{"report_id":"3fc63378-31f9-4274-aee3-3d7c7ebefb81","version":6,"status":"done","tags":["government","tax","france","phishing"],"date":"2026-04-07T12:18:32Z","url":{"schema":"http","addr":"services-publics.grupozasacr.com","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":0,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"final":{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infospage.php","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"title":"Site officiel unique de télépaiement | Amendes.gouv.fr","dom":{"size":57908,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (46861)","md5":"9fa81dccdfc50edb732d91a0aba2d8d5","sha1":"ff6080e7d5fef1d6287257652e0e193df8097d19","sha256":"14428da73eff7e773553c97f2bdeccb16737d31aa93f44ae5b5e74f0946869df","sha512":"adc3649796d4621c949b07be4d560067a4f4f486074ee95b4acff2306f17230b3c9c20f90de1e0efb44c1b5f324384142f303c5c5ae8e40305e5cd6f5021b6ba","ssdeep":"384:23F6bWxkcv2wCAWyb32F51g5DsRt/w23dpmpuGYJubZ8gOfPcURxi0V:S6bWxk+2RKjDo/wouegOPN40V","tlshash":"fc4354b1b6416c8e66cacc4467b27fce120bc5a6c1135b6e7c1b9cbcc7c93ea9291315","dom_hash":"domhash5c6c574a6ba19c8168ae599579433d41","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"services-publics.grupozasacr.com","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":0,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-12T12:18:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]},"summary":[{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-04-05T23:05:20.049371Z","alert_count":0,"request_count":1,"received_data":90538,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]},{"fqdn":"www.amendes.gouv.fr","ip":{"addr":"185.8.53.118","port":443,"asn":47957,"as":"Worldline IGSA SA","country":"France","country_code":"FR"},"domain_registered":"2003-10-12","domain_rank":323151,"first_seen":"2012-07-25T20:00:55Z","last_seen":"2026-04-04T17:29:50.462996Z","alert_count":0,"request_count":4,"received_data":32840,"sent_data":2091,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-05T22:33:08.106483Z","alert_count":0,"request_count":1,"received_data":6830,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"services-publics.grupozasacr.com","ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"domain_registered":"2020-06-11","domain_rank":0,"first_seen":"2026-01-18T07:04:08.406899Z","last_seen":"2026-04-07T09:39:24.459925Z","alert_count":66,"request_count":11,"received_data":751770,"sent_data":6167,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infospage.php","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"eventHandler","is_inline":false,"md5":"7c3c3ddeb80438dcbb3d081d2d00e152","sha1":"5a4016732ee72ec77b4f6ab17047bcea6d2ea34d","sha256":"321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187","sha512":"b252f7dc795284fe8ce404711809130d8e16670a8e49b271f9a24b04a542a0fccb7a8c7238c12b37db35fe73a2fbf1cdb374468574db4e6d39975a17dca547a3","ssdeep":"","tlshash":"de6000f0003000000003c30000330cf300000c0f00ccc30cfc0000c000c00000000c03","size":16,"data":"","first_seen":"2023-04-10T15:57:29Z","last_seen":"2026-04-07T17:38:00.984058Z","times_seen":237006,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f757a9aa0bddb4d33e32ba706b94790f","sha1":"dc5e6f6e29da89457e3b313003bfaf49c799b208","sha256":"a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6","sha512":"63f18862c77e2da426e9b1b2b080a5c9ecf61c6088375cabb3de3052b1e84400f945251192aa9540453a98ce753bdd21a92f340011531ad883a525ddd8ed399f","ssdeep":"96:2ZWaYsPZ7hLAnoFGTb8rp8avnmK3mPZN/AszpEe6Zu6nkivStSZk+Cewbevan8J:zgVl0To1nxmTxpEprkiqtCCeievm8J","tlshash":"dcc1d9957189707363b768ea01af0246e3b7dad118de0809e61e95d0be78f8e0157f3b","size":5819,"data":"","first_seen":"2023-03-07T13:03:06Z","last_seen":"2026-04-07T17:46:51.838382Z","times_seen":1272,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/runtime-es2017.d8ae961f0555d440b720.