57:32.305306Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/helpers/common/helpers.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3bba03f5f6277f124197365ccafb3767","sha1":"d242f1e657a283797b36e1609bd29ba717f73fc5","sha256":"7792ee016db97d1fe6f1aaecd42f9ecdcf169e74fed7102526f11fd6083f8fa2","sha512":"5cd48fbb135168e64ec9d7240f43eabd76d98cb771315c60b037d40d45528721b1c8018f0aa13bd0975e33fa4103e4c38e77c9cc604d3a0a7c74fa8119eb5b44","ssdeep":"","tlshash":"9f21202ca11878721c6740c68143b657fb4ba0fb91464020c06a5828f45dedfe8a6ff9","size":1237,"data":"","first_seen":"2026-01-18T13:13:01.495983Z","last_seen":"2026-04-15T05:57:32.319199Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/contact-form/common/contact-form.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"80a1690e86cc75e79b70118d026ded39","sha1":"43e15d390b294a9663ad932673b05f70fe9d4c73","sha256":"b854ce66a91e595f9f946422d1348267989ceb8c8d68b33470793099435e69d2","sha512":"9c8e9f730802931f456ad2e59ffac5339c8be7ccfc655eb1ae3f5725ad204478e528a22be7d4b3247d5d29edfd6b08e213db72a37c641309338fdfa59455c258","ssdeep":"96:4XetBGAMyd8Ug4ifKsO1ssiAZrw/G1ioSjXF:vCyd8HfCd1qAZ0/G1ioSjV","tlshash":"cd9172b1676548b00dbe029bd8ca66c1e63175fefc1e8433945c8d4939acec1f661fa1","size":4396,"data":"","first_seen":"2026-01-18T13:13:01.505666Z","last_seen":"2026-04-15T05:57:32.30722Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/glide/glide.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"765287e1bbd0fe0d28a652092b23e2d9","sha1":"75af935102d6aa480e7e7b8c9148b03479ea5dc4","sha256":"715d3ce8b0e92012fdcc7edf098f37ae638584c5de7dd45dc53dedac5a4764f5","sha512":"fd66de2b4ebb4418feec4ccf59742af7b10aed5cb6d732a67c99db5a17dd9ef5af60633fa4ba1c21394c7e2302f16d06c0ea71851d06e54081e3d699efbd6c67","ssdeep":"768:E/W0tpceIrFBJQ7ArLGZ8eCGxZ+mlDLBmW0/LC0cZ3nkQTsPEg9dG1mVThGvmIk8:brFcFh+MDtmUsPEg9dG1mVThGvmIkjp+","tlshash":"7483508d7cf620465463303c579f9486f1b6820b55599d84bcae87f85fa0f3806eabe8","size":86574,"data":"","first_seen":"2025-06-30T02:57:40.759653Z","last_seen":"2026-04-19T04:02:01.04761Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/navbar/navbar.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc8fc9c06ee934ec778d32509b179041","sha1":"375ad9e094901530c83c961f6f5256d2a7fe7fb1","sha256":"cabac6e030097443d4a7103132edad438f9870328d94a7b6791f95b7102c09a4","sha512":"5c6e04b1dc9d5387a39264edbe06fb3210c4c1052ee7b2a37911438e05f2bfe6fa4d72a7e4f1561254b2fdfa9b1b5245a85c82310b1c6cbe68034500184f079d","ssdeep":"192:5UZYug3WSnnhfwWajhj46nczJXV1C2cc66p44p6oNUWSCPUvZvyfwDB+SBf0wE3t:5UKznhfwWajhuzZV1C2Zr6+UWSCeVyf3","tlshash":"53220e702065c9b614ef0b9f22f09ac0b2a464def54561b7742d4c2e5a69cc372a0bff","size":10259,"data":"","first_seen":"2025-06-30T02:57:40.760987Z","last_seen":"2026-04-15T05:57:32.296336Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"scsalud.closer.website/","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-18T20:53:49.