dgfip-finances-gouv-fr.imtguvlogin.com Open in urlscan Pro
2606:4700:3031::6815:5bc8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/
Submission: On January 16 via automatic, source phishtank (January 16th 2024, 11:39:01 am UTC) — Scanned from FR

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3031::6815:5bc8, located in United States and belongs to CLOUDFLARENET, US. The main domain is dgfip-finances-gouv-fr.imtguvlogin.com.
TLS certificate: Issued by GTS CA 1P5 on January 15th 2024. Valid for: 3 months.

This is the only time dgfip-finances-gouv-fr.imtguvlogin.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address		AS Autonomous System
9	2606:4700:303... 2606:4700:3031::6815:5bc8		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

9 2606:4700:3031::6815:5bc8 (United States)

ASN13335 (CLOUDFLARENET, US)

dgfip-finances-gouv-fr.imtguvlogin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	imtguvlogin.com dgfip-finances-gouv-fr.imtguvlogin.com	26 KB
0	impots.gouv.fr Failed cfspart.impots.gouv.fr Failed
11	2

	Domain	Requested by
9	dgfip-finances-gouv-fr.imtguvlogin.com	dgfip-finances-gouv-fr.imtguvlogin.com
0	cfspart.impots.gouv.fr Failed	dgfip-finances-gouv-fr.imtguvlogin.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
imtguvlogin.com GTS CA 1P5	`2024-01-15` - `2024-04-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/
Frame ID: ED356EF3BD3EA40DF4D7DC54FFD0CF56
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers | authentification

Page Statistics

11
Requests

82 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

26 kB
Transfer

48 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/	6 KB 2 KB	676ms 598ms	Document text/html	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `51536e9183afc18effba7704a3d629980d059ea43e8f3f395950d7ec825add66` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 846613339b2b2a41-CDG content-encoding br content-type text/html date Tue, 16 Jan 2024 11:38:56 GMT last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G3LLJj3pSAJ%2BSOKRl8xRGH0ASdPJ%2BnB1A0J5zgYY5njCSZXCaaiReJv5vyJdI5z%2FnklgFLH%2FocK%2FAOA%2Fc%2FWLOGxMJgOKUl6R%2FNXz0jaJRTXfXPhadrXDA20QxXAyGTrt%2BUi4mQ37PD7yUl7f40rXiks5Idazpukcw4TwriYC%2BptojgLF5Q%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	style.css dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/css/	8 KB 2 KB	580ms 579ms	Stylesheet text/css	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/css/style.css Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c8a2b949015825c75754bc25f097765f60ed94d2b4cf6ae2fd5fc084aec965df` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT content-encoding br cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1eb6-60efb9765ad05-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KdxSXoyEieZ6xMgasSkzAIqB0cjn8LKhzQN7OOH9HdAthb8BMU%2BXEUyt21OdQ%2FVQIFmykuKj6ATjqp3DyiIw0L43sVIsgY3mfNsoNyL1NAQ9XafPcKmCJhOQVvZY7HktAct2ETsdPtYn25SQP0V3wnbxe36dZbJ1sYBuPZLCOTiZNViEg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8466133758be2a41-CDG alt-svc h3=":443"; ma=86400
GET H2	200	logoin1.svg dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	18 KB 6 KB	602ms 601ms	Image image/svg+xml	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/logoin1.svg Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4608-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=haYX1jJQruNaDrlXMk6o8%2FxJh5T4pyIhhptU2eiwC%2BdyaXqPv2h1sb9dFUFlmeW9D8%2FsgJc4oEJ0ti5DpqIPiPTeWoDypxt1zWD%2BdBx3FE%2B0ToxtcFAVfrY2eGaG8K%2BiZFak32wfFrYRYlisfcHY8oxiWHzir6IpipTpbRvNjP696iaQEg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 8466133758c02a41-CDG alt-svc h3=":443"; ma=86400
GET H2	200	logoin2.svg dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	3 KB 2 KB	605ms 604ms	Image image/svg+xml	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/logoin2.svg Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT content-encoding br cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"d10-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KEzZa8J2Jg%2BxWanPPBHMUSB9bLbBUyM84pxp45cZkz8gtSycD9Pg7P5HSpZKjseEDaccvCFnnZwuA379%2BwEEf%2FqTOW9aIXZVMEL%2BzLx5vLGCEbpb5%2BP4kLpW12Iq4b9r56oOzmkZirP%2FPRpcBn0KF5X9qtW12eSTIPfsvTkj6RNe2NCLmw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 8466133768c12a41-CDG alt-svc h3=":443"; ma=86400
GET H2	200	wawzeay0.png dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	686 B 1 KB	606ms 605ms	Image image/png	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/wawzeay0.png Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d0741e418e5fa6fe7a6d2f5f42083d5aec49beb9e2ab2ec93a5c76e88b52381` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2ae-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mbVWJw41Lo%2FZDOBTYAUW4Vh68K0NNeKvZND7OhEAIwmXbEp8VikovTBYZ9tkSQMdu1XtEd510SFjRHdfCt15IaQxXhwsz97WcFygoDQ%2FjLLeRQA56e6WkL4JJ5Gx11xTl1FiHiUnZmyag4yEPxdKvI18Jr4l2IjXeiPLeCQzx2SC2ydBvA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8466133768c22a41-CDG alt-svc h3=":443"; ma=86400 content-length 686
GET H2	200	hmarwaaw1192.png dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	678 B 1 KB	579ms 578ms	Image image/png	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/hmarwaaw1192.png Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4d12b8796dded3fa21ae1cd8142ecadf3fb5e92b64232a6f5b57e4145c9d0d68` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2a6-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VL55Bz1Su7i52ST863vEPhHUc68XooFXCr6zJWcSZzDuJyMPtJWxcgYDIFpTKGzExFexIJw9QGg%2FarrRiI%2FupqKiEuA%2BjMh%2Bz8SDXBhONTZX4fbiiG64%2BwpAVz5FW01i2GrWpXXd4Yf3uOvCHT61RBBgNsJcglOiSK1OlrF8aXS1ZORQjA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8466133768c52a41-CDG alt-svc h3=":443"; ma=86400 content-length 678
GET H2	200	goospayawa101.png dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	10 KB 10 KB	601ms 600ms	Image image/png	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/goospayawa101.png Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4cf4a799d8e8d76b027cf25800d00d2f0ef7ea8219933af5f57144b126c3c539` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2671-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swln2vUYmisVoYZKgT81fCvs8oc7%2BKuOosodWGHaHvs6ZQ%2FaKt%2BK4i966CuSzdoPkTHkU7hyeHMv6siEJge%2FcRq2aNv3E1TFgRgg0QLpZrGriazsEHIpwrb5%2Bq%2FV3OIEXFhjefv6JYyCXkjf5We%2BPPDzrdXeihrmU7t8mxnI5l8rkPdAmw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8466133768c62a41-CDG alt-svc h3=":443"; ma=86400 content-length 9841
GET H2	200	popopauy1010.png dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/	2 KB 2 KB	580ms 580ms	Image image/png	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/img/popopauy1010.png Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2e4751a03f6bae610276711572bef318b0fa4fc5abc0003cff54043b17b78e82` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "700-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIGoiD1DA9f0%2FC4vHIkT%2Bu4WOw7kmgx52R4y%2Fa1B54VBmh31nGZCRPb1ny4XgarfAl9JiSzXciAQv8d6cTeUZneogVailxlItk04b1vzGdr2y0olG7av3P1XoGmnqecwmySrQHDcKTLKo2Lcrah%2BNlK7DeWoX382SggyJ0p9UA9og2ZatA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8466133768ca2a41-CDG alt-svc h3=":443"; ma=86400 content-length 1792
GET H2	200	main.js Show response dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/js/	666 B 542 B	581ms 581ms	Script text/javascript	2606:4700:3031::6815:5bc8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/js/main.js Requested by Host: dgfip-finances-gouv-fr.imtguvlogin.com URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:5bc8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7639019193b23e3e493a6cfb780d540c865098afd9b9456a972b2b87c6f18253` Request headers accept-language fr-FR,fr;q=0.9 Referer https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Response headers date Tue, 16 Jan 2024 11:38:57 GMT content-encoding br cf-cache-status MISS last-modified Mon, 15 Jan 2024 12:59:59 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"29a-60efb9765ad05" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lVzToF8jGMMzFFE3kXr2HLU%2FUpv9gb3evAKtdKI6GXLwhvAohb3zWtlDI7fC3LbrATQpbhvwVEQHHwkERQxg0KGBBDNRMhXTI4fSdC3oYj0FkshQZ%2FIR6M8QJw%2BFv5BfFp2T1uLsI459q7hXGC9CX%2BaFKg%2B8qq0IkeL38CHMpt%2B5mTumJQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 8466133768c82a41-CDG alt-svc h3=":443"; ma=86400
GET		open-sans-latin-ext-regular.woff2 cfspart.impots.gouv.fr/templates//polices/	0 0

