impots-gouv-fr.xyz Open in urlscan Pro
141.11.208.170 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://impots-gouv-fr.xyz/
Effective URL:
https://impots-gouv-fr.xyz/
Submission: On October 19 via manual (October 19th 2023, 9:22:29 am UTC) from FR — Scanned from FR

Summary HTTP 1 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 141.11.208.170, located in New York, United States and belongs to ASN-QUADRANET-GLOBAL, US. The main domain is impots-gouv-fr.xyz.
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.

This is the only time impots-gouv-fr.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address		AS Autonomous System
1 2	141.11.208.170 141.11.208.170		8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1	2

2 141.11.208.170 (New York, United States) 1 redirects

ASN8100 (ASN-QUADRANET-GLOBAL, US)

impots-gouv-fr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	impots-gouv-fr.xyz 1 redirects impots-gouv-fr.xyz	106 KB
1	1

	Domain	Requested by
2	impots-gouv-fr.xyz	1 redirects
1	1

This site contains links to these domains. Also see Links.

Domain
www.impots.gouv.fr
cfspart.impots.gouv.fr
cfspro.impots.gouv.fr
app.franceconnect.gouv.fr
www.telepaiement.dgfip.finances.gouv.fr

Subject Issuer	Validity	Valid
impots-gouv-fr.xyz R3	`2023-10-17` - `2024-01-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://impots-gouv-fr.xyz/
Frame ID: ED44E57ACAE39E0FECBEF0C985AF40F3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers | authentification

Page URL History Show full URLs

http://impots-gouv-fr.xyz/ HTTP 301
https://impots-gouv-fr.xyz/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

216 kB
Transfer

413 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.impots.gouv.fr/
Title: Accueil impots.gouv.FR

Search URL Search Domain Scan URL

URL: https://cfspart.impots.gouv.fr/monprofil-webapp/monCompte
Title: Votre espace particulier

Search URL Search Domain Scan URL

URL: https://cfspro.impots.gouv.fr/mire/accueil.do
Title: Votre espace professionnel

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/particulier
Title: Accueil

Search URL Search Domain Scan URL

URL: https://app.franceconnect.gouv.fr/en-savoir-plus
Title: Qu'est-ce que FranceConnect?

Search URL Search Domain Scan URL

URL: https://www.telepaiement.dgfip.finances.gouv.fr/stl/redirectPart.htm
Title: Payer en ligne

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/particulier/questions/jai-egare-les-identifiants-dacces-mon-espace-particulier-comment-puis-je-les-0
Title: ou sur vos avis

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts?4950
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://cfspart.impots.gouv.fr/LoginAccess?op=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyLw==
Title: renouveler votre mot de passe en quelques clics

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts?4949
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://www.impots.gouv.fr/portail/contacts
Title: centre des Finances publiques .

Search URL Search Domain Scan URL

URL: https://cfspart.impots.gouv.fr/
Title: impots.gouv.fr

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://impots-gouv-fr.xyz/ HTTP 301
https://impots-gouv-fr.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response impots-gouv-fr.xyz/ Redirect Chain http://impots-gouv-fr.xyz/ https://impots-gouv-fr.xyz/	253 KB 106 KB	631ms 300ms	Document text/html	141.11.208.170 ASN-QUADRANET-GLOBAL
General Check archive.org Show headers Download Go to Full URL https://impots-gouv-fr.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 141.11.208.170 New York, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US), Reverse DNS Software nginx / PleskLin Resource Hash `a0b73cd7c5f805e8a519b603ff7158ac2ad4e8b0bdbb4ddd39dd2ad947dbabb3` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers content-encoding br content-type text/html date Thu, 19 Oct 2023 09:22:11 GMT etag W/"652e5e70-3f43f" last-modified Tue, 17 Oct 2023 10:14:08 GMT server nginx x-powered-by PleskLin Redirect headers Connection keep-alive Content-Length 162 Content-Type text/html Date Thu, 19 Oct 2023 09:22:10 GMT Location https://impots-gouv-fr.xyz/ Server nginx
GET DATA	200 OK	truncated /	18 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	19 KB 19 KB		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a` Request headers Referer Origin https://impots-gouv-fr.xyz accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type text/plain
GET DATA	200 OK	truncated /	92 KB 92 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd` Request headers Referer Origin https://impots-gouv-fr.xyz accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type application/x-font-woff
GET DATA	200 OK	truncated /	14 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	4 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	6 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e` Request headers accept-language fr-FR,fr;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36 Response headers Content-Type image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://impots-gouv-fr.xyz/(Line 316) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 316) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 333) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 333) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 341) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 341) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 349) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 349) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 361) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 361) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 369) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 369) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 377) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 377) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 383) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 383) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 403) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 403) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 415) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 415) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 435) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 435) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 453) Message: This element does not support attachShadow
other	error	URL: https://impots-gouv-fr.xyz/(Line 453) Message: This element does not support attachShadow

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

impots-gouv-fr.xyz
141.11.208.170
0284492d7ed7c4b3aa4caddde43e07d08cccc51bc25b11c8d20d515d3769d55a
254798574aeb4e94ef4b45f271e804f0b63eb45def80468d9af516213ebe13dd
2be11b4cf348ebdb13674d8cf0d1938df9c71f0f64fb0fb70fa08ed40830f684
434c00e8f522092a173a70f7f6e95747cf8c2b75328bdf76c6ed1e4b2039cbbc
880cbec4f5672334414f9b979a09ad51f7158c92a694bbabfc8a83538c8e0e2e
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
a0b73cd7c5f805e8a519b603ff7158ac2ad4e8b0bdbb4ddd39dd2ad947dbabb3
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
f38f88db94a67b5fcc8f90965a6623a509e35cb81b6b252f0c9d7fdd29ff1a88

impots-gouv-fr.xyz Open in urlscan Pro 141.11.208.170 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

216 kBTransfer

413 kBSize

0 Cookies

12 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

24 Console Messages

Indicators

impots-gouv-fr.xyz Open in urlscan Pro
141.11.208.170 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

216 kB
Transfer

413 kB
Size

0
Cookies

1 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!