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:49 GMT\r\ncontent-type: text/html\r\nexpires: Sun, 18 Jan 2026 20:53:49 GMT\r\ncache-control: max-age=0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6046,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (502)","md5":"48b0c403584a55d9345d547108c75287","sha1":"e02efa2868c91e488ed4056a6ec8ba05fde3e628","sha256":"c5d31f9a3d5da0e8228a61e4c04d3f18d43c862dd44f6e165b52562942d63cdb","sha512":"7a492eb5e49c691e02525c7f18ec9f85e3017684117cd30137bb585604abcad41974463d6d69f3feb7fae1ff2936ada72fd9f1cabaaf33235e442a20194bb455","ssdeep":"96:m6R9v9D2bZWZWcitfJ5Bw01xZ+FxllPpUNw90RLSIS44ix9/O:6cQfHBweZ+HlrUu9iOZZuQ","tlshash":"7cc11102a896cd5e1325f4e5d503bc1df4e8ea23e20ed4c971ac0ba55fe8ed40b0b785","first_seen":"2026-01-18T13:13:01.471549Z","last_seen":"2026-01-18T20:54:12.324154Z","times_seen":3,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":168,"dns":112,"connect":24,"send":0,"wait":25,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/minimalist-blocks/content-custom.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/minimalist-blocks/content-custom.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 105\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: \"660bc169-69\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7710d5fd581788beb2d525c5a6426b95","sha1":"f42c34b6147d83b421bc8a96c749b257e6c4f03a","sha256":"279db7df3e1a97b17a04522f29607e5c4b832b98f32e4ee98b31aff2ae355a3c","sha512":"e3fc99201eec9b8cd800703fc9f6cad4ae3012029f274913ca4b9f4791d4afa9c0503f468177b8178f9c8f8becbd6f7de6d6aae5b9117eae6d757f94edf180f0","ssdeep":"","tlshash":"d6b012096bb2bd24640dc49065af13a39b0740131ed3f91c3d2a17868fd28f2c152f70","first_seen":"2025-11-27T05:04:13.259721Z","last_seen":"2026-04-15T05:57:32.304149Z","times_seen":14,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/styles/type-system-ui.css","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/styles/type-system-ui.css HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\netag: W/\"66d6b85d-495\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1173,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"e158d62592fb9f96328fe3a01301caf5","sha1":"751d239997dc3bf2d0f5676bbd9600d4f3f3928d","sha256":"0933603b0cf8f885fa714a5202d75109c75300ce7ac2014c10bb2a0e1f057f45","sha512":"d2de78b10870fb2cf9557a3782f29b466681077a4127eddf907d0986e872f6b733a3767bd3f484d1903efc21fe020180bec5e0da1bc695f9915156343d22e074","ssdeep":"","tlshash":"7b213b0b075a6205ec518cd07a112f8aa928a4064d45e1fe67c37be4cd5bc3dab70f2f","first_seen":"2025-12-22T05:52:22.966971Z","last_seen":"2026-04-15T05:57:32.328822Z","times_seen":14,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/box/box-flex.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.095Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /box/box-flex.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\netag: W/\"66d6b85d-2550d\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":152845,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (27496)","md5":"5ed9820ce0ceb9ab90e8373b6aec410d","sha1":"4663cab1e85cd70ba66f40ff39d8bf8da0fa9f53","sha256":"90bbb367dd61591de215ff7f3a75e1460c559efc5cc92e759d48b49fe7859eac","sha512":"280c7edbe1d4e31006581546a0c2bf31547065bd3fc9063d8ed93051060512994126300d12096b096f440d2fd111ade63399fb167e0e9097fec91fea5cd9efda","ssdeep":"1536:L5f9G+qindJyT3V+fII+7iQjdeB8HZvKPCjXonmehKHzBvsK6LfoNZo8hq3+FTdF:L5+peFmiqjXumfZp8ZTyl","tlshash":"1ce3088832a2303208db62b6d45b53457173300f2449d49cb97dd9c7afb8dae35a7bb9","first_seen":"2025-06-30T02:57:40.76474Z","last_seen":"2026-04-19T04:02:01.042322Z","times_seen":25,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/navbar/navbar.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/scripts/navbar/navbar.