gouv-remboursement-impots.fr/
213.226.123.102301 Moved Permanently 162 B URL HTTP/1.1 gouv-remboursement-impots.fr/
IP 213.226.123.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET / HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 04 Nov 2022 14:28:49 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://gouv-remboursement-impots.fr/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16039
Expires: Fri, 04 Nov 2022 18:56:08 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2091
Cache-Control: max-age=157027
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 14:28:49 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:05:56 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12648
Expires: Fri, 04 Nov 2022 17:59:37 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: z1Pjmj9brrj59ASSKsUkTzts0C6W75IeRBs8WeI/VS9UqM/VC+mYn9ImXtsT8NjTYwkKJZGqZok=
x-amz-request-id: GA9MJ1EM47RG62N6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 14:09:37 GMT
age: 1152
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee3f7a11b8b286a0369b7263159
7e037a5ee1a3519c94891a9730218ec90bda484c
4aae6c76094e25a770a37caaa61250a23fd7bff4a95d6475aae4b73b02f73f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AAE6C76094E25A770A37CAAA61250A23FD7BFF4A95D6475AAE4B73B02F73F9F"
Last-Modified: Wed, 02 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 04 Nov 2022 20:28:49 GMT
Date: Fri, 04 Nov 2022 14:28:49 GMT
Connection: keep-alive
gouv-remboursement-impots.fr/
213.226.123.102200 OK 9.4 kB URL HTTP/2 gouv-remboursement-impots.fr/
IP 213.226.123.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (517), with CRLF line terminators
Hash 6dfceb2a80093ee61d6d02ac60ab0b2b
bf342fbde1e5f1042ffaa8e9b7fb0a73a79dea17
dafc43dbf0245b6ad5a554c83acdfb1dd6e2ea975b49558f443220a5c5356e5f
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET / HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/html; charset=UTF-8
content-length: 9440
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.25, PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3982
Cache-Control: max-age=153859
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 14:28:50 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 09:13:09 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
code.jquery.com/jquery-3.4.1.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.4.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash 9abb42735168ac9e960b770179b642aa
11475bf8c7244af7a820108b7762e7a3f95aa52c
df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 14:28:50 GMT
content-encoding: gzip
content-length: 30638
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1667572130.dop215.sk1.t,1667572130.cds227.sk1.hn,1667572130.cds201.sk1.c
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 2.2 kB IP 172.64.155.188:0
Hash 476b53d324c14c08bea930e2f6db03af
eecd961d5ba926a7f95c07305718c1da03db447b
d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7bdb7b518-OSL
ocsp.usertrust.com/
172.64.155.188200 OK 2.2 kB IP 172.64.155.188:0
Hash 476b53d324c14c08bea930e2f6db03af
eecd961d5ba926a7f95c07305718c1da03db447b
d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7bacbb4fd-OSL
gouv-remboursement-impots.fr/templates/images/num_acces.svg
213.226.123.102404 Not Found 3.0 kB URL HTTP/2 gouv-remboursement-impots.fr/templates/images/num_acces.svg
IP 213.226.123.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7b94d81843a3975809fffc98898bbc6e
6ce4758375bed46d9546d8515b34ce7ca778a51f
8bcb04a4469ebb5217a27584d282b2001cf42a9a7bb538dcd569f21cf8b8a699
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET /templates/images/num_acces.svg HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2
ocsp.usertrust.com/
172.64.155.188200 OK 2.2 kB IP 172.64.155.188:0
Hash 476b53d324c14c08bea930e2f6db03af
eecd961d5ba926a7f95c07305718c1da03db447b
d594fdac96f2029062ef63f2a53d4b81d0d3484f54294f97167ae5988caa7f65
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 10:12:16 GMT
Expires: Wed, 09 Nov 2022 10:12:15 GMT
Etag: "eecd961d5ba926a7f95c07305718c1da03db447b"
Cache-Control: max-age=603984,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 598
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 764e09d7baa0b4fa-OSL
