Overview

URLgouv-remboursement-impots.fr/
IP 213.226.123.102 (Poland)
ASN#61400 Start LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-04 14:29:00 UTC
StatusLoading report..
IDS alerts0
Blocklist alert17
urlquery alerts No alerts detected
Tags None

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
www.impots.gouv.fr (3) 309898 2012-05-22 19:51:58 UTC 2020-05-05 11:28:03 UTC 152.199.19.61
gouv-remboursement-impots.fr (10) 0 2022-11-02 23:31:22 UTC 2022-11-04 11:23:39 UTC 213.226.123.102 Unknown ranking
code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2020-04-21 12:46:20 UTC 69.16.175.42
ocsp.usertrust.com (3) 899 2012-05-21 15:43:18 UTC 2021-11-02 18:02:09 UTC 172.64.155.188
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-04 05:51:42 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.27.12.161
ocsp.sectigo.com (4) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
cfspart.impots.gouv.fr (8) 643420 2017-02-05 07:17:33 UTC 2022-11-03 14:28:02 UTC 145.242.11.27
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)
2022-11-04 2 gouv-remboursement-impots.fr/ DGI (French Tax Authority)

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-04 2 gouv-remboursement-impots.fr/ Phishing
2022-11-04 2 gouv-remboursement-impots.fr/ Phishing
2022-11-04 2 gouv-remboursement-impots.fr/templates/images/num_acces.svg Phishing
2022-11-04 2 gouv-remboursement-impots.fr/assets/fonts/fonts/icofont.woff2 Phishing
2022-11-04 2 gouv-remboursement-impots.fr/templates/images/rfr.svg Phishing
2022-11-04 2 gouv-remboursement-impots.fr/assets/js/all.js Phishing
2022-11-04 2 gouv-remboursement-impots.fr/assets/js/mask.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 213.226.123.102
Date UQ / IDS / BL URL IP
2023-02-01 21:55:14 +0000 0 - 0 - 1 amazon.ma-restriction.fr/ 213.226.123.102
2023-01-27 06:29:22 +0000 0 - 0 - 1 assistant-compte-sgfr.com/ 213.226.123.102
2023-01-21 10:38:28 +0000 0 - 0 - 1 espace-verif.info/ 213.226.123.102
2023-01-17 09:36:28 +0000 0 - 0 - 1 chronopost-info-colis.fr/ 213.226.123.102
2023-01-09 10:22:48 +0000 0 - 0 - 4 myaccountsuspension.com/login.php 213.226.123.102


Last 5 reports on ASN: Start LLC
Date UQ / IDS / BL URL IP
2023-02-01 21:55:14 +0000 0 - 0 - 1 amazon.ma-restriction.fr/ 213.226.123.102
2023-01-29 10:38:04 +0000 0 - 0 - 5 chronoposts-france.fr/client/login.php 213.226.123.72
2023-01-28 22:18:04 +0000 0 - 1 - 0 hmzgdu.com/ 62.76.25.28
2023-01-27 06:35:34 +0000 4 - 0 - 0 info-dhl-del.com/public/75ksNQiCGR0yPdXiuW6qV (...) 213.226.123.69
2023-01-27 06:29:22 +0000 0 - 0 - 1 assistant-compte-sgfr.com/ 213.226.123.102


Last 1 reports on domain: gouv-remboursement-impots.fr
Date UQ / IDS / BL URL IP
2022-11-04 14:29:00 +0000 0 - 0 - 17 gouv-remboursement-impots.fr/ 213.226.123.102


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-09-22 11:57:27 +0000 0 - 0 - 7 iscaff.co.za/fr/8988/infos.php 41.185.64.149

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (46)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         213.226.123.102
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 04 Nov 2022 14:28:49 GMT
Content-Length: 162
Connection: keep-alive
Location: https://gouv-remboursement-impots.fr/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16039
Expires: Fri, 04 Nov 2022 18:56:08 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2091
Cache-Control: max-age=157027
Date: Fri, 04 Nov 2022 14:28:49 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:05:56 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12648
Expires: Fri, 04 Nov 2022 17:59:37 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: z1Pjmj9brrj59ASSKsUkTzts0C6W75IeRBs8WeI/VS9UqM/VC+mYn9ImXtsT8NjTYwkKJZGqZok=
x-amz-request-id: GA9MJ1EM47RG62N6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 14:09:37 GMT
age: 1152
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:49 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4AAE6C76094E25A770A37CAAA61250A23FD7BFF4A95D6475AAE4B73B02F73F9F"
Last-Modified: Wed, 02 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 04 Nov 2022 20:28:49 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         213.226.123.102
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-length: 9440
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.25, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (517), with CRLF line terminators
Size:   9440
Md5:    6dfceb2a80093ee61d6d02ac60ab0b2b
Sha1:   bf342fbde1e5f1042ffaa8e9b7fb0a73a79dea17
Sha256: dafc43dbf0245b6ad5a554c83acdfb1dd6e2ea975b49558f443220a5c5356e5f