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: W/\"660bc169-2813\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10259,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10258)","md5":"fc8fc9c06ee934ec778d32509b179041","sha1":"375ad9e094901530c83c961f6f5256d2a7fe7fb1","sha256":"cabac6e030097443d4a7103132edad438f9870328d94a7b6791f95b7102c09a4","sha512":"5c6e04b1dc9d5387a39264edbe06fb3210c4c1052ee7b2a37911438e05f2bfe6fa4d72a7e4f1561254b2fdfa9b1b5245a85c82310b1c6cbe68034500184f079d","ssdeep":"192:5UZYug3WSnnhfwWajhj46nczJXV1C2cc66p44p6oNUWSCPUvZvyfwDB+SBf0wE3t:5UKznhfwWajhuzZV1C2Zr6+UWSCeVyf3","tlshash":"53220e702065c9b614ef0b9f22f09ac0b2a464def54561b7742d4c2e5a69cc372a0bff","first_seen":"2025-06-30T02:57:40.760987Z","last_seen":"2026-04-15T05:57:32.296336Z","times_seen":31,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/helpers/common/helpers.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/helpers/common/helpers.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\nvary: Host\r\nlast-modified: Tue, 09 Dec 2025 11:20:18 GMT\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1237,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (657)","md5":"3bba03f5f6277f124197365ccafb3767","sha1":"d242f1e657a283797b36e1609bd29ba717f73fc5","sha256":"7792ee016db97d1fe6f1aaecd42f9ecdcf169e74fed7102526f11fd6083f8fa2","sha512":"5cd48fbb135168e64ec9d7240f43eabd76d98cb771315c60b037d40d45528721b1c8018f0aa13bd0975e33fa4103e4c38e77c9cc604d3a0a7c74fa8119eb5b44","ssdeep":"","tlshash":"9f21202ca11878721c6740c68143b657fb4ba0fb91464020c06a5828f45dedfe8a6ff9","first_seen":"2026-01-18T13:13:01.495983Z","last_seen":"2026-04-15T05:57:32.319199Z","times_seen":12,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/glide/css/glide.core.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/scripts/glide/css/glide.core.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: W/\"660bc169-423\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1059,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"6bfc658c2ffe8f51523e0653d933a210","sha1":"97ba5af6a580f1365f78a10272c769859539812b","sha256":"3b98696013f1d1ab23b2661be00b4a1297e6d061f819bd265430610de846be05","sha512":"a42c2eb6ab89c344f85e76594b1059ed8c205efa910cccccfc7cdf3b3467565887bed9163c851bd6ff6d94484f28a033df3ae368d653f1927c946acc10af20d5","ssdeep":"","tlshash":"7c11ce1b99635004301ab6e61baeda0c22b6d017dd13dde87bea9501cf0afd911c23e3","first_seen":"2025-06-30T02:57:40.794245Z","last_seen":"2026-04-19T04:02:01.070003Z","times_seen":59,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/contentbox/common/contentbox.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/contentbox/common/contentbox.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 902\r\nvary: Host\r\nlast-modified: Thu, 21 Nov 2024 11:55:18 GMT\r\naccept-ranges: bytes\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":902,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"7a798e0cd2d8050c30c7fae27419a248","sha1":"c4d54cef32b9e8baeebea7a1adc0ecf49b70f954","sha256":"cc4d96ac669b06076d5efd6f8ea97b7e2cf6db33f3dacc75a5e11c47ac8392c0","sha512":"d20cee616c94cebf636346d53b8405d1ef7806624ea4d839665f8e1f8153ee84a230858ac85b14b762a7f557b71facf12f85a3f8024c4eadc6dc5207500b8b34","ssdeep":"","tlshash":"11119c1797f74c34913e89ae4ba3774c5f098877baef9c97a440b62cc1c424e19a0e0c","first_seen":"2026-01-18T13:13:01.485757Z","last_seen":"2026-04-15T05:57:32.301535Z","times_seen":12,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/glide/glide.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/scripts/glide/glide.