URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Submission Tags: phishing
Submission: On December 30 via api from AU

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 34 HTTP transactions. The main IP is 185.68.16.87, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is open-book.site.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 23rd 2020. Valid for: 3 months.
This is the only time open-book.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
29 185.68.16.87 200000 (UKRAINE-AS)
1 2a00:1450:400... 15169 (GOOGLE)
3 81.177.139.181 8342 (RTCOMM-AS)
34 4
Domain Requested by
29 open-book.site open-book.site
3 finance-life.site open-book.site
1 ajax.googleapis.com open-book.site
34 3

This site contains links to these domains. Also see Links.

Domain
financialindep.club
Subject Issuer Validity Valid
www.open-book.site
Let's Encrypt Authority X3
2020-11-23 -
2021-02-21
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-11-10 -
2021-02-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Frame ID: 1820B3D911FC92FDF2A266F70CAFCAD8
Requests: 35 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

34
Requests

88 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

5925 kB
Transfer

6656 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index-gb.html
open-book.site/wp-content/themes/nlcanva/
101 KB
12 KB
Document
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
1bf12b7be6e6b75d0e9c4dd516a16b6ae404f0d3eb67333208a9a4cc03381255

Request headers

:method
GET
:authority
open-book.site
:scheme
https
:path
/wp-content/themes/nlcanva/index-gb.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
phishfarmer
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
phishfarmer

Response headers

server
nginx
date
Wed, 30 Dec 2020 10:43:43 GMT
content-type
text/html
last-modified
Tue, 22 Dec 2020 00:50:35 GMT
etag
W/"5fe142db-19597"
x-ray
p953:0.012/wn483:0.000/
content-encoding
gzip
style.css
open-book.site/wp-content/themes/nlcanva/
700 KB
110 KB
Stylesheet
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/style.css
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
397e8524297740131ce2c62f4ac99e4cda5fa6269ed1ffc5211baede5a261bb0

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.000/wn483:0.000/
content-encoding
gzip
etag
W/"5fbf9a45-af07b"
last-modified
Thu, 26 Nov 2020 12:06:29 GMT
server
nginx
date
Wed, 30 Dec 2020 10:43:43 GMT
content-type
text/css
1.png
open-book.site/wp-content/themes/nlcanva/
2 MB
2 MB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/1.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
db388a97a13da4e17d72ef3e5db6746df9e940b3b3c47dbe6b63fde2b34ae378

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:02 GMT
server
nginx
etag
"5fb53206-232af1"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
2304753
2.png
open-book.site/wp-content/themes/nlcanva/
1 MB
1 MB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/2.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
f0d1f7af03ef0b5fc4c68671af6fe1abab3ad4acee90e43c514c3a659c6b5117

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:02 GMT
server
nginx
etag
"5fb53206-15dff5"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
1433589
3.png
open-book.site/wp-content/themes/nlcanva/
1 MB
1 MB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/3.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
30ef0497a1057e313be0045e50fc239508e0c1e6d83156e26098a55364a41b0b

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:02 GMT
server
nginx
etag
"5fb53206-15fac7"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
1440455
cxVgskS.jpg
open-book.site/wp-content/themes/nlcanva/
76 KB
77 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/cxVgskS.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
31d4f4ebdb28e07b788539bc7c0a28f5a1d9a6e7571fc28a908c08e7616b9a65

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-1312e"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
78126
YMzZvCu.png
open-book.site/wp-content/themes/nlcanva/
299 KB
300 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/YMzZvCu.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
06c16ac0e2e7c71e7ec40705668fbc4ec892e657456b18e0128dccb2e3b889dc

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:00 GMT
server
nginx
etag
"5fb53204-4ac46"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
306246
MHFYsaJ.png
open-book.site/wp-content/themes/nlcanva/
49 KB
49 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/MHFYsaJ.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
35672920006ccdc7672cb5c8b679e7b7283abb25b086e11bace21fcc9b71306f

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.015/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-c496"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
50326
sAQWBUF.jpg
open-book.site/wp-content/themes/nlcanva/
76 KB
77 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/sAQWBUF.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
31d4f4ebdb28e07b788539bc7c0a28f5a1d9a6e7571fc28a908c08e7616b9a65

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-1312e"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
78126
odA9sNLrE86.jpg
open-book.site/wp-content/themes/nlcanva/
1 KB
1 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/odA9sNLrE86.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:03 GMT
server
nginx
etag
"5fb53207-46b"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
1131
TOTN9lU.jpg
open-book.site/wp-content/themes/nlcanva/
7 KB
7 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/TOTN9lU.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
01eeef3a27376f46611d4d731a7a6caa8648e21f70103f600eb5494fee375415

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:00 GMT
server
nginx
etag
"5fb53204-1ade"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
6878
3qkA5qa.jpg
open-book.site/wp-content/themes/nlcanva/
5 KB
5 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/3qkA5qa.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
1736c0cf5c960112b40e9ebdcb46a225821366819ebc72649b16dc245849907b