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3982
Cache-Control: max-age=153859
Date: Fri, 04 Nov 2022 14:28:50 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 09:13:09 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /jquery-3.4.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 04 Nov 2022 14:28:50 GMT
content-encoding: gzip
content-length: 30638
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1667572130.dop215.sk1.t,1667572130.cds227.sk1.hn,1667572130.cds201.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30638
Md5:    9abb42735168ac9e960b770179b642aa
Sha1:   11475bf8c7244af7a820108b7762e7a3f95aa52c
Sha256: df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7bdb7b518-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    476b53d324c14c08bea930e2f6db03af
Sha1:   eecd961d5ba926a7f95c07305718c1da03db447b
Sha256: d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7bacbb4fd-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    476b53d324c14c08bea930e2f6db03af
Sha1:   eecd961d5ba926a7f95c07305718c1da03db447b
Sha256: d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
                                        
                                            GET /templates/images/num_acces.svg HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   2976
Md5:    7b94d81843a3975809fffc98898bbc6e
Sha1:   6ce4758375bed46d9546d8515b34ce7ca778a51f
Sha256: 8bcb04a4469ebb5217a27584d282b2001cf42a9a7bb538dcd569f21cf8b8a699

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7baa0b4fa-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    476b53d324c14c08bea930e2f6db03af
Sha1:   eecd961d5ba926a7f95c07305718c1da03db447b
Sha256: d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GHsJVqup+2y+hOYc4hBrIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.27.12.161
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: irMHyGmSgcdJ9YVgDBnBWAbHBzA=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7d9c3b521-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7dd800b59-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7de720b69-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7dae4b51e-OSL

                                        
                                            GET /templates/styles/commun.css HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2022 15:32:16 GMT
ETag: "235ef-168c-5daf88d106e94"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 1844
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  assembler source, Unicode text, UTF-8 text, with very long lines (406)
Size:   1844
Md5:    5e572b57227a5c5520141671d4da4795
Sha1:   0c1363cf4a122a5a970685dbb4b378ee26ff0ca4
Sha256: 863ad9805bdc066ecf28bceef4bd032a20d520830c6cf58239b59d4e05e39c84
                                        
                                            GET /templates/styles/mire.css HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:18:38 GMT
ETag: "2361f-ab7-5bd3d97a7c5aa"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 918
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   918
Md5:    c75a54e6a1bdd3848e362c4d75f6b579
Sha1:   69221c49b6c4cf5f9ba684d60d8b30fb8231397a
Sha256: 604dad20e852a4b0fe0b0c3fd59866cee41baece2157191b325e1cc29d598193
                                        
                                            GET /templates/styles/dac.css HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2020 06:19:15 GMT
ETag: "2361e-303-5a2208c0b7b77"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 437
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   437
Md5:    c1124596b18d57508ee39db304da59d4
Sha1:   7cc5b65c9902ae98e82a1cf9a884f4fa3f9d2aeb
Sha256: 403448fd4658eddab6100cb7bcf32fdaf63f924f1181f17e7a12beae252d8506
                                        
                                            GET /templates/styles/bootstrap.min.css HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Mon, 26 Aug 2019 06:35:15 GMT
ETag: "23c4f-1a442-590ff5bde6688"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 17849
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (64976)
Size:   17849
Md5:    db006281e289b3ae6b6060c79c31a00c
Sha1:   f6f62e6d5e14c6e5b58b0d052ca93f45b8788bb3
Sha256: e89a986856994c6f85e190ecb3963c2f2481becea206b032b022b8492aefedb5
                                        