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"scriptElement","is_inline":false,"md5":"359f1c1919a337983e6e4e07620ab459","sha1":"c6473e4162c594cdf836a180bf9a5fc183d8a9dc","sha256":"c6ae08b826ab67f0dc74c4a61f24c2b988f4c2c9d7dd85b6aa616cae373394e5","sha512":"79928e255950631a8a0e85dc5f386d3e0cd59b909fc1653ceb40a39cbe0ac2244ba2172cb76e6a0cdc418fa2a64cfc0f4c4e18cf4ccf58bc0c3a02a4d12e5e08","ssdeep":"","tlshash":"8271d7e97a94bdb917d3b4e0193fd096b52a2072280fcea0e716c4e53c34ed40213fa9","size":3563,"data":"","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T17:46:51.841629Z","times_seen":1053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infospage.php","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bdb363c83b9a3aedce67c75fa543087","sha1":"6ea3c1658bf5dad03f0cdf2f0719199682d934a2","sha256":"e027cfe2ad260a5a4de9ad3a60ae08a3ed629b91baaea379ed4597cf7c95e428","sha512":"478af58cf5947994fa8f0eb0dd937e117a6a217cccd80fa0cab643e40b744c2c7f202695c5cf64d58d67948cb6f6e2b22f34f69309ac81b178b3a924fe50e57a","ssdeep":"","tlshash":"eeb012f013504d08f0529cdc83717004696cf31b33dd5887187a1e84d420204113080c","size":94,"data":"","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T17:46:51.842473Z","times_seen":1012,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf2fbbf84281d9ecbffb4993203d543b","sha1":"832a6a4e86daf38b1975d705c5de5d9e5f5844bc","sha256":"a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575","sha512":"493a1fe319b5c2091f9bb85e5aa149567e7c1e6dc4b52df55c569a81a6bc54c45e097024427259fa3132f0f082fe24f5f1d172f7959c131347153a8bca9ef679","ssdeep":"1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL","tlshash":"4c9318ddb2c6b06247a770ba407f610ff236199d684d4400f169d8e9bc78a4a827bf7d","size":89947,"data":"","first_seen":"2023-03-10T04:24:46Z","last_seen":"2026-04-07T15:45:48.844616Z","times_seen":23445,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/polyfills-es2017.533ebfade82697eddcf6.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1df07cdfe016ca2fe31198eda64db3c","sha1":"75cc9808081dac4009e2c04cab156494c1df82fa","sha256":"ad6ad13398a7ccb1ac657a7932716ae2089ed2d95d55cd97b50b630d31062a32","sha512":"08f853c1eb39a6b4b393d9a9b48d8a3862ecdac405f8399e2340fd903ecb68ae2a7757da4b4d4da9b47c77ffa601346cb4e8f8f50b845b9d37fc84812fe2d7d3","ssdeep":"1536:jqPU66ZXWw+IFMt0TvX4SoRfvGT5KusAKp2XcUOvREuf2JO1a:e86MXII9X0uorp2CvREuOM1a","tlshash":"01c3c4cdf2d2b0e297f725e4002f560be17aa995f84e89d1e165e0d0a87a54f502bf3c","size":122405,"data":"","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T12:18:45.963017Z","times_seen":1051,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infospage.php","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"scriptElement","is_inline":true,"md5":"d245a4c7f9b1676e8bf7a084577cb175","sha1":"96b1e6c649c4a614baf7b2b93877bd091f3d1413","sha256":"bc4de9ff8d3defae9652ed9d9b0055c42d25b141546a6a6b6b3d07c24f43db60","sha512":"f46ff63df35cfb8af027f9e726b3bd33dc20b432f528c1cee784932360469e90d6a6c8691ad6047cdd24a3a9f4d7d107ca73bfd6eb379a2559f3d52e70b681b7","ssdeep":"","tlshash":"89a02283330280a00a8e802e088003c03030800a0800008c3a2808a0822cc82302f080","size":64,"data":"","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T17:46:51.843925Z","times_seen":1289,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/main-es2017.8d2eb497bdf1e092bf40.