impots-gouv-fr.xyz
Open in
urlscan Pro
141.11.208.170
Malicious Activity!
Public Scan
Effective URL: https://impots-gouv-fr.xyz/
Submission: On October 19 via manual from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.
This is the only time impots-gouv-fr.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Impots Gouv (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 141.11.208.170 141.11.208.170 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
1 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
impots-gouv-fr.xyz
1 redirects
impots-gouv-fr.xyz |
106 KB |
1 | 1 |
Domain | Requested by | |
---|---|---|
2 | impots-gouv-fr.xyz | 1 redirects |
1 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.impots.gouv.fr |
cfspart.impots.gouv.fr |
cfspro.impots.gouv.fr |
app.franceconnect.gouv.fr |
www.telepaiement.dgfip.finances.gouv.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
impots-gouv-fr.xyz R3 |
2023-10-17 - 2024-01-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://impots-gouv-fr.xyz/
Frame ID: ED44E57ACAE39E0FECBEF0C985AF40F3
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Particuliers | authentificationPage URL History Show full URLs
-
http://impots-gouv-fr.xyz/
HTTP 301
https://impots-gouv-fr.xyz/ Page URL
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: Accueil impots.gouv.FR
Search URL Search Domain Scan URL
Title: Votre espace particulier
Search URL Search Domain Scan URL
Title: Votre espace professionnel
Search URL Search Domain Scan URL
Title: Accueil
Search URL Search Domain Scan URL
Title: Qu'est-ce que FranceConnect?
Search URL Search Domain Scan URL
Title: Payer en ligne
Search URL Search Domain Scan URL
Title: ou sur vos avis
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: renouveler votre mot de passe en quelques clics
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: centre des Finances publiques .
Search URL Search Domain Scan URL
Title: impots.gouv.fr
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://impots-gouv-fr.xyz/
HTTP 301
https://impots-gouv-fr.xyz/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
impots-gouv-fr.xyz/ Redirect Chain
|
253 KB 106 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 19 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
92 KB 92 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Impots Gouv (Government)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 00 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
24 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
impots-gouv-fr.xyz
141.11.208.170
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
a0b73cd7c5f805e8a519b603ff7158ac2ad4e8b0bdbb4ddd39dd2ad947dbabb3
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88