bookbright.nl Open in urlscan Pro
217.23.8.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/
Submission: On December 24 via api (December 24th 2023, 11:33:49 pm UTC) from US — Scanned from US

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 217.23.8.79, located in Naaldwijk, Netherlands and belongs to WORLDSTREAM, NL. The main domain is bookbright.nl.
TLS certificate: Issued by R3 on November 24th 2023. Valid for: 3 months.

This is the only time bookbright.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vub Banka (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2	217.23.8.79 217.23.8.79		49981 (WORLDSTREAM) (WORLDSTREAM)
2	2

2 217.23.8.79 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 217-23-8-79.hosted-by-worldstream.net

bookbright.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	bookbright.nl bookbright.nl	1 MB
2	1

	Domain	Requested by
2	bookbright.nl	bookbright.nl
2	1

This site contains no links.

Subject Issuer	Validity	Valid
bookbright.nl R3	`2023-11-24` - `2024-02-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/
Frame ID: 77D69C606829E5AB6CCC8827748DB6E4
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VÚB log-in

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1475 kB
Transfer

2667 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
12 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/	998 KB 644 KB	520ms 206ms	Document text/html	217.23.8.79 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 217.23.8.79 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS 217-23-8-79.hosted-by-worldstream.net Software nginx / PHP/7.3.33 PleskLin Resource Hash `ad59856ad5fbdf845507a3d90283f2336b9e189d605cb07ef7c681f7cb26022d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-US,en;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Sun, 24 Dec 2023 23:33:38 GMT server nginx x-powered-by PHP/7.3.33 PleskLin
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2665211418355e44e2242af34ba05ddb2a5afdc31f8d9b51ec30ff4e230dd4ba` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	24 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f148e59dffe870d275ed7424d2aea10467420d9ccdf0765acaecffe022ddc4eb` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a0df655a3bd1e698354e98709c2d10bce146ebfadbef75e95a8fc7c96ea79f40` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET H2	200	jq.js Show response bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/js/	998 KB 644 KB	193ms 191ms	Script text/html	217.23.8.79 WORLDSTREAM
General Check archive.org Show headers Download Go to Full URL https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/js/jq.js Requested by Host: bookbright.nl URL: https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 217.23.8.79 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL), Reverse DNS 217-23-8-79.hosted-by-worldstream.net Software nginx / PHP/7.3.33, PleskLin Resource Hash `ad59856ad5fbdf845507a3d90283f2336b9e189d605cb07ef7c681f7cb26022d` Request headers accept-language en-US,en;q=0.9 Referer https://bookbright.nl/wp-includes/js/tinymce/vubsk/aller/login/web/login.php/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Sun, 24 Dec 2023 23:33:39 GMT content-encoding br server nginx x-powered-by PHP/7.3.33, PleskLin content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	439 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9b6f2260eb186615573feee9a18482a1a8a48bea4d16998fb872a2f90eabe2d7` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	659 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a6e8db1b49f0d9e040e95568691920b99040039d2cfa64d949f7e5bf82bb55fc` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cc799d3f27c5ccb431502b70c5ced338d84402f3af7f3b6daf9d7277117311c9` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `00ecc4c49c9bc5b3e4b23db2a07fd5c3903eca5eee315e49c37fb7d38faefc0a` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c0dde680b27ab14aade6fb9f25b2f171dc28de9f9b1f03409bcbd379993fb40e` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b781f5e0307b3db8ae5115db02a66dc72baf60f78e7598bfa3c74e30e50f69bd` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	46 KB 46 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `45f65ae82107427f1dbaf04abff5f997f8c6253409bad7e0db8f4d8be4feac85` Request headers Referer Origin https://bookbright.nl accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	36 KB 36 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1a359520a00657c09d7a3ff7bfcd6cb0fbc131b3fa1b71910b6c174f9fc9895e` Request headers Referer Origin https://bookbright.nl accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	106 KB 106 KB		Font application/x-font-ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fa84d52fd776ce9195f2da1d828116c829b50585296fb4b83b5a23b76230d0d5` Request headers Referer Origin https://bookbright.nl accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type application/x-font-ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vub Banka (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bookbright.nl
217.23.8.79
00ecc4c49c9bc5b3e4b23db2a07fd5c3903eca5eee315e49c37fb7d38faefc0a
1a359520a00657c09d7a3ff7bfcd6cb0fbc131b3fa1b71910b6c174f9fc9895e
2665211418355e44e2242af34ba05ddb2a5afdc31f8d9b51ec30ff4e230dd4ba
45f65ae82107427f1dbaf04abff5f997f8c6253409bad7e0db8f4d8be4feac85
9b6f2260eb186615573feee9a18482a1a8a48bea4d16998fb872a2f90eabe2d7
a0df655a3bd1e698354e98709c2d10bce146ebfadbef75e95a8fc7c96ea79f40
a6e8db1b49f0d9e040e95568691920b99040039d2cfa64d949f7e5bf82bb55fc
ad59856ad5fbdf845507a3d90283f2336b9e189d605cb07ef7c681f7cb26022d
b781f5e0307b3db8ae5115db02a66dc72baf60f78e7598bfa3c74e30e50f69bd
c0dde680b27ab14aade6fb9f25b2f171dc28de9f9b1f03409bcbd379993fb40e
cc799d3f27c5ccb431502b70c5ced338d84402f3af7f3b6daf9d7277117311c9
f148e59dffe870d275ed7424d2aea10467420d9ccdf0765acaecffe022ddc4eb
fa84d52fd776ce9195f2da1d828116c829b50585296fb4b83b5a23b76230d0d5

bookbright.nl Open in urlscan Pro 217.23.8.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1475 kBTransfer

2667 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

bookbright.nl Open in urlscan Pro
217.23.8.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1475 kB
Transfer

2667 kB
Size

0
Cookies

2 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!