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: W/\"660bc169-15230\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86576,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"765287e1bbd0fe0d28a652092b23e2d9","sha1":"75af935102d6aa480e7e7b8c9148b03479ea5dc4","sha256":"715d3ce8b0e92012fdcc7edf098f37ae638584c5de7dd45dc53dedac5a4764f5","sha512":"fd66de2b4ebb4418feec4ccf59742af7b10aed5cb6d732a67c99db5a17dd9ef5af60633fa4ba1c21394c7e2302f16d06c0ea71851d06e54081e3d699efbd6c67","ssdeep":"768:E/W0tpceIrFBJQ7ArLGZ8eCGxZ+mlDLBmW0/LC0cZ3nkQTsPEg9dG1mVThGvmIk8:brFcFh+MDtmUsPEg9dG1mVThGvmIkjp+","tlshash":"7483508d7cf620465463303c579f9486f1b6820b55599d84bcae87f85fa0f3806eabe8","first_seen":"2025-06-30T02:57:40.759653Z","last_seen":"2026-04-19T04:02:01.04761Z","times_seen":41,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/helpers/common/cookie.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/helpers/common/cookie.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 497\r\nvary: Host\r\nlast-modified: Tue, 09 Dec 2025 11:20:18 GMT\r\naccept-ranges: bytes\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":497,"size_decoded":0,"mime_type":"application/javascript","magic":"C++ source, ASCII text, with very long lines (497), with no line terminators","md5":"15ed8a19c638da87c546d8bf5efd96dc","sha1":"6cfa4d01b6eca726e80b3789d9515a5a89314edc","sha256":"baba8b7d2826fdb03b98aaae3465221673a55296577c2315990ae24d2f126f03","sha512":"dd24328cd51e5a8fe9d15f57fead4c7cacb20fa30827d7c6f690a67fc9b779faeafddc19a4b3eeac647e03d8be8a1067b8cbab6971ca5e47f829651dafbe0063","ssdeep":"","tlshash":"02f02b10b774fc2bc24402920cb843a6b9208afa1599b12cd976ae613550e8266f6966","first_seen":"2026-01-18T13:13:01.487966Z","last_seen":"2026-04-15T05:57:32.305306Z","times_seen":12,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/favicon.ico","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 28 Nov 2025 07:27:08 GMT\r\netag: \"69294ecc-47e\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"fba37bfcf4bdd551c7a17c892eeea119","sha1":"b838ecf58f4debfa27474f1aab897812a9f18fde","sha256":"1594c1f1dd46df21dffd123a965eb1d403601ed0fe62f648ab74ad365a79a561","sha512":"1462a2b1d390c32e9a4a204d59f92cad58ad030f8efd45f5aa3e6678ecf3095ed515a3d926805fac702508571ae5a9d923be853b99ceea248b2ea65523f48e69","ssdeep":"","tlshash":"d9215c4bd5ce8784f0748dbc10051f9af44e509ea7be1981f44740c7e4521d70cbf299","first_seen":"2026-01-18T13:13:01.490144Z","last_seen":"2026-04-15T17:52:34.246291Z","times_seen":6,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/minimalist-blocks/content.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/minimalist-blocks/content.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\netag: W/\"66d6b85d-31938\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":203064,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"81045e7e576ca96cf29d3bc076a86f3a","sha1":"a4d41020fe573d937cff89d87fd7fddfce1a1cfd","sha256":"86bfbe08e26dd44cc8e91c8004082a77bc3d82b22f618e3e22fc9975fd1980a0","sha512":"e282330a13a440bf9b0ba7de4b38e7f89e71258ca42377a2355b649c7fe0da86b38e8b0c648fcf6bba4a430906f5455e9b88fbf89c575802c539b0301635e0d5","ssdeep":"768:KYUdSFDrW5DutOsk7ucjG8l3es+R3fuZiIwG2AlW93l2iEnevvuEjNP68FAxEEl7:m6kcJ4CGIbBgevvuEjNP68UEEllijvnA","tlshash":"f0148b17f7c501263c5908f5b94ab3fdba7d6486db28adba7484b360cf496f309a211c","first_seen":"2026-01-18T13:13:01.499035Z","last_seen":"2026-04-15T05:57:32.29759Z","times_seen":12,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/box/box-flex.