www.lebullitioncreative.com Open in urlscan Pro
2001:41d0:1:1b00:213:186:33:4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.lebullitioncreative.com/-/vub/app/user.php
Submission: On November 23 via api (November 23rd 2023, 9:46:52 pm UTC) from US — Scanned from US

Summary HTTP 2 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2001:41d0:1:1b00:213:186:33:4, located in France and belongs to OVH, FR. The main domain is www.lebullitioncreative.com.

This is the only time www.lebullitioncreative.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vub Banka (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2	2001:41d0:1:1... 2001:41d0:1:1b00:213:186:33:4		16276 (OVH) (OVH)
2	2

2 2001:41d0:1:1b00:213:186:33:4 (France)

ASN16276 (OVH, FR)

www.lebullitioncreative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	lebullitioncreative.com www.lebullitioncreative.com	3 MB
2	1

	Domain	Requested by
2	www.lebullitioncreative.com	www.lebullitioncreative.com
2	1

This site contains links to these domains. Also see Links.

Domain
www.vub.sk
play.google.com
itunes.apple.com
nib.vub.sk

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.lebullitioncreative.com/-/vub/app/user.php
Frame ID: 542A723DC3560318BA57B088909B3FC1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

VÚB Banka - Prihlásenie

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

2
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2964 kB
Transfer

5999 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.vub.sk/ludia/elektronicke-bankovnictvo/eid.html

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=sk.vub.mobile
Title: Mobilná aplikácia pre Android

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/sk/app/vub-mobil-banking/id738364348?mt=8
Title: Mobilná aplikácia pre iOS

Search URL Search Domain Scan URL

URL: https://www.vub.sk/sk/kontakt/
Title: Kontaktujte nás

Search URL Search Domain Scan URL

URL: https://www.vub.sk/sk/informacny-servis/pravne-informacie/
Title: Právne informácie

Search URL Search Domain Scan URL

URL: https://www.vub.sk/elektronicke-bankovnictvo/internet-banking/faq/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://nib.vub.sk/pch/predaj-uctu
Title: Zriadenie prístupu

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request user.php Show response www.lebullitioncreative.com/-/vub/app/	4 MB 3 MB	1979ms 1025ms	Document text/html	2001:41d0:1:1b00:213:186:33:4 OVH
General Check archive.org Show headers Download Go to Full URL http://www.lebullitioncreative.com/-/vub/app/user.php Protocol HTTP/1.1 Server 2001:41d0:1:1b00:213:186:33:4 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / PHP/8.2 Resource Hash `c477b1ab7c0742d34ecb1668fb2abc7ce5a9a1dcc444c0b40ab0d79ce12c1c13` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ranges none cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 23 Nov 2023 21:46:30 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache transfer-encoding chunked vary Accept-Encoding x-iplb-instance 51919 x-iplb-request-id 200105501D0500010000000000000013:B462_200141D000011B000213018600330004:0050_655FC835_40C52:10C7 x-powered-by PHP/8.2
GET DATA	200 OK	truncated /	439 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9b6f2260eb186615573feee9a18482a1a8a48bea4d16998fb872a2f90eabe2d7` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2665211418355e44e2242af34ba05ddb2a5afdc31f8d9b51ec30ff4e230dd4ba` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	46 KB 46 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `45f65ae82107427f1dbaf04abff5f997f8c6253409bad7e0db8f4d8be4feac85` Request headers Referer http://www.lebullitioncreative.com/ Origin http://www.lebullitioncreative.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	829 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b27ab759a7fb4609cfefd80d1f94041143574c73e52fbe34a12b936577852252` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	404 Not Found	jq.js www.lebullitioncreative.com/-/vub/app/res/cdn/	0 0	3811ms 3811ms	Script text/html	2001:41d0:1:1b00:213:186:33:4 OVH
General Check archive.org Show headers Download Go to Full URL http://www.lebullitioncreative.com/-/vub/app/res/cdn/jq.js Requested by Host: www.lebullitioncreative.com URL: http://www.lebullitioncreative.com/-/vub/app/user.php Protocol HTTP/1.1 Server 2001:41d0:1:1b00:213:186:33:4 , France, ASN16276 (OVH, FR), Reverse DNS Software Apache / PHP/8.2 Resource Hash Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/-/vub/app/user.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 23 Nov 2023 21:46:38 GMT server Apache x-iplb-request-id 200105501D0500010000000000000013:B462_200141D000011B000213018600330004:0050_655FC83B_41445:10C7 x-powered-by PHP/8.2 x-iplb-instance 51919 transfer-encoding chunked content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://www.lebullitioncreative.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `00ecc4c49c9bc5b3e4b23db2a07fd5c3903eca5eee315e49c37fb7d38faefc0a` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c0dde680b27ab14aade6fb9f25b2f171dc28de9f9b1f03409bcbd379993fb40e` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b781f5e0307b3db8ae5115db02a66dc72baf60f78e7598bfa3c74e30e50f69bd` Request headers accept-language en-US,en;q=0.9 Referer http://www.lebullitioncreative.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	108 KB 108 KB		Font application/x-font-ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a8519d06608641230907f86b49a1b766a8442a60ffcfd40a978b98e751253fb` Request headers Referer http://www.lebullitioncreative.com/ Origin http://www.lebullitioncreative.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type application/x-font-ttf
GET DATA	200 OK	truncated /	36 KB 36 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1a359520a00657c09d7a3ff7bfcd6cb0fbc131b3fa1b71910b6c174f9fc9895e` Request headers Referer http://www.lebullitioncreative.com/ Origin http://www.lebullitioncreative.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	18 KB 18 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c` Request headers Referer http://www.lebullitioncreative.com/ Origin http://www.lebullitioncreative.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vub Banka (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader function| sendUser

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.lebullitioncreative.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6df24a86952d9a5f480159cd6ef0228b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://www.lebullitioncreative.com/-/vub/app/res/cdn/jq.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.lebullitioncreative.com
2001:41d0:1:1b00:213:186:33:4
00ecc4c49c9bc5b3e4b23db2a07fd5c3903eca5eee315e49c37fb7d38faefc0a
1a359520a00657c09d7a3ff7bfcd6cb0fbc131b3fa1b71910b6c174f9fc9895e
2665211418355e44e2242af34ba05ddb2a5afdc31f8d9b51ec30ff4e230dd4ba
45f65ae82107427f1dbaf04abff5f997f8c6253409bad7e0db8f4d8be4feac85
5a8519d06608641230907f86b49a1b766a8442a60ffcfd40a978b98e751253fb
9b6f2260eb186615573feee9a18482a1a8a48bea4d16998fb872a2f90eabe2d7
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
b27ab759a7fb4609cfefd80d1f94041143574c73e52fbe34a12b936577852252
b781f5e0307b3db8ae5115db02a66dc72baf60f78e7598bfa3c74e30e50f69bd
c0dde680b27ab14aade6fb9f25b2f171dc28de9f9b1f03409bcbd379993fb40e
c477b1ab7c0742d34ecb1668fb2abc7ce5a9a1dcc444c0b40ab0d79ce12c1c13
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

www.lebullitioncreative.com Open in urlscan Pro 2001:41d0:1:1b00:213:186:33:4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2964 kBTransfer

5999 kBSize

1 Cookies

7 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.lebullitioncreative.com Open in urlscan Pro
2001:41d0:1:1b00:213:186:33:4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2964 kB
Transfer

5999 kB
Size

1
Cookies

2 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!