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.014/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:02 GMT
server
nginx
etag
"5fb53206-154d"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
5453
null
finance-life.site/
0
0

LTsnIsj.jpg
open-book.site/wp-content/themes/nlcanva/
5 KB
6 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/LTsnIsj.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
b0c872e9b10f4d45f3376cf228f0e1bf7940d85149f5530a70eb7dfc82f7e7f1

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.003/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-15c1"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
5569
386pjK0.jpg
open-book.site/wp-content/themes/nlcanva/
4 KB
4 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/386pjK0.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
146100a7f01082925cb5e3b4f951f418994623b38faac0ba32c27eef7b56721c

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.004/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-10f3"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
4339
iZlxB8x.jpg
open-book.site/wp-content/themes/nlcanva/
4 KB
4 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/iZlxB8x.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
8582aec63522f65279d6ba2245326b3a2bf53c0c5b5c6d2683f33ca881222057

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.004/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-10db"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
4315
FNTZakW.jpg
open-book.site/wp-content/themes/nlcanva/
6 KB
6 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/FNTZakW.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
3d851d04b1b17cbf3adeab32484cdfcaba302107ee85dca80bc6f06acff1bc23

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.004/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-18bd"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
6333
KIxen3W.jpg
open-book.site/wp-content/themes/nlcanva/
7 KB
8 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/KIxen3W.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
b59a476464b5daafe8f846a4d1a68fd51c37912f9d81749d6655de6d970848f7

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.003/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-1d81"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
7553
3h3CujJ.jpg
open-book.site/wp-content/themes/nlcanva/
3 KB
4 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/3h3CujJ.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
f662c7d0b3a5680289ee6aef89a10cd831042d4d92fd2e9c4cc3b88d97f8a247

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.004/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:03 GMT
server
nginx
etag
"5fb53207-d92"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
3474
mavVClB.jpg
open-book.site/wp-content/themes/nlcanva/
5 KB
5 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/mavVClB.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
967e20b0180a2b9f8e4e656c6502020f59b6cec3c8f9e288bb231934d87612a2

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.003/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-1245"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
4677
NobEpZ7.jpg
open-book.site/wp-content/themes/nlcanva/
6 KB
6 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/NobEpZ7.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
465580eac4c4061807bc69cd1578ab8b133467e885bbad3f97b7d6ed4000867c

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.003/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-1815"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
6165
TFmaGWE.jpg
open-book.site/wp-content/themes/nlcanva/
5 KB
5 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/TFmaGWE.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
8f93b7a3bcbbc1eeec77c92f37bb36cb28ba7a49323b79c5cbad05ff92975210

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:59 GMT
server
nginx
etag
"5fb53203-128f"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
4751
4njS8FF.jpg
open-book.site/wp-content/themes/nlcanva/
990 B
1 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/4njS8FF.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
fac8d6abe8ab5a596d34522b71bcb7e1d5b0d61ec117a871712a1aa6623d911d

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:03 GMT
server
nginx
etag
"5fb53207-3de"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
990
CNHq9vq.jpg
open-book.site/wp-content/themes/nlcanva/
6 KB
6 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/CNHq9vq.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
3fc0fc22790564ea6477b0f36d1a4d875629f920a6fc935580884a37e8d38744

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-18ff"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
6399
HlKr0rG.jpg
open-book.site/wp-content/themes/nlcanva/
8 KB
8 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/HlKr0rG.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
c3146f7f2b91c2a271c91b98c5c073da67839a6eef5d1ded313a80b573382371

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-1fb5"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
8117
wqXSF80.jpg
open-book.site/wp-content/themes/nlcanva/
7 KB
7 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/wqXSF80.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
690da1880f9128da8c10c1217f4c625627020845c06decd50e5f9d87debc7eee

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:00 GMT
server
nginx
etag
"5fb53204-1d50"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
7504
f6v6ZBI.jpg
open-book.site/wp-content/themes/nlcanva/
7 KB
7 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/f6v6ZBI.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
5e93ef824aebbc9c9a4a0513279b37706ac1424a239d3b8dd6fa4d75e292e0a8

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-1ad6"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
6870
cTEmQmD.jpg
open-book.site/wp-content/themes/nlcanva/
1 KB
1 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/cTEmQmD.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
30c40ab58231eb45ae9a7e047a31e690fbf2d18f009decdde37eda8d2cd53ebb

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:03 GMT
server
nginx
etag
"5fb53207-43a"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
1082
9q2lpqZ.jpg
open-book.site/wp-content/themes/nlcanva/
4 KB
4 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/9q2lpqZ.jpg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
0c4a2d4ec87fb37e9d836fedcbb6c691592c2aba7ae5c3fea60b0a7d7c1dbe09

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:39:03 GMT
server
nginx
etag
"5fb53207-ebe"
content-type
image/jpeg
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
3774
cc4lpi7.png
open-book.site/wp-content/themes/nlcanva/
107 KB
107 KB
Image
General
Full URL
https://open-book.site/wp-content/themes/nlcanva/cc4lpi7.png
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.68.16.87 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
web377.default-host.net
Software
nginx /
Resource Hash
c8cb809e4e7977b3ba3a6e4471b34012654945f07fff58a1f27cb8eb9e516713

