urlscan.io logo urlscan.io
SecurityTrails logo

courses.serenitybirthstudio.com Open in urlscan Pro
52.1.125.126  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/
Effective URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Submission: On July 23 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 18 HTTP transactions. The main IP is 52.1.125.126, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is courses.serenitybirthstudio.com.
This is the only time courses.serenitybirthstudio.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

IP Address AS Autonomous System
1 15 52.1.125.126 14618 (AMAZON-AES)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 5
15    52.1.125.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: host.nohassleplatform.com
courses.serenitybirthstudio.com
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
rawgit.com
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
15 serenitybirthstudio.com
courses.serenitybirthstudio.com
86 KB
1 gstatic.com
fonts.gstatic.com
19 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 82
1 KB
1 rawgit.com
rawgit.com — Cisco Umbrella Rank: 10389
39 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 724
82 KB
18 5
Domain Requested by
15 courses.serenitybirthstudio.com 1 redirects courses.serenitybirthstudio.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com courses.serenitybirthstudio.com
1 rawgit.com courses.serenitybirthstudio.com
1 code.jquery.com courses.serenitybirthstudio.com
18 5

This site contains no links.

Subject Issuer Validity Valid
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
rawgit.com
GTS CA 1P5		 2023-07-04 -
2023-10-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-03 -
2023-09-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Frame ID: 75EE44A07535847D2880367A78CB570C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Particuliers | Authentification

Page URL History Show full URLs

  1. http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/ HTTP 302
    http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

22 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

227 kB
Transfer

823 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/ HTTP 302
    http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Redirect Chain
  • http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/
  • http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
2 KB
939 B 		Document
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
c6489493e88acf9c062f30a958bb3d457ac6454bbf6c514b32f8da441905e129

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Length
725
Content-Type
text/html; charset=UTF-8
Date
Sun, 23 Jul 2023 04:19:59 GMT
Server
nginx
Vary
Accept-Encoding,User-Agent

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sun, 23 Jul 2023 04:19:59 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx
Vary
User-Agent
location
app/
jquery-1.11.0.js
code.jquery.com/ 		276 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.11.0.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Sun, 23 Jul 2023 04:19:59 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-45140"
vary
Accept-Encoding
x-hw
1690085999.dop220.fr8.t,1690085999.cds122.fr8.hn,1690085999.cds224.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
83550
jquery.inputmask.bundle.js
rawgit.com/RobinHerbots/jquery.inputmask/3.x/dist/ 		214 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rawgit.com/RobinHerbots/jquery.inputmask/3.x/dist/jquery.inputmask.bundle.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Sun, 23 Jul 2023 04:19:59 GMT
strict-transport-security
max-age=31536000; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
111
content-encoding
br
alt-svc
h3=":443"; ma=86400
rawgit-cache-status
HIT
server
cloudflare
etag
W/"239e0cb721224bc76940cfad39ef0f2ecf1de110e9a777ecc9e2fefa91c0fe7b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1gIlZz%2B6%2BV9l1pcqwa5ZH7jpOWmp%2BEwwjPfIUDwv5rj5uD0I7DSy8YuGYxLLbk0es%2F5Y6w40%2FfzpghODwG9XC3qdvkxMcVBFT%2BLMBVMBpxoM%2F5LdGkEzW%2B364XKYzSfLRzeA4Nn1OWYE"}],"group":"cf-nel","max_age":604800}
sunset
Tue, 01 Oct 2019 00:00:00 GMT
access-control-allow-origin
*
content-type
application/javascript;charset=utf-8
cache-control
max-age=3600, s-maxage=300
x-robots-tag
none
link
<https://rawgit.com/>; rel="sunset"; title="RawGit will soon shut down. Please stop using it."
cf-ray
7eb120d8bc08bb43-FRA
bootstrap.min.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ 		105 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/bootstrap.min.css
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
d62fa88039420770a01d1ae673503f76fe3d2c1a2579ef17ea5d0fcdb11c771e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-1a445"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
commun.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/commun.css
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
6e7ea9b70aeb29f2a178b01eecb8c45182f2c8aab79ea8c95b94c735ffe29eaa

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-11cf"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
mire.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/mire.css
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
25815c089dfcfae44c2424a8760c564165d3b9bbd3cfaff7689f6a92b74f9fe2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-971"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
dac.css
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/ 		825 B
767 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/dac.css
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
c8fd5e3914f7cf8558767af17f38131739366d26b8642fe090fcab0bbb321167

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
X-Accel-Version
0.01
ETag
"339-5f38c9d533400-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
446
main.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/main.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
61b2b16f74650053149cce0b8e315be1073a87122af7873fdd7333ada0a989da

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-1c0a"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
bootstrap.min.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/bootstrap.min.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
48c7e41ca5bfbc80c081f43bf39f3c76faff5160bd22640113c5c5a47afb63b7

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-8213"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
auth2019v3.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ 		77 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/auth2019v3.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
b3d15497f2d9fbfa63d5d4facdce9dffca737dcd782c2a04ed6a2a82ae1230a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-1323a"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
idContact.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ 		2 KB
928 B 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/idContact.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
98f81289f9dd38dd34c13ea92845b3715baf8f4f5c9879fca3ede459546485a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-864"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
messages.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/messages.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
6e424611470a9c711d1833d3a71cbb0abc81b7729f8bfc8eb78e5f95b455a0c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-291e"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
urls.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ 		583 B
586 B 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/urls.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
5c3251a96cef21959f31e013b826cc2d1aeed28d4c874160258fed75e7abfc48

