vultant.com Open in urlscan Pro
162.241.224.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vultant.com/cn/
Submission: On August 31 via api (August 31st 2023, 3:33:19 am UTC) from JP — Scanned from JP

Summary HTTP 11 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 162.241.224.110, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is vultant.com.
TLS certificate: Issued by R3 on July 13th 2023. Valid for: 3 months.

This is the only time vultant.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
10	162.241.224.110 162.241.224.110	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
11	2

10 162.241.224.110 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5179.bluehost.com

vultant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	vultant.com vultant.com	185 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 733	32 KB
11	2

	Domain	Requested by
10	vultant.com	vultant.com code.jquery.com
1	code.jquery.com	vultant.com
11	2

This site contains links to these domains. Also see Links.

Domain
play.google.com
itunes.apple.com
www.credit-agricole.it

Subject Issuer	Validity	Valid
cpcontacts.vultant.com R3	`2023-07-13` - `2023-10-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://vultant.com/cn/
Frame ID: 301E7A57333320CB34031E11DB360F73
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Portale

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

217 kB
Transfer

531 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=it.gruppocariparma.nowbanking

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/it/app/nowbanking/id891029339?mt=8

Search URL Search Domain Scan URL

URL: http://www.credit-agricole.it/pages/dati-societari
Title: Dati societari

Search URL Search Domain Scan URL

URL: http://www.credit-agricole.it/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: http://www.credit-agricole.it/pages/note-legali--2
Title: Note legali