push.services.mozilla.com/
52.27.12.161101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.27.12.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GHsJVqup+2y+hOYc4hBrIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: irMHyGmSgcdJ9YVgDBnBWAbHBzA=
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b960cb663c9a47ccb8be722e0ac0f5d
36d37e8a0e97a65891c80375e850e36bb04d13fa
0076803c110b6bbc49b591119daa8ca2085b1cacd1f9c37e7ff8fe45e2fa149e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7d9c3b521-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b960cb663c9a47ccb8be722e0ac0f5d
36d37e8a0e97a65891c80375e850e36bb04d13fa
0076803c110b6bbc49b591119daa8ca2085b1cacd1f9c37e7ff8fe45e2fa149e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7dd800b59-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b960cb663c9a47ccb8be722e0ac0f5d
36d37e8a0e97a65891c80375e850e36bb04d13fa
0076803c110b6bbc49b591119daa8ca2085b1cacd1f9c37e7ff8fe45e2fa149e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7de720b69-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 4b960cb663c9a47ccb8be722e0ac0f5d
36d37e8a0e97a65891c80375e850e36bb04d13fa
0076803c110b6bbc49b591119daa8ca2085b1cacd1f9c37e7ff8fe45e2fa149e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 06:59:06 GMT
Expires: Fri, 11 Nov 2022 06:59:05 GMT
Etag: "36d37e8a0e97a65891c80375e850e36bb04d13fa"
Cache-Control: max-age=577214,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764e09d7dae4b51e-OSL
cfspart.impots.gouv.fr/templates/styles/commun.css
145.242.11.27200 OK 1.8 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/styles/commun.css
IP 145.242.11.27:0
File type assembler source, Unicode text, UTF-8 text, with very long lines (406)
Hash 5e572b57227a5c5520141671d4da4795
0c1363cf4a122a5a970685dbb4b378ee26ff0ca4
863ad9805bdc066ecf28bceef4bd032a20d520830c6cf58239b59d4e05e39c84
GET /templates/styles/commun.css HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2022 15:32:16 GMT
ETag: "235ef-168c-5daf88d106e94"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 1844
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/css
cfspart.impots.gouv.fr/templates/styles/mire.css
145.242.11.27200 OK 918 B URL HTTP/1.1 cfspart.impots.gouv.fr/templates/styles/mire.css
IP 145.242.11.27:0
Hash c75a54e6a1bdd3848e362c4d75f6b579
69221c49b6c4cf5f9ba684d60d8b30fb8231397a
604dad20e852a4b0fe0b0c3fd59866cee41baece2157191b325e1cc29d598193
GET /templates/styles/mire.css HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:18:38 GMT
ETag: "2361f-ab7-5bd3d97a7c5aa"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 918
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/css
cfspart.impots.gouv.fr/templates/styles/dac.css
145.242.11.27200 OK 437 B URL HTTP/1.1 cfspart.impots.gouv.fr/templates/styles/dac.css
IP 145.242.11.27:0
Hash c1124596b18d57508ee39db304da59d4
7cc5b65c9902ae98e82a1cf9a884f4fa3f9d2aeb
403448fd4658eddab6100cb7bcf32fdaf63f924f1181f17e7a12beae252d8506
GET /templates/styles/dac.css HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2020 06:19:15 GMT
ETag: "2361e-303-5a2208c0b7b77"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 437
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/css
cfspart.impots.gouv.fr/templates/styles/bootstrap.min.css
145.242.11.27200 OK 18 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/styles/bootstrap.min.css
IP 145.242.11.27:0
File type ASCII text, with very long lines (64976)
Hash db006281e289b3ae6b6060c79c31a00c
f6f62e6d5e14c6e5b58b0d052ca93f45b8788bb3
e89a986856994c6f85e190ecb3963c2f2481becea206b032b022b8492aefedb5
GET /templates/styles/bootstrap.min.css HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Mon, 26 Aug 2019 06:35:15 GMT
ETag: "23c4f-1a442-590ff5bde6688"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 17849
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/css
cfspart.impots.gouv.fr/templates/images/bloc-marque.svg
145.242.11.27200 OK 5.7 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/images/bloc-marque.svg
IP 145.242.11.27:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (17928), with no line terminators
Hash 542e90e968e808958f23740d028bf385