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /box/box-flex.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\netag: W/\"66d6b85d-24334\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148276,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"10607bf1dc533aad2816d574b2d570a0","sha1":"1b362bcbeb799c7b1cde77134beabe536ce9a0db","sha256":"ae103409defcba37508c7ca8c344aef50af4829ea92b4174338a9fe81f321bd1","sha512":"f7310daed8c7d035af26f05fbe65f2e58e6310a1bde118c8bef30e7e21689a77b72e2bb21ef65b7f7df72b6e3e15b92804f11bbc52a4e10d2be9bfa00e67b74c","ssdeep":"1536:0S2rvTvZv/P3Zrv7H/sDLNb2GW2LOwa6NYFsWI/RZwsvj8jmdV9Xi+lhlQ97tqNX:LRZejmdVJzrncc","tlshash":"7de3df933640284c6ea7412b14df761c293ca152f3379cedbd656188cfc8ee569e3ba4","first_seen":"2025-09-12T06:32:02.971882Z","last_seen":"2026-04-19T04:02:01.080333Z","times_seen":24,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/glide/css/glide.theme.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/scripts/glide/css/glide.theme.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: W/\"660bc169-20ae\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8366,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bb78bc5a45b81f22f3a2eaa009341e20","sha1":"60d08857acb3ccbafc2ef1221221c8c0f1cffa02","sha256":"dd5178e9a00e7124d26e69885da55d8ca214f3e278614c29b83ebce8ff657e7a","sha512":"8adee0e290680c0fed0c7e6b15530c1cdf8cf7aec07abf8102f4181acb6b97139d2886327fcd410cd5d4cb0f7a19dfa9d1e846b09675f043653da45ea511c5fa","ssdeep":"192:n5ulGrX1wZ/bpiVsAYcggYcWPvUZtXe2hI2mOk:wAKZ/gWPvQp7h2","tlshash":"86022216a6e15509884bb1192c96cb5dfbec8102934accfdf9db7018cf8d1c9a732bd9","first_seen":"2025-06-30T02:57:40.785624Z","last_seen":"2026-04-19T04:02:01.080784Z","times_seen":56,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/ionicons/css/ionicons.min.css","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/ionicons/css/ionicons.min.css HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/assets/minimalist-blocks/content.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\netag: W/\"660bc169-c854\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51284,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (50802)","md5":"6798564e1f2e3291ed7e11eb291d282b","sha1":"cc8043b90c2a0962ecae08e62298d3ebb894eabb","sha256":"8c01c3cb08ae66fdf817221b3a79245fcdb94ea59a3fce2093894d6f4bb6ccf8","sha512":"bec80201e8e3317b1bd57782dbb715f3d4265dec398e53f321cd333c55887a31ef52e4a0537b900a39870e75abeda684282bbdc7a7b1b99df28c13bfaa00d459","ssdeep":"384:048lBhhJhjRqFdtYRjJIjsjaHnNfc2C4741mf5HRzL:048hhjQFduRjJ7uHFcu7Smf5xzL","tlshash":"cb33f8e4d20c0dd0ab35c447ab49674858b5f7fbe4584ca8e42fd4ac39cb224a3e5b6d","first_seen":"2025-04-07T04:59:13.012522Z","last_seen":"2026-04-21T18:35:40.808312Z","times_seen":23200,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 13383\r\ncf-ray: 9c00fbec6e5623eb-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.11.3\r\nx-jsd-version-type: version\r\netag: W/\"14f73-BDozLk9VXMC/015FG+lVtLk5ZqA\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-eddf8230141-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8z%2BeURD1UIelfNlfPhlFuTMyv6qXOiKb45WSC3qnY6AiPC9y3ykpMgK1V2VDAkTv5RDcNqO3%2FtxXclBq8q0f7gLKQOxz9ezJ4DPahPUq%2BDBXGsWsrnfeci3ys2TKS%2FsiB60%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85875,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65354)","md5":"5605c44f8b24ea5de37a959955b71eb6","sha1":"043a332e4f555cc0bfd35e451be955b4b93966a0","sha256":"f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62","sha512":"74f5d8703b9bfda79bd3c73ade346afe4e8668a71c976e7a250cbf0273aaec2027119f45cd22fdc126dc664329e11dbabc1b0c2c5607e2443aeff6db57c5da09","ssdeep":"768:ZPcr8JUkZrpULKt4bDcf3oQpeqfZs0BWeUz5+XIHx5qkgwTz:hrpEKt4moUeqfZbc5+XIHZz","tlshash":"9383fbe8e58d05e8f372c48faf42775e31aafa3cd5811c68f14a111d5ac26650ac7fb8","first_seen":"2024-01-11T04:35:50Z","last_seen":"2026-04-21T20:25:49.855714Z","times_seen":6454,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":10,"dns":1,"connect":1,"send":0,"wait":80,"receive":1,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scsalud.closer.website/assets/scripts/navbar/navbar.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /assets/scripts/navbar/navbar.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\netag: W/\"66d6b85d-67cb\"\r\nexpires: Sun, 25 Jan 2026 20:53:50 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26571,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f630c78ee9f98443b9b072bfc6c66374","sha1":"e5a6363bed4496e5aad0397dc4bcb1585736473c","sha256":"3dc8ec3fc7e2b9b23d4253fe3a9350719985645a9148a5664763b883eba46789","sha512":"f279fa96581a0a8a0435795547f12ebd7e0acd83c8bedcdb26cc47d31854b712036ba5ca158b4fe2aae16270bdfdd44b18c17a9f7820dd506c8e9163255ddadb","ssdeep":"192:FjIX3UmLmm2gzT/TF1TgTvTtT/TlWfzVe9DrD9U/KgvsCKgKMKOkOQ1:qHJmDgn/J10T5b19DrD9Us","tlshash":"97c2dd42f1c22e20542b804f54d2d869bb7a9241afc72f7e746e3629df8c2df95e1d21","first_seen":"2025-09-12T06:32:02.901192Z","last_seen":"2026-04-15T05:57:32.313986Z","times_seen":15,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/contact-form/common/contact-form.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/contact-form/common/contact-form.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\nvary: Host\r\nlast-modified: Tue, 03 Sep 2024 07:18:53 GMT\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1691,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b055078be194446925458db483934f92","sha1":"989a0c4e643da0c31f5c5a05615376de1821175d","sha256":"4520a10782824f3a678ca9fe195faabf82677c4f8458fb6555afaccd3f54ca46","sha512":"116af84f4ffefd80e8ddc4a43282fd940bc3256aa63b65d71055d1812e30f40c604d9dd8be8799eef255256077b9a21ed3b20a2f98b8b9b0dd0e9d2715fe9013","ssdeep":"","tlshash":"0f31ff0557240c60441bc4587ac98bc67b2f65105f0f8d77b65268adc3cd2fc5d63b89","first_seen":"2026-01-18T13:13:01.502054Z","last_seen":"2026-04-15T05:57:32.299616Z","times_seen":12,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/static-menu/common/static-menu.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/static-menu/common/static-menu.css?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/css\r\ncontent-length: 581\r\nvary: Host\r\nlast-modified: Tue, 02 Apr 2024 08:27:21 GMT\r\naccept-ranges: bytes\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":581,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"4b6595804171433d03cc77d9aafb3eaf","sha1":"9d7aae973c682451211d750014874a2a206b3aad","sha256":"c8e7b9581dc60d0ddf8905a24488ba7ab1061551a7c5ab1021f8ff4c9506e379","sha512":"7810e02ddfd92d1e4b745245f024c08671d6cf2ecd6d192bee859f4757f55a92f7729f382c323d1c413428176f2666a3a8738a3c22689c967c619f8d8c6814e9","ssdeep":"","tlshash":"d4f0420157c2db00fc0b80fd5ca5a778cfa48990df24579bd0b28864d79e18c12d7048","first_seen":"2025-11-27T05:04:13.285924Z","last_seen":"2026-04-15T05:57:32.300702Z","times_seen":14,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/modules/contact-form/common/contact-form.