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"introduction_type":"scriptElement","is_inline":false,"md5":"4fd77e81274256ec8e5f595bb302756b","sha1":"50c411ab5069e71e5826815c3ebc1f6d6aead744","sha256":"5ef1328dfdfd1a8fa20c79d713b123df215edb78539a734074da936947b89cf9","sha512":"5a89ee0920ea6294fdf3b3013802e51afce387424c0e699f9dd97f19b754ac929ad4ac1de4f5fa232323efb0a8e9b451da7510e9b87127e096e82e487721b4c3","ssdeep":"6144:tEBkWImIoi6uYyCmH8b+sGDCyGsJOO9pI4R9a94wez3iH:t4ImIoiYy9igGsJu6RWH","tlshash":"8ca41ae47291b06513d6449640771507f33a6895b00a85acf36cfcdeacb9acda2b7b3c","size":462201,"data":"","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T12:18:45.96418Z","times_seen":1040,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/logo-amendes-gouv.svg","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/logo-amendes-gouv.svg HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sun, 15 Jan 2023 01:16:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63c353e0-5cbd\"\r\nx-cache-status: BYPASS\r\nx-powered-by: PleskLin\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":23741,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e0e8bfea36c47ef31ec61169c8b0fb95","sha1":"5f42e1a67ec658d358b289c42e39e86619cf798b","sha256":"5932743bf769427d05289e72fb2bdb7cd1a5bc46f01248be159eb820fe27271d","sha512":"ed57a6cf6cdfcf04857641dc7f54d0d7179f372507d426d9170a9b244f5cae035352a590b113c7cd534d44a94b7b330aea230074591c457db6dcc933cb077a2c","ssdeep":"384:SJgLiBjQg3E/Ph/PB48FWMP3gnbXZu2Sa6gNV7Ld+mwQj9rcPf:SBje/5/93ObJUKYmrBYPf","tlshash":"19b264d15230b3dcf9def55fefa9eee4520ca4a52a6388c54b5b875c8847894bf0482c","first_seen":"2023-05-06T02:55:45Z","last_seen":"2026-04-07T17:46:51.840342Z","times_seen":1829,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.3.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://services-publics.grupozasacr.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15f5b\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\nage: 2237475\r\nx-served-by: cache-lga13623-LGA, cache-hel1410021-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 41, 36265\r\nx-timer: S1775564293.082099,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 31046\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":89947,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"cf2fbbf84281d9ecbffb4993203d543b","sha1":"832a6a4e86daf38b1975d705c5de5d9e5f5844bc","sha256":"a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575","sha512":"493a1fe319b5c2091f9bb85e5aa149567e7c1e6dc4b52df55c569a81a6bc54c45e097024427259fa3132f0f082fe24f5f1d172f7959c131347153a8bca9ef679","ssdeep":"1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL","tlshash":"4c9318ddb2c6b06247a770ba407f610ff236199d684d4400f169d8e9bc78a4a827bf7d","first_seen":"2023-03-10T04:24:46Z","last_seen":"2026-04-07T15:45:48.844616Z","times_seen":23445,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":91,"dns":35,"connect":26,"send":0,"wait":27,"receive":8,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/main-es2017.8d2eb497bdf1e092bf40.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/main-es2017.8d2eb497bdf1e092bf40.js HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 15 Jan 2023 01:16:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63c353e6-70d79\"\r\nx-cache-status: BYPASS\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":462201,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4fd77e81274256ec8e5f595bb302756b","sha1":"50c411ab5069e71e5826815c3ebc1f6d6aead744","sha256":"5ef1328dfdfd1a8fa20c79d713b123df215edb78539a734074da936947b89cf9","sha512":"5a89ee0920ea6294fdf3b3013802e51afce387424c0e699f9dd97f19b754ac929ad4ac1de4f5fa232323efb0a8e9b451da7510e9b87127e096e82e487721b4c3","ssdeep":"6144:tEBkWImIoi6uYyCmH8b+sGDCyGsJOO9pI4R9a94wez3iH:t4ImIoiYy9igGsJu6RWH","tlshash":"8ca41ae47291b06513d6449640771507f33a6895b00a85acf36cfcdeacb9acda2b7b3c","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T12:18:45.96418Z","times_seen":1040,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":584,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/runtime-es2017.d8ae961f0555d440b720.