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
X-Accel-Version
0.01
ETag
"247-5f38c9d533400-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
251
configuration.js
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/ 		961 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/js/dyn/configuration.js
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
a78d88f8387bb6e43df45752c8788685035835000de7f1984c9e11368f5c0c82

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
X-Accel-Version
0.01
ETag
"3c1-5f38c9d533400-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
475
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans&amp;subset=latin-ext
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/commun.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 23 Jul 2023 04:19:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 23 Jul 2023 02:54:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 23 Jul 2023 04:19:59 GMT
2.php
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/pages/ 		14 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/pages/2.php
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/main.js
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
2b38872c31039e7fad63a48579d5a86f85133a1cdfc99a59999a7f778e7d2916

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Content-Length
2972
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v35/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&amp;subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://courses.serenitybirthstudio.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date
Sat, 22 Jul 2023 02:30:05 GMT
x-content-type-options
nosniff
age
92994
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18664
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:19:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Jul 2024 02:30:05 GMT
logo.svg
courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/images/ 		53 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/images/logo.svg
Requested by
Host: courses.serenitybirthstudio.com
URL: http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/commun.css
Protocol
HTTP/1.1
Server
52.1.125.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
host.nohassleplatform.com
Software
nginx /
Resource Hash
eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://courses.serenitybirthstudio.com/wp-content/themes/Divi/franc/ScammaWakerImpotV8/app/templates/styles/commun.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date
Sun, 23 Jul 2023 04:19:59 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jan 2023 10:15:44 GMT
Server
nginx
ETag
W/"63d8ea50-d43f"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| $ function| jQuery function| Inputmask function| load function| visibility function| value function| showError function| sendrez function| luhn function| submit object| jQuery111005414480234250791 function| trim function| hasClassName function| addClassName function| deleteClassName function| NoError function| erreurEtVideChamps function| erreurEtGardeChamps function| obligatoire function| obligatoireNoFg function| estVide function| exactement function| exactementv2 function| verifiePWD function| verifieDate function| verifieDatev2 function| auMoins function| videChamps function| switchEtVideChamps function| switchEtVideChampsSurId function| noSend function| rePermit function| reverseEtGardeChamps function| reverseEtGardeChampsSurId function| afficheChampsenSus function| donneFocus function| afficheForm function| controleFormulaireEtSubmit function| messageACaractereInformatif function| ecouteReponseForm function| controleEntreeLive function| accordeon function| disconnect function| traiteOubli function| traite3S function| traitePAS function| traiteLMDP function| switchVisuMdp function| resendSMS function| decompte function| getPrecedent function| incrementPrecedent function| pagePrecedente function| initIdContact function| initMessages string| PortPub string| PathPub string| PathPriv string| PathCFP string| Payer string| ProPrivFqdn string| ProPrivPath string| fqdnFCFS string| pathFCFS string| authFCFS undefined| stateObj string| afficherVersion number| afficherGestPas number| afficherActualites string| urlBudget number| afficherChangerSpi number| afficherVisuMdp string| urlMPRecup number| debrayerSMS string| authType string| pageServices

1 Cookies

Domain/Path Name / Value
courses.serenitybirthstudio.com/ Name: PHPSESSID
Value: 3v92a25mscjtmiamvejqijo8h3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
courses.serenitybirthstudio.com
fonts.googleapis.com
fonts.gstatic.com
rawgit.com
2001:4de0:ac18::1:a:2a
2a00:1450:4001:800::200a
2a00:1450:4001:82f::2003
2a06:98c1:3121::3
52.1.125.126
25815c089dfcfae44c2424a8760c564165d3b9bbd3cfaff7689f6a92b74f9fe2
2b38872c31039e7fad63a48579d5a86f85133a1cdfc99a59999a7f778e7d2916
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
48c7e41ca5bfbc80c081f43bf39f3c76faff5160bd22640113c5c5a47afb63b7
5c3251a96cef21959f31e013b826cc2d1aeed28d4c874160258fed75e7abfc48
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
61b2b16f74650053149cce0b8e315be1073a87122af7873fdd7333ada0a989da
6e424611470a9c711d1833d3a71cbb0abc81b7729f8bfc8eb78e5f95b455a0c8
6e7ea9b70aeb29f2a178b01eecb8c45182f2c8aab79ea8c95b94c735ffe29eaa
98f81289f9dd38dd34c13ea92845b3715baf8f4f5c9879fca3ede459546485a6
a78d88f8387bb6e43df45752c8788685035835000de7f1984c9e11368f5c0c82
b3d15497f2d9fbfa63d5d4facdce9dffca737dcd782c2a04ed6a2a82ae1230a3
c6489493e88acf9c062f30a958bb3d457ac6454bbf6c514b32f8da441905e129
c8fd5e3914f7cf8558767af17f38131739366d26b8642fe090fcab0bbb321167
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07
d62fa88039420770a01d1ae673503f76fe3d2c1a2579ef17ea5d0fcdb11c771e
eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c