courses.serenitybirthstudio.com
Open in
urlscan Pro
52.1.125.126
Malicious Activity!
Public Scan
Effective URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Submission: On July 23 via automatic, source openphish — Scanned from DE
Summary
This is the only time courses.serenitybirthstudio.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Impots Gouv (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 52.1.125.126 52.1.125.126 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: host.nohassleplatform.com
courses.serenitybirthstudio.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
serenitybirthstudio.com
1 redirects
courses.serenitybirthstudio.com |
86 KB |
1 |
gstatic.com
fonts.gstatic.com |
19 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 82 |
1 KB |
1 |
rawgit.com
rawgit.com — Cisco Umbrella Rank: 10389 |
39 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 724 |
82 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
15 | courses.serenitybirthstudio.com |
1 redirects
courses.serenitybirthstudio.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
courses.serenitybirthstudio.com
|
1 | rawgit.com |
courses.serenitybirthstudio.com
|
1 | code.jquery.com |
courses.serenitybirthstudio.com
|
18 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
rawgit.com GTS CA 1P5 |
2023-07-04 - 2023-10-02 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-03 - 2023-09-25 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-07-03 - 2023-09-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Frame ID: 75EE44A07535847D2880367A78CB570C
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Particuliers | AuthentificationPage URL History Show full URLs
-
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/
HTTP 302
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/
HTTP 302
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ Redirect Chain
|
2 KB 939 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.0.js
code.jquery.com/ |
276 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.inputmask.bundle.js
rawgit.com/RobinHerbots/jquery.inputmask/3.x/dist/ |
214 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ |
105 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
commun.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mire.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dac.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ |
825 B 767 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/ |
33 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auth2019v3.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ |
77 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
idContact.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ |
2 KB 928 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
messages.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
urls.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ |
583 B 586 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
configuration.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ |
961 B 810 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.php
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/pages/ |
14 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v35/ |
18 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/images/ |
53 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Impots Gouv (Government)78 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| $ function| jQuery function| Inputmask function| load function| visibility function| value function| showError function| sendrez function| luhn function| submit object| jQuery111005414480234250791 function| trim function| hasClassName function| addClassName function| deleteClassName function| NoError function| erreurEtVideChamps function| erreurEtGardeChamps function| obligatoire function| obligatoireNoFg function| estVide function| exactement function| exactementv2 function| verifiePWD function| verifieDate function| verifieDatev2 function| auMoins function| videChamps function| switchEtVideChamps function| switchEtVideChampsSurId function| noSend function| rePermit function| reverseEtGardeChamps function| reverseEtGardeChampsSurId function| afficheChampsenSus function| donneFocus function| afficheForm function| controleFormulaireEtSubmit function| messageACaractereInformatif function| ecouteReponseForm function| controleEntreeLive function| accordeon function| disconnect function| traiteOubli function| traite3S function| traitePAS function| traiteLMDP function| switchVisuMdp function| resendSMS function| decompte function| getPrecedent function| incrementPrecedent function| pagePrecedente function| initIdContact function| initMessages string| PortPub string| PathPub string| PathPriv string| PathCFP string| Payer string| ProPrivFqdn string| ProPrivPath string| fqdnFCFS string| pathFCFS string| authFCFS undefined| stateObj string| afficherVersion number| afficherGestPas number| afficherActualites string| urlBudget number| afficherChangerSpi number| afficherVisuMdp string| urlMPRecup number| debrayerSMS string| authType string| pageServices1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
courses.serenitybirthstudio.com/ | Name: PHPSESSID Value: 3v92a25mscjtmiamvejqijo8h3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
courses.serenitybirthstudio.com
fonts.googleapis.com
fonts.gstatic.com
rawgit.com
2001:4de0:ac18::1:a:2a
2a00:1450:4001:800::200a
2a00:1450:4001:82f::2003
2a06:98c1:3121::3
52.1.125.126
25815c089dfcfae44c2424a8760c564165d3b9bbd3cfaff7689f6a92b74f9fe2
2b38872c31039e7fad63a48579d5a86f85133a1cdfc99a59999a7f778e7d2916
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
48c7e41ca5bfbc80c081f43bf39f3c76faff5160bd22640113c5c5a47afb63b7
5c3251a96cef21959f31e013b826cc2d1aeed28d4c874160258fed75e7abfc48
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
61b2b16f74650053149cce0b8e315be1073a87122af7873fdd7333ada0a989da
6e424611470a9c711d1833d3a71cbb0abc81b7729f8bfc8eb78e5f95b455a0c8
6e7ea9b70aeb29f2a178b01eecb8c45182f2c8aab79ea8c95b94c735ffe29eaa
98f81289f9dd38dd34c13ea92845b3715baf8f4f5c9879fca3ede459546485a6
a78d88f8387bb6e43df45752c8788685035835000de7f1984c9e11368f5c0c82
b3d15497f2d9fbfa63d5d4facdce9dffca737dcd782c2a04ed6a2a82ae1230a3
c6489493e88acf9c062f30a958bb3d457ac6454bbf6c514b32f8da441905e129
c8fd5e3914f7cf8558767af17f38131739366d26b8642fe090fcab0bbb321167
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07
d62fa88039420770a01d1ae673503f76fe3d2c1a2579ef17ea5d0fcdb11c771e
eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c