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/runtime-es2017.d8ae961f0555d440b720.js HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 15 Jan 2023 01:16:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63c353ee-deb\"\r\nx-cache-status: BYPASS\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":3563,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3563), with no line terminators","md5":"359f1c1919a337983e6e4e07620ab459","sha1":"c6473e4162c594cdf836a180bf9a5fc183d8a9dc","sha256":"c6ae08b826ab67f0dc74c4a61f24c2b988f4c2c9d7dd85b6aa616cae373394e5","sha512":"79928e255950631a8a0e85dc5f386d3e0cd59b909fc1653ceb40a39cbe0ac2244ba2172cb76e6a0cdc418fa2a64cfc0f4c4e18cf4ccf58bc0c3a02a4d12e5e08","ssdeep":"","tlshash":"8271d7e97a94bdb917d3b4e0193fd096b52a2072280fcea0e716c4e53c34ed40213fa9","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T17:46:51.841629Z","times_seen":1053,"resource_available":true,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/assets/fonts/open-sans/open-sans-regular.woff2","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:13.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /assets/fonts/open-sans/open-sans-regular.woff2 HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 808\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 11 Jun 2020 20:41:05 GMT\r\netag: \"328-5a7d4fabbae30\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-07T16:52:25.892397Z","times_seen":35178,"resource_available":true,"data":null}},"time_used":436,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/assets/fonts/open-sans/open-sans-bold.woff2","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:13.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /assets/fonts/open-sans/open-sans-bold.woff2 HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 808\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 11 Jun 2020 20:41:05 GMT\r\netag: \"328-5a7d4fabbae30\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-07T16:52:25.892397Z","times_seen":35178,"resource_available":true,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":433,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.amendes.gouv.fr/favicon.ico","fqdn":"www.amendes.gouv.fr","domain":"amendes.gouv.fr","tld":"gouv.fr"},"ip":{"addr":"185.8.53.118","port":443,"asn":47957,"as":"Worldline IGSA SA","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:14.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.amendes.gouv.fr","organization":"AGENCE NATIONALE DE TRAITEMENT AUTOMATISE DES INFRACTIONS"},"issuer":{"commonName":"Certigna Services CA","organization":"DHIMYOTIS"},"validity":{"start":"Sun, 08 Feb 2026 00:00:00 GMT","end":"Fri, 08 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:EA:14:F0:72:AA:C7:72:2E:E7:20:F4:49:A4:50:68:0A:AB:A0:86","sha256":"E6:44:68:4E:BE:DF:E8:B0:CE:07:54:B3:F2:CE:77:2A:84:F0:50:12:A8:87:FA:5A:0B:A5:E0:85:81:67:F8:E4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.amendes.gouv.