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

x-ray
p953:0.001/wn483:0.000/
last-modified
Wed, 18 Nov 2020 14:38:58 GMT
server
nginx
etag
"5fb53202-1ac99"
content-type
image/png
date
Wed, 30 Dec 2020 10:43:43 GMT
accept-ranges
bytes
content-length
109721
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/
91 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/index-gb.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://open-book.site/wp-content/themes/nlcanva/index-gb.html
User-Agent
phishfarmer

Response headers

date
Thu, 24 Dec 2020 04:26:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
541032
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33593
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 24 Dec 2021 04:26:31 GMT
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2a24c2fa67a1b131e597c59792028b201ae850f8760364172471a001ad9504c4

Request headers

Referer
User-Agent
phishfarmer

Response headers

Content-Type
image/png
icon-mirror.svg
finance-life.site/
0
0
Image
General
Full URL
http://finance-life.site/icon-mirror.svg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/style.css
Protocol
HTTP/1.1
Server
81.177.139.181 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
srv215-h-st.jino.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
phishfarmer

Response headers

ipso.svg
finance-life.site/
0
0
Image
General
Full URL
http://finance-life.site/ipso.svg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/style.css
Protocol
HTTP/1.1
Server
81.177.139.181 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
srv215-h-st.jino.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
phishfarmer

Response headers

trust-project.svg
finance-life.site/
0
0
Image
General
Full URL
http://finance-life.site/trust-project.svg
Requested by
Host: open-book.site
URL: https://open-book.site/wp-content/themes/nlcanva/style.css
Protocol
HTTP/1.1
Server
81.177.139.181 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
srv215-h-st.jino.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
phishfarmer

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
finance-life.site
URL
http://finance-life.site/null

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
finance-life.site
open-book.site
finance-life.site
185.68.16.87
2a00:1450:4001:821::200a
81.177.139.181
01eeef3a27376f46611d4d731a7a6caa8648e21f70103f600eb5494fee375415
06c16ac0e2e7c71e7ec40705668fbc4ec892e657456b18e0128dccb2e3b889dc
0c4a2d4ec87fb37e9d836fedcbb6c691592c2aba7ae5c3fea60b0a7d7c1dbe09
146100a7f01082925cb5e3b4f951f418994623b38faac0ba32c27eef7b56721c
1736c0cf5c960112b40e9ebdcb46a225821366819ebc72649b16dc245849907b
1bf12b7be6e6b75d0e9c4dd516a16b6ae404f0d3eb67333208a9a4cc03381255
2a24c2fa67a1b131e597c59792028b201ae850f8760364172471a001ad9504c4
30c40ab58231eb45ae9a7e047a31e690fbf2d18f009decdde37eda8d2cd53ebb
30ef0497a1057e313be0045e50fc239508e0c1e6d83156e26098a55364a41b0b
31d4f4ebdb28e07b788539bc7c0a28f5a1d9a6e7571fc28a908c08e7616b9a65
35672920006ccdc7672cb5c8b679e7b7283abb25b086e11bace21fcc9b71306f
397e8524297740131ce2c62f4ac99e4cda5fa6269ed1ffc5211baede5a261bb0
3d851d04b1b17cbf3adeab32484cdfcaba302107ee85dca80bc6f06acff1bc23
3fc0fc22790564ea6477b0f36d1a4d875629f920a6fc935580884a37e8d38744
465580eac4c4061807bc69cd1578ab8b133467e885bbad3f97b7d6ed4000867c
5e93ef824aebbc9c9a4a0513279b37706ac1424a239d3b8dd6fa4d75e292e0a8
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
690da1880f9128da8c10c1217f4c625627020845c06decd50e5f9d87debc7eee
8582aec63522f65279d6ba2245326b3a2bf53c0c5b5c6d2683f33ca881222057
8f93b7a3bcbbc1eeec77c92f37bb36cb28ba7a49323b79c5cbad05ff92975210
967e20b0180a2b9f8e4e656c6502020f59b6cec3c8f9e288bb231934d87612a2
b0c872e9b10f4d45f3376cf228f0e1bf7940d85149f5530a70eb7dfc82f7e7f1
b59a476464b5daafe8f846a4d1a68fd51c37912f9d81749d6655de6d970848f7
c3146f7f2b91c2a271c91b98c5c073da67839a6eef5d1ded313a80b573382371
c8cb809e4e7977b3ba3a6e4471b34012654945f07fff58a1f27cb8eb9e516713
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b
db388a97a13da4e17d72ef3e5db6746df9e940b3b3c47dbe6b63fde2b34ae378
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0d1f7af03ef0b5fc4c68671af6fe1abab3ad4acee90e43c514c3a659c6b5117
f662c7d0b3a5680289ee6aef89a10cd831042d4d92fd2e9c4cc3b88d97f8a247
fac8d6abe8ab5a596d34522b71bcb7e1d5b0d61ec117a871712a1aa6623d911d