                                            GET /templates/images/bloc-marque.svg HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/templates/styles/commun.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:17:25 GMT
ETag: "23dd7-4608-5bd3d9351519f"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 5743
Age: 285
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (17928), with no line terminators
Size:   5743
Md5:    542e90e968e808958f23740d028bf385
Sha1:   21df8fb442714890c2d45d889692e8168fa47486
Sha256: c9c4a16bfc62ca1cb83c8e7704e49f1710c736bd89f54078e5304570d179aaba
                                        
                                            GET /templates/images/logo_impots.svg HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/templates/styles/commun.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:17:25 GMT
ETag: "23dd6-d10-5bd3d935020f0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 1340
Age: 285
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3344), with no line terminators
Size:   1340
Md5:    06c5a27ab846e65558b2994b38989c29
Sha1:   4961fc7074a2750dd4ddb0914ef9d28045cbf949
Sha256: efc7ede915c6c97c167e293ae4488dcba99c37d6a4dafc4aa1ca543f0fcd0623
                                        
                                            GET /assets/fonts/fonts/icofont.woff2 HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/assets/fonts/icofont.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-length: 537868
last-modified: Wed, 02 Nov 2022 23:35:31 GMT
etag: "6362fec3-8350c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 537868, version 1.0\012- data
Size:   537868
Md5:    50a4ab76e700a83e649be213f820fbbd
Sha1:   28ad9e9ac82f86c50eb4dd3d713a0698473bdbb3
Sha256: 242e542871bd77c8ff6375418e349ef6b3a32a208e15ca1441166641d212a6a1

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/polices/open-sans-latin-ext-regular.woff2 HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2022 15:33:06 GMT
ETag: "23de5-4bc0-5daf890023697"
Accept-Ranges: bytes
Content-Length: 19392
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19392, version 1.0\012- data
Size:   19392
Md5:    6e2308ee6037e901e59de209310cf5ff
Sha1:   cea4c2bb4465f3c1a7692d2b218c3b1a41b7426a
Sha256: 516c7b2926dbd461e33f19ff05db8587e5990184dba657483d5a569cc099a8ee
                                        
                                            GET /portail/sites/all/themes/impotsgouv/favicon.ico HTTP/1.1 
Host: www.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         152.199.19.61
HTTP/2 301 Moved Permanently
content-type: text/html; charset=iso-8859-1
                                        
age: 892919
cache-control: must-revalidate
date: Tue, 25 Oct 2022 06:26:52 GMT
expires: Tue, 08 Nov 2022 06:26:52 GMT
location: https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico
server: ECAcc (ska/F7BB)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff
content-length: 273
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   273
Md5:    ad6306c636cce3eeed000fc2d312187f
Sha1:   8c0249380a3c7a1d990e26b3aa3b3c31b8eb9ff3
Sha256: 78ab2d21260c5214e7f1c114a8c374141edc9532b803400ca71928eb4e12eb25
                                        
                                            GET /templates/polices/open-sans-latin-ext-regular.woff HTTP/1.1 
Host: cfspart.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         145.242.11.27
HTTP/1.1 200 OK
Content-Type: application/x-font-woff
                                        
Date: Fri, 04 Nov 2022 14:28:51 GMT
Server: Apache
ETag: "21d50-5f68-5daf8900111a0"
Accept-Ranges: bytes
Content-Length: 24424
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 24 Mar 2022 15:33:06 GMT
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 24424, version 1.1\012- data
Size:   16676
Md5:    d6522106abececb0decdbbbece49aeda
Sha1:   64640744beadf134dba3182f037ae60679a3f826
Sha256: 074fb1484d702e68f40130cb592d2d2c996f8f977701ed95bf3d480fb97a359a
                                        
                                            GET /templates/images/rfr.svg HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   873
Md5:    b8815e8a49276d8253fe3856417f180a
Sha1:   24bc71a8302d43384d8bd332b400a3a6967dda40
Sha256: cafb5081ccf2be52a51551e26523766335175fc7e3fa6fb74e0148fa013b22fe