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Apr 2026 12:18:14 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 2238\r\nlast-modified: Mon, 23 Mar 2026 12:24:37 GMT\r\netag: \"69c13105-8be\"\r\nexpires: Tue, 07 Apr 2026 13:18:14 GMT\r\ncache-control: max-age=3600\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2238,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel","md5":"2f34a3977599611db24405c819cb116f","sha1":"4568ce43171f2a05903b38462891cd064ecc32e2","sha256":"dd57f113a2eaa7ba3e6b1c507d22910ecd42437f9fef9577cfb8f4719cde59aa","sha512":"b53b2708fa49e05c55240ad2af7b997d43e788df7e148599d811db26ddb79c055cd394a011686845217188f1973bbedc41bb715177067b2191b5852b18945fb6","ssdeep":"","tlshash":"a4411080815e8b4df4de37706b34ee3522b727b54862a17608a739427d490e946cc8df","first_seen":"2023-05-11T15:01:43Z","last_seen":"2026-04-07T18:11:16.302546Z","times_seen":1504,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-regular.woff2","fqdn":"www.amendes.gouv.fr","domain":"amendes.gouv.fr","tld":"gouv.fr"},"ip":{"addr":"185.8.53.118","port":443,"asn":47957,"as":"Worldline IGSA SA","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.amendes.gouv.fr","organization":"AGENCE NATIONALE DE TRAITEMENT AUTOMATISE DES INFRACTIONS"},"issuer":{"commonName":"Certigna Services CA","organization":"DHIMYOTIS"},"validity":{"start":"Sun, 08 Feb 2026 00:00:00 GMT","end":"Fri, 08 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:EA:14:F0:72:AA:C7:72:2E:E7:20:F4:49:A4:50:68:0A:AB:A0:86","sha256":"E6:44:68:4E:BE:DF:E8:B0:CE:07:54:B3:F2:CE:77:2A:84:F0:50:12:A8:87:FA:5A:0B:A5:E0:85:81:67:F8:E4"}}},"request":{"raw":"GET /assets/fonts/open-sans/open-sans-regular.woff2 HTTP/1.1\r\nHost: www.amendes.gouv.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://services-publics.grupozasacr.com/\r\nOrigin: https://services-publics.grupozasacr.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Mon, 23 Mar 2026 12:24:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c13105-382c\"\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14380,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14380, version 1.0","md5":"33543c5cc5d88f5695dd08c87d280dfd","sha1":"600db9374e47e4f73a59ccc0a99bcc42f4a3e02a","sha256":"9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52","sha512":"131afce4ceca8e606f46ba8bede1a7d84793c04aa507e09fb0d88f0fb5e49dff61c70a739a279af185c8c0d2f937761d4d70dc9069f3771ef7a13448e2d1230d","ssdeep":"384:V9e9MoSnw455BJzE0wBQSBUjJWpKlsyIyY8lQGSsrtAvHM:V9e0wK5BJVR9C6sKVlQcJ2M","tlshash":"2652e10e7b5aaf08f555d7ef1edca37964f02cad0f60474da21fc91b7601479b421988","first_seen":"2023-04-11T14:14:03Z","last_seen":"2026-04-07T17:46:51.840972Z","times_seen":19391,"resource_available":false,"data":null}},"time_used":1008,"timings":{"blocked":448,"dns":52,"connect":60,"send":0,"wait":100,"receive":0,"ssl":344},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/styles.572738d2b631b3d66c72.css","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/styles.572738d2b631b3d66c72.css HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 19 Jan 2023 05:15:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63c8d1d4-44e2\"\r\nx-cache-status: BYPASS\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":17634,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (11857), with CRLF line terminators","md5":"ba72fefb956b594655b15214b6c1f197","sha1":"9f00c489c1b44f94d6bc3241633e05b15ba9d538","sha256":"42e1510268ebbdf3825ed1cbcef4cd91e7e7f5078bbccfa3ce51b62fd068a082","sha512":"158f6f024e3bb2de7428f4b4d45ff6115d8f31c746ee7df08f30c2e99bb1cba22e48e64f3ccbf6b9d9191f2b193e580a81c9fc982a328c5d8b1964b04951f8d3","ssdeep":"192:hXwVsWLYZzGYjWr+JRl4H4flO4iO/G4+tQgr1+aEWaLJ2NWoMSPXn0stR32BlwX3:hXwG21CWotZgr1+25E1AF2BlwX3FJ","tlshash":"f582d721a791152e353bc127bde1f2683025a471d54b6bbaf913e270cf8a0de1773b4a","first_seen":"2023-05-13T20:49:54Z","last_seen":"2026-04-07T17:46:51.836399Z","times_seen":1205,"resource_available":false,"data":null}},"time_used":762,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":762,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.amendes.gouv.fr/bg-intro.9630b0c4c57c3d72d3ec.jpg","fqdn":"www.amendes.gouv.fr","domain":"amendes.gouv.fr","tld":"gouv.fr"},"ip":{"addr":"185.8.53.118","port":443,"asn":47957,"as":"Worldline IGSA SA","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:13.