customercare.dev.vfpartnerservices.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 52.212.241.25, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is customercare.dev.vfpartnerservices.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 19th 2020. Valid for: 3 months.

This is the only time customercare.dev.vfpartnerservices.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vodafone (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
1 6	52.212.241.25 52.212.241.25		16509 (AMAZON-02) (AMAZON-02)
5	1

6 52.212.241.25 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-241-25.eu-west-1.compute.amazonaws.com

customercare.dev.vfpartnerservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	vfpartnerservices.com 1 redirects customercare.dev.vfpartnerservices.com	1 MB
5	1

	Domain	Requested by
6	customercare.dev.vfpartnerservices.com	1 redirects customercare.dev.vfpartnerservices.com
5	1

This site contains no links.

Subject Issuer	Validity	Valid
customercare.dev.vfpartnerservices.com Let's Encrypt Authority X3	`2020-02-19` - `2020-05-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://customercare.dev.vfpartnerservices.com/admin
Frame ID: 5CA6BB5C3C2247E60EE9284CE9816E80
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://customercare.dev.vfpartnerservices.com/ HTTP 302
https://customercare.dev.vfpartnerservices.com/admin Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1257 kB
Transfer

1256 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://customercare.dev.vfpartnerservices.com/ HTTP 302
https://customercare.dev.vfpartnerservices.com/admin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request admin Show response customercare.dev.vfpartnerservices.com/ Redirect Chain https://customercare.dev.vfpartnerservices.com/ https://customercare.dev.vfpartnerservices.com/admin	3 KB 3 KB	58ms 58ms	Document text/html	52.212.241.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customercare.dev.vfpartnerservices.com/admin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.212.241.25 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-241-25.eu-west-1.compute.amazonaws.com Software istio-envoy / Express Resource Hash `823b74c12e4c31c69ed2c8e58d0fa035c71170d0a1ec2a1f975f025a96248518` Request headers :method GET :authority customercare.dev.vfpartnerservices.com :scheme https :path /admin pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest document accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers status 200 x-powered-by Express content-type text/html; charset=utf-8 content-length 2956 etag W/"b8c-nTnoW/kVlvo/93a/nWudI7PGrwo" date Wed, 19 Feb 2020 17:00:02 GMT x-envoy-upstream-service-time 1 server istio-envoy Redirect headers status 302 x-powered-by Express location /admin vary Accept content-type text/html; charset=utf-8 content-length 56 date Wed, 19 Feb 2020 17:00:02 GMT x-envoy-upstream-service-time 2 server istio-envoy
GET H2	200	entry-admin.js Show response customercare.dev.vfpartnerservices.com/admin/dist/	1 MB 1 MB	46ms 45ms	Script application/javascript	52.212.241.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customercare.dev.vfpartnerservices.com/admin/dist/entry-admin.js Requested by Host: customercare.dev.vfpartnerservices.com URL: https://customercare.dev.vfpartnerservices.com/admin Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.212.241.25 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-241-25.eu-west-1.compute.amazonaws.com Software istio-envoy / Express Resource Hash `01839303dbcdcbcfbf7a77ed28fa81a3420dc03174d22cd30dabf096ac900632` Request headers Referer https://customercare.dev.vfpartnerservices.com/admin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Wed, 19 Feb 2020 17:00:02 GMT etag W/"127b1a-17044526358" last-modified Fri, 14 Feb 2020 15:30:15 GMT server istio-envoy x-powered-by Express content-type application/javascript; charset=UTF-8 status 200 cache-control public, max-age=0 x-envoy-upstream-service-time 2 accept-ranges bytes content-length 1211162
GET H2	200	getAllUsers Show response customercare.dev.vfpartnerservices.com/api/	2 B 97 B	101ms 100ms	XHR application/json	52.212.241.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customercare.dev.vfpartnerservices.com/api/getAllUsers Requested by Host: customercare.dev.vfpartnerservices.com URL: https://customercare.dev.vfpartnerservices.com/admin/dist/entry-admin.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.212.241.25 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-241-25.eu-west-1.compute.amazonaws.com Software istio-envoy / Express Resource Hash `4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945` Request headers Accept application/json, text/plain, / Referer https://customercare.dev.vfpartnerservices.com/admin Sec-Fetch-Dest empty User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 19 Feb 2020 17:00:02 GMT etag W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w" server istio-envoy x-powered-by Express content-type application/json; charset=utf-8 status 200 x-envoy-upstream-service-time 46 content-length 2
GET H2	200	4dbec2f38d8780ddb9ade4a7993a7811.jpg customercare.dev.vfpartnerservices.com/admin/dist/	45 KB 45 KB	84ms 83ms	Image image/jpeg	52.212.241.25 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.dev.vfpartnerservices.com/admin/dist/4dbec2f38d8780ddb9ade4a7993a7811.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.212.241.25 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-241-25.eu-west-1.compute.amazonaws.com Software istio-envoy / Express Resource Hash `f270992ec6c2ca4a4fb816222f5572908c386b75917f120bbf11099a3ff1e7f0` Request headers Referer https://customercare.dev.vfpartnerservices.com/admin User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Wed, 19 Feb 2020 17:00:02 GMT etag W/"b373-17044526358" last-modified Fri, 14 Feb 2020 15:30:15 GMT server istio-envoy x-powered-by Express content-type image/jpeg status 200 cache-control public, max-age=0 x-envoy-upstream-service-time 42 accept-ranges bytes content-length 45939
GET H2	200	VodafoneLt.woff customercare.dev.vfpartnerservices.com/admin/dist/fonts/	25 KB 25 KB	70ms 69ms	Font application/font-woff	52.212.241.25 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://customercare.dev.vfpartnerservices.com/admin/dist/fonts/VodafoneLt.woff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.212.241.25 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-241-25.eu-west-1.compute.amazonaws.com Software istio-envoy / Express Resource Hash `1eae84d47a02419a0d8ac8aeb8dd586a2d40a3f3d4c317b3b93e689c34f2b17a` Request headers Referer https://customercare.dev.vfpartnerservices.com/admin Origin https://customercare.dev.vfpartnerservices.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 19 Feb 2020 17:00:02 GMT etag W/"6444-17044526358" last-modified Fri, 14 Feb 2020 15:30:15 GMT server istio-envoy x-powered-by Express content-type application/font-woff status 200 cache-control public, max-age=0 x-envoy-upstream-service-time 29 accept-ranges bytes content-length 25668

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vodafone (Telecommunication)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

customercare.dev.vfpartnerservices.com
52.212.241.25
01839303dbcdcbcfbf7a77ed28fa81a3420dc03174d22cd30dabf096ac900632
1eae84d47a02419a0d8ac8aeb8dd586a2d40a3f3d4c317b3b93e689c34f2b17a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
823b74c12e4c31c69ed2c8e58d0fa035c71170d0a1ec2a1f975f025a96248518
f270992ec6c2ca4a4fb816222f5572908c386b75917f120bbf11099a3ff1e7f0

customercare.dev.vfpartnerservices.com Open in urlscan Pro 52.212.241.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1257 kBTransfer

1256 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

customercare.dev.vfpartnerservices.com Open in urlscan Pro
52.212.241.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1257 kB
Transfer

1256 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!