Search URL Search Domain Scan URL

URL: http://www.credit-agricole.it/trasparenza
Title: Trasparenza

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response vultant.com/cn/	333 KB 77 KB	847ms 228ms	Document text/html	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software nginx/1.21.6 / Resource Hash `8a182b78963d816653030e88be637539147120a3faae632f9a9f0cf1f5982b68` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-type text/html date Thu, 31 Aug 2023 03:32:58 GMT host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== last-modified Wed, 30 Aug 2023 14:15:11 GMT server nginx/1.21.6 vary Accept-Encoding x-server-cache false
GET H2	200	logo_CA_PAYOFF_RGB.svg vultant.com/cn/files/	9 KB 9 KB	135ms 134ms	Image image/svg+xml	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/logo_CA_PAYOFF_RGB.svg Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `ab5c58da28e6048abea84cd6095066744cca8ec2b5df122e4aa7c9eac2faac20` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 8877 content-type image/svg+xml
GET H2	200	BTN_GOOGLE-PLAY.png vultant.com/cn/files/	9 KB 9 KB	133ms 132ms	Image image/png	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/BTN_GOOGLE-PLAY.png Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `34964d425b18a572f87e11f8c82e5c23219503ce4978c09b772587425d3129d3` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 9627 content-type image/png
GET H2	200	BTN_APPLE-STOR.png vultant.com/cn/files/	8 KB 8 KB	133ms 133ms	Image image/png	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/BTN_APPLE-STOR.png Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `91eb32ec059946479846ad1e957361eaa027cdf3c8edd04950e5c9a8b4aee52f` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 8155 content-type image/png
GET H2	200	logo-ca_1.png vultant.com/cn/files/	22 KB 22 KB	133ms 133ms	Image image/png	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/logo-ca_1.png Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `b3f603c84a3f9dc4fae44f15f4c723bebe409573bee2f3edc451b67b04d31595` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 22861 content-type image/png
GET H2	200	logo_credit_agricole_mobile.png vultant.com/cn/files/	1 KB 2 KB	134ms 134ms	Image image/png	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/logo_credit_agricole_mobile.png Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `f9b29e23cebc4b389fb27ede965c6662fc95248027da36f019c8dcd8af0c316c` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 1526 content-type image/png
GET H2	200	Montserrat-Bold.woff2 vultant.com/cn/files//	16 KB 16 KB	133ms 133ms	Font font/woff2	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://vultant.com/cn/files//Montserrat-Bold.woff2 Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `773ca7f3ac524e135c9c3f60b3d816900d62fd2b8a54b02bfdc9921acc4bcbfc` Request headers Referer https://vultant.com/cn/ Origin https://vultant.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 16504 content-type font/woff2
GET H2	200	loader.gif vultant.com/cn/files/	25 KB 26 KB	134ms 134ms	Image image/gif	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://vultant.com/cn/files/loader.gif Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `6136eca91040992f1422b4fd16a4d18e3a2e649125c76d8e81746edb5ea819fc` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/cn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 26089 content-type image/gif
GET H2	200	jquery-1.9.1.min.js Show response code.jquery.com/	90 KB 32 KB	363ms 140ms	Script application/javascript	2001:4de0:ac18::1:a:2a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-1.9.1.min.js Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash `c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://vultant.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT content-encoding gzip last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx etag W/"28feccc0-169d5" surrogate-control max-age=315360000;hw-h2proxy vary Accept-Encoding x-hw 1693452794.cdn4-pxy093-sjc02.sj3.evs,1693452794.cds225.sj3.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000,public accept-ranges bytes content-length 32772
GET H2	200	Montserrat-Regular.woff2 vultant.com/cn/files//	16 KB 16 KB	239ms 239ms	Font font/woff2	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://vultant.com/cn/files//Montserrat-Regular.woff2 Requested by Host: vultant.com URL: https://vultant.com/cn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software Apache / Resource Hash `3db499acd608730bb66d02f0ba81182b48f69477ffe98a21b7ae0d5467a7f52d` Request headers Referer https://vultant.com/cn/ Origin https://vultant.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:14 GMT last-modified Wed, 30 Aug 2023 14:15:11 GMT server Apache accept-ranges bytes host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 16512 content-type font/woff2
GET H2	200	access.php Show response vultant.com/cn/panel/	88 B 168 B	1201ms 1200ms	XHR text/html	162.241.224.110 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://vultant.com/cn/panel/access.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-1.9.1.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.224.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS box5179.bluehost.com Software nginx/1.21.6 / Resource Hash `fea1078f1c89033344ccd1179dfb9e24cd64acddbccbc9157997348f194e9367` Request headers Accept / Referer https://vultant.com/cn/ X-Requested-With XMLHttpRequest accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 03:33:00 GMT content-encoding gzip server nginx/1.21.6 x-server-cache false vary Accept-Encoding content-type text/html; charset=UTF-8 host-header c2hhcmVkLmJsdWVob3N0LmNvbQ== content-length 95

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| jQuery19109617707642339908

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
vultant.com
162.241.224.110
2001:4de0:ac18::1:a:2a
34964d425b18a572f87e11f8c82e5c23219503ce4978c09b772587425d3129d3
3db499acd608730bb66d02f0ba81182b48f69477ffe98a21b7ae0d5467a7f52d
6136eca91040992f1422b4fd16a4d18e3a2e649125c76d8e81746edb5ea819fc
773ca7f3ac524e135c9c3f60b3d816900d62fd2b8a54b02bfdc9921acc4bcbfc
8a182b78963d816653030e88be637539147120a3faae632f9a9f0cf1f5982b68
91eb32ec059946479846ad1e957361eaa027cdf3c8edd04950e5c9a8b4aee52f
ab5c58da28e6048abea84cd6095066744cca8ec2b5df122e4aa7c9eac2faac20
b3f603c84a3f9dc4fae44f15f4c723bebe409573bee2f3edc451b67b04d31595
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
f9b29e23cebc4b389fb27ede965c6662fc95248027da36f019c8dcd8af0c316c
fea1078f1c89033344ccd1179dfb9e24cd64acddbccbc9157997348f194e9367

vultant.com Open in urlscan Pro 162.241.224.110 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

217 kBTransfer

531 kBSize

0 Cookies

6 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

vultant.com Open in urlscan Pro
162.241.224.110 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

217 kB
Transfer

531 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!