GET		open-sans-latin-ext-regular.woff cfspart.impots.gouv.fr/templates/polices/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cfspart.impots.gouv.fr
URL: https://cfspart.impots.gouv.fr/templates//polices/open-sans-latin-ext-regular.woff2

Domain: cfspart.impots.gouv.fr
URL: https://cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Message: Access to font at 'https://cfspart.impots.gouv.fr/templates//polices/open-sans-latin-ext-regular.woff2' from origin 'https://dgfip-finances-gouv-fr.imtguvlogin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cfspart.impots.gouv.fr/templates//polices/open-sans-latin-ext-regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dgfip-finances-gouv-fr.imtguvlogin.com/connect/fr/10d83/ Message: Access to font at 'https://cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff' from origin 'https://dgfip-finances-gouv-fr.imtguvlogin.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cfspart.impots.gouv.fr
dgfip-finances-gouv-fr.imtguvlogin.com
cfspart.impots.gouv.fr
2606:4700:3031::6815:5bc8
0d0741e418e5fa6fe7a6d2f5f42083d5aec49beb9e2ab2ec93a5c76e88b52381
2e4751a03f6bae610276711572bef318b0fa4fc5abc0003cff54043b17b78e82
4cf4a799d8e8d76b027cf25800d00d2f0ef7ea8219933af5f57144b126c3c539
4d12b8796dded3fa21ae1cd8142ecadf3fb5e92b64232a6f5b57e4145c9d0d68
51536e9183afc18effba7704a3d629980d059ea43e8f3f395950d7ec825add66
7639019193b23e3e493a6cfb780d540c865098afd9b9456a972b2b87c6f18253
90d8552964c8e804a6dea1870bfd34d3114389e6c28b725bcdec63808b75c8a6
c4502e1bffc9155988eeb261ae88885e93211e73cad60005d710ba19ac860b5e
c8a2b949015825c75754bc25f097765f60ed94d2b4cf6ae2fd5fc084aec965df

dgfip-finances-gouv-fr.imtguvlogin.com Open in urlscan Pro 2606:4700:3031::6815:5bc8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

82 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

26 kBTransfer

48 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

dgfip-finances-gouv-fr.imtguvlogin.com Open in urlscan Pro
2606:4700:3031::6815:5bc8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

82 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

26 kB
Transfer

48 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!