21df8fb442714890c2d45d889692e8168fa47486
c9c4a16bfc62ca1cb83c8e7704e49f1710c736bd89f54078e5304570d179aaba
GET /templates/images/bloc-marque.svg HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/templates/styles/commun.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:17:25 GMT
ETag: "23dd7-4608-5bd3d9351519f"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 5743
Age: 285
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
cfspart.impots.gouv.fr/templates/images/logo_impots.svg
145.242.11.27200 OK 1.3 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/images/logo_impots.svg
IP 145.242.11.27:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3344), with no line terminators
Hash 06c5a27ab846e65558b2994b38989c29
4961fc7074a2750dd4ddb0914ef9d28045cbf949
efc7ede915c6c97c167e293ae4488dcba99c37d6a4dafc4aa1ca543f0fcd0623
GET /templates/images/logo_impots.svg HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/templates/styles/commun.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 11 Mar 2021 07:17:25 GMT
ETag: "23dd6-d10-5bd3d935020f0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Content-Length: 1340
Age: 285
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
gouv-remboursement-impots.fr/assets/fonts/fonts/icofont.woff2
213.226.123.102200 OK 538 kB URL HTTP/2 gouv-remboursement-impots.fr/assets/fonts/fonts/icofont.woff2
IP 213.226.123.102:0
File type Web Open Font Format (Version 2), TrueType, length 537868, version 1.0\012- data
Size 538 kB (537868 bytes)
Hash 50a4ab76e700a83e649be213f820fbbd
28ad9e9ac82f86c50eb4dd3d713a0698473bdbb3
242e542871bd77c8ff6375418e349ef6b3a32a208e15ca1441166641d212a6a1
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET /assets/fonts/fonts/icofont.woff2 HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/assets/fonts/icofont.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: font/woff2
content-length: 537868
last-modified: Wed, 02 Nov 2022 23:35:31 GMT
etag: "6362fec3-8350c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff2
145.242.11.27200 OK 19 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff2
IP 145.242.11.27:0
File type Web Open Font Format (Version 2), TrueType, length 19392, version 1.0\012- data
Hash 6e2308ee6037e901e59de209310cf5ff
cea4c2bb4465f3c1a7692d2b218c3b1a41b7426a
516c7b2926dbd461e33f19ff05db8587e5990184dba657483d5a569cc099a8ee
GET /templates/polices/open-sans-latin-ext-regular.woff2 HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:50 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2022 15:33:06 GMT
ETag: "23de5-4bc0-5daf890023697"
Accept-Ranges: bytes
Content-Length: 19392
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Age: 285
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/plain; charset=utf-8
www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico
152.199.19.61301 Moved Permanently 273 B URL HTTP/2 www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico
IP 152.199.19.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ad6306c636cce3eeed000fc2d312187f
8c0249380a3c7a1d990e26b3aa3b3c31b8eb9ff3
78ab2d21260c5214e7f1c114a8c374141edc9532b803400ca71928eb4e12eb25
GET /portail/sites/all/themes/impotsgouv/favicon.ico HTTP/1.1
Host: www.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
age: 892919
cache-control: must-revalidate
content-type: text/html; charset=iso-8859-1
date: Tue, 25 Oct 2022 06:26:52 GMT
expires: Tue, 08 Nov 2022 06:26:52 GMT
location: https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico
server: ECAcc (ska/F7BB)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff
content-length: 273
X-Firefox-Spdy: h2
cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff
145.242.11.27200 OK 17 kB URL HTTP/1.1 cfspart.impots.gouv.fr/templates/polices/open-sans-latin-ext-regular.woff
IP 145.242.11.27:0
File type Web Open Font Format, TrueType, length 24424, version 1.1\012- data
Hash d6522106abececb0decdbbbece49aeda
64640744beadf134dba3182f037ae60679a3f826
074fb1484d702e68f40130cb592d2d2c996f8f977701ed95bf3d480fb97a359a
GET /templates/polices/open-sans-latin-ext-regular.woff HTTP/1.1
Host: cfspart.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gouv-remboursement-impots.fr
Connection: keep-alive