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.amendes.gouv.fr","organization":"AGENCE NATIONALE DE TRAITEMENT AUTOMATISE DES INFRACTIONS"},"issuer":{"commonName":"Certigna Services CA","organization":"DHIMYOTIS"},"validity":{"start":"Sun, 08 Feb 2026 00:00:00 GMT","end":"Fri, 08 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:EA:14:F0:72:AA:C7:72:2E:E7:20:F4:49:A4:50:68:0A:AB:A0:86","sha256":"E6:44:68:4E:BE:DF:E8:B0:CE:07:54:B3:F2:CE:77:2A:84:F0:50:12:A8:87:FA:5A:0B:A5:E0:85:81:67:F8:E4"}}},"request":{"raw":"GET /bg-intro.9630b0c4c57c3d72d3ec.jpg HTTP/1.1\r\nHost: www.amendes.gouv.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 1416\r\netag: \"69c13105-588\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T17:38:17.018196Z","times_seen":13469491,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-07T12:18:11.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30; path=/\r\nlocation: infospage.php\r\nx-cache-status: BYPASS\r\nx-powered-by: PHP/8.0.30, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":57936,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-07T17:38:17.018196Z","times_seen":13469491,"resource_available":true,"data":null}},"time_used":1235,"timings":{"blocked":365,"dns":0,"connect":169,"send":0,"wait":495,"receive":10,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"www.amendes.gouv.fr/assets/fonts/open-sans/open-sans-bold.woff2","fqdn":"www.amendes.gouv.fr","domain":"amendes.gouv.fr","tld":"gouv.fr"},"ip":{"addr":"185.8.53.118","port":443,"asn":47957,"as":"Worldline IGSA SA","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.amendes.gouv.fr","organization":"AGENCE NATIONALE DE TRAITEMENT AUTOMATISE DES INFRACTIONS"},"issuer":{"commonName":"Certigna Services CA","organization":"DHIMYOTIS"},"validity":{"start":"Sun, 08 Feb 2026 00:00:00 GMT","end":"Fri, 08 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"52:EA:14:F0:72:AA:C7:72:2E:E7:20:F4:49:A4:50:68:0A:AB:A0:86","sha256":"E6:44:68:4E:BE:DF:E8:B0:CE:07:54:B3:F2:CE:77:2A:84:F0:50:12:A8:87:FA:5A:0B:A5:E0:85:81:67:F8:E4"}}},"request":{"raw":"GET /assets/fonts/open-sans/open-sans-bold.woff2 HTTP/1.1\r\nHost: www.amendes.gouv.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://services-publics.grupozasacr.com/\r\nOrigin: https://services-publics.grupozasacr.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: font/woff2\r\nlast-modified: Mon, 23 Mar 2026 12:24:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c13105-3a20\"\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14880,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14880, version 1.0","md5":"819af3d3abdc9f135d49b80a91e2ff4c","sha1":"0fd9f29faa386a9c8de328f799d2698948ed3d25","sha256":"1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc","sha512":"fc681a8936d05463290945eed1065a2a5e3e4374900a1aca1a728f900d276b801b1397d74873c1ca69680a9453f8910d677f41c81aa25cc6ce747f7ad611303a","ssdeep":"384:msMhHWtN6kDV1bhxh90tSZZOqB/dXg54gJ7JX6+BP+d2:/EHWSm18gdXSI2","tlshash":"6b62c06b31779d06f7ca20a0cd094daf6ea4ce487a62867ce2ee57770e4e705062a406","first_seen":"2023-04-06T16:32:59Z","last_seen":"2026-04-07T17:46:51.826518Z","times_seen":15381,"resource_available":false,"data":null}},"time_used":965,"timings":{"blocked":418,"dns":53,"connect":56,"send":0,"wait":112,"receive":0,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/jquery.mask/1.11.2/jquery.mask.