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 59751
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6557
Md5:    ca6c7517d7015fbc35fa290c1c2d6afd
Sha1:   594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
Sha256: a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7703
x-amzn-requestid: 4f835957-6df6-4001-9c34-ed9749000b46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpFGwoAMF0-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-3f7b7dd36cb07d057b64ec2f;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5_POzz6quaFlv3R4djTMvwuiLWqmvHLCrZ58DtyQPJG8yWQoxV0LjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:11 GMT
etag: "d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd"
age: 59740
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7703
Md5:    9a763d44e05fa357713a41ab1388974a
Sha1:   d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd
Sha256: f351b7e90e5435af071892b62af3ac591bc553281b3ea63b1ae067a3d03f572d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d1ffcec-ac2d-417a-85e7-0b20637346cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6535
x-amzn-requestid: 92454d07-58a9-4fbf-b528-bd481f9d8bbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0WkH58oAMFV2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643429-6394260c28b7778c7573b946;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:37 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Hwoh3Qf6s6V9hUqTmgYd2yXVdWAi0cHINMzCJM0ZCdNXhHLLiy_hYA==
via: 1.1 637ef0a7bc474e9a314fa064b65e8082.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:51:50 GMT
age: 59821
etag: "4f69918018bc3fb0ab6344279a8ab5aaab062279"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6535
Md5:    624674545b8fd9d4011cd2c1ddc67746
Sha1:   4f69918018bc3fb0ab6344279a8ab5aaab062279
Sha256: f1b180cacf2f836e35b567d009e173dc8a8339d146d7157fc6bb429cc4e3adc6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11188
x-amzn-requestid: 72e0a128-e0c4-4a93-8e29-01a574b2d1c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0XNHPcoAMFkNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364342d-341a40d37b7bcc9153749d67;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eo3FBGjoivBN1-4xP1UiTocKbLd87acRtOX2AQrPr1a4yDboDrXYRA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:19 GMT
age: 59732
etag: "29ca25963b777fd7463c65d8cde6d65172c996e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11188
Md5:    5aedde5b1d003651d773c89833460868
Sha1:   29ca25963b777fd7463c65d8cde6d65172c996e1
Sha256: 04b95b954d7d992e6547d05d052c6f3f8a4cfb4a5988f9e6c6629969053bf7b3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10810
x-amzn-requestid: 85c9096f-2671-4f0e-94a3-607254d036d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC057E5yIAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364350c-3c93b6e56e6141a63d1285eb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Rr6GO1Bb6pdxYxNFuwmG2Srs9uGM7tOTffgnyWys0zDjGCDrONRxUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "8191eb019b21bed2b9f53c755e1c24d08dc70760"
age: 59751
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10810
Md5:    c472942cb4b85610a3e83edf7527f923
Sha1:   8191eb019b21bed2b9f53c755e1c24d08dc70760
Sha256: 0dc7f9902567b0130c1c34b6e356b8239f8e6c83e1d38ac9b74588270000279c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: w5Nv6yf06dCHv6q9wt8-guOfQSMywfZFoXxwWvcLc9FtdwgRIqPcUQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 18:32:15 GMT
age: 71796
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10462
Md5:    4e2853cc6ec6223160471401e6871f4b
Sha1:   f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
                                        
                                            GET /sites/all/themes/impotsgouv/favicon.ico HTTP/1.1 
Host: www.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gouv-remboursement-impots.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.19.61
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
age: 0
cache-control: must-revalidate
content-language: fr
date: Fri, 04 Nov 2022 14:28:51 GMT
expires: Fri, 04 Nov 2022 14:29:51 GMT
from-origin: same
permissions-policy: interest-cohort=()
server: ECAcc (ska/F69C)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff, nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 1
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/js/all.js HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:35:32 GMT
etag: W/"6362fec4-a7f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing
                                        
                                            GET /templates/images/Small-logoSMART.png HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /sites/all/themes/impotsgouv/images/favicon/favicon-152.png HTTP/1.1 
Host: www.impots.gouv.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gouv-remboursement-impots.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         152.199.19.61
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
age: 0
cache-control: must-revalidate
content-language: fr
date: Fri, 04 Nov 2022 14:28:51 GMT
expires: Fri, 04 Nov 2022 14:29:51 GMT
from-origin: same
permissions-policy: interest-cohort=()
server: ECAcc (ska/F737)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff, nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 1
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /assets/fonts/icofont.min.css HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:35:31 GMT
etag: W/"6362fec3-16830"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /templates/images/Small-logoSMART.png HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
                                        
                                            GET /assets/js/mask.js HTTP/1.1 
Host: gouv-remboursement-impots.fr
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         213.226.123.102
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
last-modified: Wed, 02 Nov 2022 23:35:32 GMT
etag: W/"6362fec4-5ce2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: DGI (French Tax Authority)
    - fortinet: Phishing