Referer: https://cfspart.impots.gouv.fr/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 14:28:51 GMT
Server: Apache
ETag: "21d50-5f68-5daf8900111a0"
Accept-Ranges: bytes
Content-Length: 24424
Via: dpapusx043
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com ; form-action 'self' ; img-src 'self' https://www.impots.gouv.fr ; upgrade-insecure-requests ;
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 24 Mar 2022 15:33:06 GMT
Keep-Alive: timeout=1, max=99
Connection: Keep-Alive
Content-Type: application/x-font-woff
gouv-remboursement-impots.fr/templates/images/rfr.svg
213.226.123.102404 Not Found 873 B URL HTTP/2 gouv-remboursement-impots.fr/templates/images/rfr.svg
IP 213.226.123.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b8815e8a49276d8253fe3856417f180a
24bc71a8302d43384d8bd332b400a3a6967dda40
cafb5081ccf2be52a51551e26523766335175fc7e3fa6fb74e0148fa013b22fe
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET /templates/images/rfr.svg HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6054
Expires: Fri, 04 Nov 2022 16:09:45 GMT
Date: Fri, 04 Nov 2022 14:28:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 59751
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a763d44e05fa357713a41ab1388974a
d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd
f351b7e90e5435af071892b62af3ac591bc553281b3ea63b1ae067a3d03f572d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7703
x-amzn-requestid: 4f835957-6df6-4001-9c34-ed9749000b46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpFGwoAMF0-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-3f7b7dd36cb07d057b64ec2f;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5_POzz6quaFlv3R4djTMvwuiLWqmvHLCrZ58DtyQPJG8yWQoxV0LjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:11 GMT
etag: "d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd"
content-type: image/jpeg
age: 59740
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d1ffcec-ac2d-417a-85e7-0b20637346cd.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d1ffcec-ac2d-417a-85e7-0b20637346cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 624674545b8fd9d4011cd2c1ddc67746
4f69918018bc3fb0ab6344279a8ab5aaab062279
f1b180cacf2f836e35b567d009e173dc8a8339d146d7157fc6bb429cc4e3adc6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d1ffcec-ac2d-417a-85e7-0b20637346cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6535
x-amzn-requestid: 92454d07-58a9-4fbf-b528-bd481f9d8bbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0WkH58oAMFV2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643429-6394260c28b7778c7573b946;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:37 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Hwoh3Qf6s6V9hUqTmgYd2yXVdWAi0cHINMzCJM0ZCdNXhHLLiy_hYA==
via: 1.1 637ef0a7bc474e9a314fa064b65e8082.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:51:50 GMT
age: 59821
etag: "4f69918018bc3fb0ab6344279a8ab5aaab062279"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5aedde5b1d003651d773c89833460868
29ca25963b777fd7463c65d8cde6d65172c996e1
04b95b954d7d992e6547d05d052c6f3f8a4cfb4a5988f9e6c6629969053bf7b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a631333-54a4-458c-b54b-2dd96d4ede5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11188
x-amzn-requestid: 72e0a128-e0c4-4a93-8e29-01a574b2d1c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0XNHPcoAMFkNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364342d-341a40d37b7bcc9153749d67;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eo3FBGjoivBN1-4xP1UiTocKbLd87acRtOX2AQrPr1a4yDboDrXYRA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:19 GMT
age: 59732
etag: "29ca25963b777fd7463c65d8cde6d65172c996e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c472942cb4b85610a3e83edf7527f923
8191eb019b21bed2b9f53c755e1c24d08dc70760
0dc7f9902567b0130c1c34b6e356b8239f8e6c83e1d38ac9b74588270000279c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10810
x-amzn-requestid: 85c9096f-2671-4f0e-94a3-607254d036d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC057E5yIAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364350c-3c93b6e56e6141a63d1285eb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Rr6GO1Bb6pdxYxNFuwmG2Srs9uGM7tOTffgnyWys0zDjGCDrONRxUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "8191eb019b21bed2b9f53c755e1c24d08dc70760"