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /modules/contact-form/common/contact-form.min.js?17652792251c62c1bb26b33a0054b32e808e39bb441c62c1bb26b33a0054b32e808e39bb44 HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://scsalud.closer.website/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: application/javascript\r\nvary: Host\r\nlast-modified: Tue, 09 Dec 2025 11:20:18 GMT\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4396,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (4396), with no line terminators","md5":"80a1690e86cc75e79b70118d026ded39","sha1":"43e15d390b294a9663ad932673b05f70fe9d4c73","sha256":"b854ce66a91e595f9f946422d1348267989ceb8c8d68b33470793099435e69d2","sha512":"9c8e9f730802931f456ad2e59ffac5339c8be7ccfc655eb1ae3f5725ad204478e528a22be7d4b3247d5d29edfd6b08e213db72a37c641309338fdfa59455c258","ssdeep":"96:4XetBGAMyd8Ug4ifKsO1ssiAZrw/G1ioSjXF:vCyd8HfCd1qAZ0/G1ioSjV","tlshash":"cd9172b1676548b00dbe029bd8ca66c1e63175fefc1e8433945c8d4939acec1f661fa1","first_seen":"2026-01-18T13:13:01.505666Z","last_seen":"2026-04-15T05:57:32.30722Z","times_seen":12,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"scsalud.closer.website/udata/custom/isGlobalRecaptchaEnabled.json","fqdn":"scsalud.closer.website","domain":"closer.website","tld":"website"},"ip":{"addr":"94.130.129.186","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://scsalud.closer.website/","date":"2026-01-18T20:53:50.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.closer.website","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 08:45:58 GMT","end":"Mon, 02 Mar 2026 08:45:57 GMT"},"fingerprint":{"sha1":"C6:10:F3:93:AB:3D:C2:3D:91:FD:7B:AC:6F:77:D8:74:08:9E:C6:AA","sha256":"01:47:25:DD:9B:6C:19:C0:67:33:9B:2A:3A:8C:B1:F3:A8:2A:E2:29:C7:84:6A:D2:C9:42:76:7D:DB:A5:46:08"}}},"request":{"raw":"GET /udata/custom/isGlobalRecaptchaEnabled.json HTTP/1.1\r\nHost: scsalud.closer.website\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://scsalud.closer.website/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 18 Jan 2026 20:53:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 78\r\nx-robots-tag: none\r\nexpires: Wed, 11 Jan 1984 05:00:00 GMT\r\ncache-control: max-age=0, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nx-xss-protection: 0\r\nset-cookie: PHPSESSID=i30911860av5pbsmn805v6t957; expires=Sun, 01-Feb-2026 20:53:50 GMT; Max-Age=1209600; path=/; httponly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":78,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JSON text data","md5":"9cfc15bee42cc6917ac143a3d3337c6f","sha1":"a06be74f818ab6ea3cbaf2d49f8a2fd90dbbde03","sha256":"7d59e9b9b063a39c4a0e3525e6f37d98b6ade2d2b9350bf19ddce31f15e09af7","sha512":"ead3f4df104ec1da2b85d8de93a81cf68a98e459dbb0ac7880075b75b054afa4a114766dca37e65c95c64504a742c14461991c73296acda66380a3e52eef5d60","ssdeep":"","tlshash":"03a022a0203f20a30c0ccf0cf8ae00cf0c8ca8b2b20cc820088c2030c0ec838e303a08","first_seen":"2026-01-18T13:13:01.482437Z","last_seen":"2026-04-15T05:57:32.312342Z","times_seen":12,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-18","alert":"Sinkholed","trigger":"scsalud.closer.website","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}