Page 1 sur 1

Pishing impôts

Publié : 13 nov. 2017 17:47
par angelique
Le lien de redirection est en https quand on clic sur l'adresse dans le mail hxxp://martgetagds.com/ amène directement sur https://wwx.impots-gouv-cfmp.com/telepaiements/home/ (capture 2)

On est bien d'accord que https://wwx.impots-gouv-cfmp.com/telepaiements/home/ n'est pas le site officiel des impôts ????

ping -c3 impots-gouv-cfmp.com
PING impots-gouv-cfmp.com (160.153.128.5) 56(84) bytes of data.
64 bytes from ip-160-153-128-5.ip.secureserver.net (160.153.128.5): icmp_seq=1 ttl=48 time=35.5 ms

http://en.utrace.de/?query=160.153.128.5




➯ hxxp://martgetagds.com basé à berlin http://en.utrace.de/?query=81.169.145.168

Code : Tout sélectionner

21/tcp   open     ftp        ftpd.bin round-robin file server 3.4.0r12
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
25/tcp   filtered smtp
80/tcp   open     http-proxy F5 BIG-IP load balancer http proxy
| http-server-header: 
|   Apache/2.2.31 (Unix)
|_  BigIP
|_http-title: 404 Not Found
443/tcp  open     ssl/https  Apache/2.4.29 (Unix)
| http-methods: 
|_  Supported Methods: GET HEAD POST
|_http-server-header: Apache/2.4.29 (Unix)
|_http-title: 400 Bad Request
1863/tcp filtered msnp
5050/tcp filtered mmcc
5190/tcp filtered aol

resolver2.opendns.com.domain > 192.168.0.16.44691: [udp sum ok] 52636 q: A? martgetagds.com. 1/0/0 martgetagds.com. A 81.169.145.168 (49)
16:31:38.997155 IP (tos 0x0, ttl 64, id 58586, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.16.57276 > wa8.rzone.de.http: Flags [S], cksum 0x872b (correct), seq 2975964840, win 29200, options [mss 1460,sackOK,TS val 3242610 ecr 0,nop,wscale 7], length 0
16:31:38.997389 IP (tos 0x0, ttl 64, id 38159, offset 0, flags [DF], proto UDP (17), length 73)
192.168.0.16.44691 > resolver2.opendns.com.domain: [udp sum ok] 19859+ PTR? 168.145.169.81.in-addr.arpa. (45)
16:31:39.019525 IP (tos 0x0, ttl 55, id 33442, offset 0, flags [DF], proto UDP (17), length 99)
resolver2.opendns.com.domain > 192.168.0.16.44691: [udp sum ok] 19859 q: PTR? 168.145.169.81.in-addr.arpa. 1/0/0 168.145.169.81.in-addr.arpa. PTR wa8.rzone.de. (71)
16:31:39.029629 IP (tos 0x0, ttl 241, id 60560, offset 0, flags [DF], proto TCP (6), length 60)
wa8.rzone.de.http > 192.168.0.16.57276: Flags [S.], cksum 0xb5c2 (correct), seq 3231307694, ack 2975964841, win 4254, options [mss 1460,nop,nop,TS val 3053578120 ecr 3242610,sackOK,eol], length 0
16:31:39.029714 IP (tos 0x0, ttl 64, id 58587, offset 0, flags [DF], proto TCP (6), length 52)
192.168.0.16.57276 > wa8.rzone.de.http: Flags [.], cksum 0x800b (correct), seq 1, ack 1, win 29200, options [nop,nop,TS val 3242618 ecr 3053578120], length 0
16:31:39.029931 IP (tos 0x0, ttl 64, id 58588, offset 0, flags [DF], proto TCP (6), length 402)
192.168.0.16.57276 > wa8.rzone.de.http: Flags [P.], cksum 0xb5fb (correct), seq 1:351, ack 1, win 29200, options [nop,nop,TS val 3242618 ecr 3053578120], length 350: HTTP, length: 350
GET / HTTP/1.1
Host: martgetagds.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

16:31:39.065329 IP (tos 0x0, ttl 241, id 64883, offset 0, flags [DF], proto TCP (6), length 52)
wa8.rzone.de.http > 192.168.0.16.57276: Flags [.], cksum 0xde9e (correct), seq 1, ack 351, win 4604, options [nop,nop,TS val 3053578155 ecr 3242618], length 0
16:31:39.079623 IP (tos 0x0, ttl 55, id 33447, offset 0, flags [DF], proto UDP (17), length 89)
resolver2.opendns.com.domain > 192.168.0.16.44691: [udp sum ok] 3571 q: AAAA? martgetagds.com. 1/0/0 martgetagds.com. AAAA 2a01:238:20a:202:1168:: (61)
16:31:39.106643 IP (tos 0x0, ttl 241, id 3970, offset 0, flags [DF], proto TCP (6), length 326)
wa8.rzone.de.http > 192.168.0.16.57276: Flags [P.], cksum 0xb05a (correct), seq 1:275, ack 351, win 4604, options [nop,nop,TS val 3053578197 ecr 3242618], length 274: HTTP, length: 274
HTTP/1.1 302 Found
Date: Mon, 13 Nov 2017 15:31:38 GMT
Server: Apache/2.2.31 (Unix)
X-Powered-By: PHP/7.0.24
Location: https://wwx.impots-gouv-cfmp.com/telepaiements/

Content-Length: 0
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html


Donc pour résumer je le trouve bien fichu et vais signaler le lien.

Re: Pishing impôts

Publié : 14 nov. 2017 20:17
par angelique
Le lien est référencé désormais comme merde (cf. capt.)