content-type: image/jpeg
age: 59751
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: w5Nv6yf06dCHv6q9wt8-guOfQSMywfZFoXxwWvcLc9FtdwgRIqPcUQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 18:32:15 GMT
age: 71796
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico
152.199.19.61404 Not Found 0 B URL HTTP/2 www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico
IP 152.199.19.61:0
GET /sites/all/themes/impotsgouv/favicon.ico HTTP/1.1
Host: www.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gouv-remboursement-impots.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
age: 0
cache-control: must-revalidate
content-language: fr
content-type: text/html; charset=UTF-8
date: Fri, 04 Nov 2022 14:28:51 GMT
expires: Fri, 04 Nov 2022 14:29:51 GMT
from-origin: same
permissions-policy: interest-cohort=()
server: ECAcc (ska/F69C)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff, nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 1
X-Firefox-Spdy: h2
gouv-remboursement-impots.fr/assets/js/all.js
213.226.123.102200 OK 0 B URL HTTP/2 gouv-remboursement-impots.fr/assets/js/all.js
IP 213.226.123.102:0
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET /assets/js/all.js HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 23:35:32 GMT
etag: W/"6362fec4-a7f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
gouv-remboursement-impots.fr/templates/images/Small-logoSMART.png
213.226.123.102404 Not Found 0 B URL HTTP/2 gouv-remboursement-impots.fr/templates/images/Small-logoSMART.png
IP 213.226.123.102:0
Analyzer Verdict Alert openphish DGI (French Tax Authority)
GET /templates/images/Small-logoSMART.png HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2
www.impots.gouv.fr/sites/all/themes/impotsgouv/images/favicon/favicon-152.png
152.199.19.61404 Not Found 0 B URL HTTP/2 www.impots.gouv.fr/sites/all/themes/impotsgouv/images/favicon/favicon-152.png
IP 152.199.19.61:0
GET /sites/all/themes/impotsgouv/images/favicon/favicon-152.png HTTP/1.1
Host: www.impots.gouv.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gouv-remboursement-impots.fr/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
age: 0
cache-control: must-revalidate
content-language: fr
content-type: text/html; charset=UTF-8
date: Fri, 04 Nov 2022 14:28:51 GMT
expires: Fri, 04 Nov 2022 14:29:51 GMT
from-origin: same
permissions-policy: interest-cohort=()
server: ECAcc (ska/F737)
strict-transport-security: max-age=34560000; includeSubDomains
x-content-type-options: nosniff, nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 1
X-Firefox-Spdy: h2
gouv-remboursement-impots.fr/assets/fonts/icofont.min.css
213.226.123.102200 OK 0 B URL HTTP/2 gouv-remboursement-impots.fr/assets/fonts/icofont.min.css
IP 213.226.123.102:0
Analyzer Verdict Alert openphish DGI (French Tax Authority)
GET /assets/fonts/icofont.min.css HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 23:35:31 GMT
etag: W/"6362fec3-16830"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
gouv-remboursement-impots.fr/templates/images/Small-logoSMART.png
213.226.123.102404 Not Found 0 B URL HTTP/2 gouv-remboursement-impots.fr/templates/images/Small-logoSMART.png
IP 213.226.123.102:0
Analyzer Verdict Alert openphish DGI (French Tax Authority)
GET /templates/images/Small-logoSMART.png HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: text/html
last-modified: Wed, 02 Nov 2022 23:29:15 GMT
etag: W/"328-5ec85357795d7"
content-encoding: br
X-Firefox-Spdy: h2
gouv-remboursement-impots.fr/assets/js/mask.js
213.226.123.102200 OK 0 B URL HTTP/2 gouv-remboursement-impots.fr/assets/js/mask.js
IP 213.226.123.102:0
Analyzer Verdict Alert openphish DGI (French Tax Authority)
fortinet Phishing
GET /assets/js/mask.js HTTP/1.1
Host: gouv-remboursement-impots.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gouv-remboursement-impots.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 14:28:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 23:35:32 GMT
etag: W/"6362fec4-5ce2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2