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://services-publics.grupozasacr.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 07 Apr 2026 12:18:12 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2243\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ec3-16bb\"\r\nlast-modified: Mon, 04 May 2020 16:11:47 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1034607\r\nexpires: Sun, 28 Mar 2027 12:18:12 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FmAyuZlY42t6sdOVjo7lIbutJkkEuC8zjYJfYy05SYTqERzj%2BtVRUtbVLiJQjNui9615zTF77DeQISxTiMDQJxYzSYoyKb0I9NdMGux3a%2FJQl2fxzKSvlPnE1AGSlAhHDRKdqWFO\"}]}\r\ncf-ray: 9e88f93f1e79b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (545)","md5":"f757a9aa0bddb4d33e32ba706b94790f","sha1":"dc5e6f6e29da89457e3b313003bfaf49c799b208","sha256":"a17f2e9528214109ad7194958c1c3ba5367166dc7163f630d5c02c04a7623ef6","sha512":"63f18862c77e2da426e9b1b2b080a5c9ecf61c6088375cabb3de3052b1e84400f945251192aa9540453a98ce753bdd21a92f340011531ad883a525ddd8ed399f","ssdeep":"96:2ZWaYsPZ7hLAnoFGTb8rp8avnmK3mPZN/AszpEe6Zu6nkivStSZk+Cewbevan8J:zgVl0To1nxmTxpEprkiqtCCeievm8J","tlshash":"dcc1d9957189707363b768ea01af0246e3b7dad118de0809e61e95d0be78f8e0157f3b","first_seen":"2023-03-07T13:03:06Z","last_seen":"2026-04-07T17:46:51.838382Z","times_seen":1272,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":6,"dns":1,"connect":1,"send":0,"wait":9,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/polyfills-es2017.533ebfade82697eddcf6.js","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:12.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/polyfills-es2017.533ebfade82697eddcf6.js HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infospage.php\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 15 Jan 2023 01:16:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63c353ec-1de25\"\r\nx-cache-status: BYPASS\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":122405,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b1df07cdfe016ca2fe31198eda64db3c","sha1":"75cc9808081dac4009e2c04cab156494c1df82fa","sha256":"ad6ad13398a7ccb1ac657a7932716ae2089ed2d95d55cd97b50b630d31062a32","sha512":"08f853c1eb39a6b4b393d9a9b48d8a3862ecdac405f8399e2340fd903ecb68ae2a7757da4b4d4da9b47c77ffa601346cb4e8f8f50b845b9d37fc84812fe2d7d3","ssdeep":"1536:jqPU66ZXWw+IFMt0TvX4SoRfvGT5KusAKp2XcUOvREuf2JO1a:e86MXII9X0uorp2CvREuOM1a","tlshash":"01c3c4cdf2d2b0e297f725e4002f560be17aa995f84e89d1e165e0d0a87a54f502bf3c","first_seen":"2023-03-14T03:47:42Z","last_seen":"2026-04-07T12:18:45.963017Z","times_seen":1051,"resource_available":true,"data":null}},"time_used":415,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/banner.f9855031892baad8a497.svg","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:13.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/banner.f9855031892baad8a497.svg HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infos_files/styles.572738d2b631b3d66c72.css\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:14 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 11 Jun 2020 20:41:05 GMT\r\netag: W/\"328-5a7d4fabbae30\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-07T16:52:25.892397Z","times_seen":35178,"resource_available":true,"data":null}},"time_used":364,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infos_files/lock.d72c3b80536f448a52ed.svg","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://services-publics.grupozasacr.com/infospage.php","date":"2026-04-07T12:18:13.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infos_files/lock.d72c3b80536f448a52ed.svg HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://services-publics.grupozasacr.com/infos_files/styles.572738d2b631b3d66c72.css\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:14 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nlast-modified: Thu, 11 Jun 2020 20:41:05 GMT\r\netag: W/\"328-5a7d4fabbae30\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":808,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"a943672a32297727bab01c3e76977550","sha1":"3a667c4b7a457ef6c586cc581d533c128737bf53","sha256":"b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187","sha512":"0965d415f3a0cef31953702fdae345d46fefd72ce3c4c7a0255aede74a76e10b856892700529a444453a622793e0257248c5c99fae17d5b0b9fd4118e208068c","ssdeep":"","tlshash":"2e01bd0a08e0501bc0d3915169a0f22dc9c2f997aa5b180079ed91c6cfd5f89c9d35ac","first_seen":"2023-03-08T11:42:06Z","last_seen":"2026-04-07T16:52:25.892397Z","times_seen":35178,"resource_available":true,"data":null}},"time_used":455,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":455,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"services-publics.grupozasacr.com/infospage.php","fqdn":"services-publics.grupozasacr.com","domain":"grupozasacr.com","tld":"com"},"ip":{"addr":"190.0.230.216","port":443,"asn":263713,"as":"Server Lodge S.A.","country":"Costa Rica","country_code":"CR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-07T12:18:11.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"services-publics.grupozasacr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 20:01:02 GMT","end":"Sat, 13 Jun 2026 20:01:01 GMT"},"fingerprint":{"sha1":"CC:65:0E:9F:EF:18:C2:50:34:07:4E:3D:ED:94:CA:49:BA:5F:EE:7C","sha256":"D4:5E:4C:92:AA:26:5D:13:44:0A:19:52:4F:0C:7D:EC:07:90:1D:66:B9:DE:11:66:C9:DB:B1:D9:DA:FB:6A:05"}}},"request":{"raw":"GET /infospage.php HTTP/1.1\r\nHost: services-publics.grupozasacr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=5ris0ajakhq0r201tii6mbok30\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 07 Apr 2026 12:18:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nx-cache-status: BYPASS\r\nx-powered-by: PHP/8.0.30, PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":57936,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (46861)","md5":"3544dee68aed923383eae311de7a4ee1","sha1":"39d4ceba937751db51e9e5213a5148389d9d80fc","sha256":"018351e0e6ca09d9cfd16dc6572a23d02fbb831cc73fe18d3fa61432b01e5284","sha512":"105ac1f11f1467f97f87b2ec12c01d4d3545529b0e9d687f3e8641c589056476dd60baefb71e9d1380695e2ae883ceb16ce872e8e97b9018a3395555cee76f9e","ssdeep":"384:K3FxbWxkcv2wCAWyb32F51g5DsRt/w23dpmpuGYJubZ8gOfPcURxi0V:OxbWxk+2RKjDo/wouegOPN40V","tlshash":"b84354b1b6416c8e66cacc4467b27fce120bc5a6c1135b6e7c1b9cbcc7c93ea9291315","first_seen":"2025-05-18T09:59:37.176168Z","last_seen":"2026-04-07T17:46:51.839715Z","times_seen":21,"resource_available":true,"data":null}},"time_used":587,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-07","alert":"Sinkholed","trigger":"services-publics.grupozasacr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-07","alert":"Phishing Block","trigger":"services-publics.grupozasacr.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - French Tax Agency","verdict":"phishing","severity":"medium","comment":"Resource observed with French Tax Agency phishing","tags":["government","tax","france","phishing"],"meta":null}]}}]}