vwfs.int.mx.ventas.credit.vwfs.io
Open in
urlscan Pro
13.225.80.81
Malicious Activity!
Public Scan
Submission: On May 19 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Amazon on June 18th 2021. Valid for: a year.
This is the only time vwfs.int.mx.ventas.credit.vwfs.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Volkswagen Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 13.225.80.81 13.225.80.81 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 13.224.198.114 13.224.198.114 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a02:26f0:df:... 2a02:26f0:df:3a5::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-81.fra2.r.cloudfront.net
vwfs.int.mx.ventas.credit.vwfs.io |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-114.fra2.r.cloudfront.net
cdn.bronson.vwfs.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
vwfs.io
vwfs.int.mx.ventas.credit.vwfs.io cdn.bronson.vwfs.io — Cisco Umbrella Rank: 764117 |
344 KB |
3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 486 |
140 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
4 | cdn.bronson.vwfs.io |
vwfs.int.mx.ventas.credit.vwfs.io
|
3 | assets.adobedtm.com |
vwfs.int.mx.ventas.credit.vwfs.io
assets.adobedtm.com |
3 | vwfs.int.mx.ventas.credit.vwfs.io |
vwfs.int.mx.ventas.credit.vwfs.io
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
vwfs.int.mx.ventas.credit.vwfs.io Amazon |
2021-06-18 - 2022-07-17 |
a year | crt.sh |
*.bronson.vwfs.tools Amazon |
2022-01-18 - 2023-02-16 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-09-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://vwfs.int.mx.ventas.credit.vwfs.io/
Frame ID: 2D5D5B805F5D6D71894B847BD91756FC
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
vwfs.int.mx.ventas.credit.vwfs.io/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
cdn.bronson.vwfs.io/bluelabel/v/8.4.0/css/ |
552 KB 70 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vwfs-sans-regular.woff2
cdn.bronson.vwfs.io/bluelabel/v/8.4.0/fonts/fonts/ |
104 KB 105 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vwfs-sans-bold.woff2
cdn.bronson.vwfs.io/bluelabel/v/8.4.0/fonts/fonts/ |
97 KB 98 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bronson-bluelabel.woff2
cdn.bronson.vwfs.io/bluelabel/v/8.4.0/fonts/icon-fonts/ |
54 KB 55 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-48204637a658-staging.min.js
assets.adobedtm.com/e623380c0b69/d14b297f44b7/ |
590 KB 126 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.4fa9be74.chunk.js
vwfs.int.mx.ventas.credit.vwfs.io/static/js/ |
5 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.b0922c4f.chunk.js
vwfs.int.mx.ventas.credit.vwfs.io/static/js/ |
5 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Volkswagen Bank (Banking)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| webpackJsonppl-mx-client object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| numberOfDebugMessages_m number| numberOfDebugMessages_a number| numberOfDebugMessages_s object| _ADB object| VWFS object| _Alerts function| _Alert function| _adbCheckDataLayerElement function| isProd function| du_getQueryParam function| _removeProductInvalidChars function| _setProdAmountVar undefined| _product_index function| setProductVariable function| setAnalyticVars function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| dynamicHostResolver2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.vwfs.io/ | Name: s_plt Value: 0.73 |
|
.vwfs.io/ | Name: s_pltp Value: undefined |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' *.bronson.vwfs.io https://server.adform.net https://*.bronson.vwfs.io https://*.mx.ventas.credit.vwfs.io https://mx.ventas.credit.vwfs.io https://*.preautorizacionfs.com https://preautorizacionfs.com; connect-src 'self' *.bronson.vwfs.io https://*.demdex.net https://cm.everesttech.net https://*.tt.omtrdc.net https://*.omtrdc.net *.2o7.net *.adobedc.net https://smetrics.preautorizacionfs.com https://smetrics.vwfs.io https://target.preautorizacionfs.com https://target.vwfs.io https://apikeys.civiccomputing.com https://www.google.com https://*.facebook.com https://*.execute-api.eu-central-1.amazonaws.com https://*.mx.ventas.credit.vwfs.io https://mx.ventas.credit.vwfs.io https://*.preautorizacionfs.com https://preautorizacionfs.com http2.mlstatic.com; font-src 'self' *.bronson.vwfs.io https://*.bronson.vwfs.io data: https://fonts.gstatic.com; img-src 'self' data: *.bronson.vwfs.io https://*.omtrdc.net https://*.demdex.net https://cm.everesttech.net https://*.scene7.com https://smetrics.preautorizacionfs.com https://smetrics.vwfs.io https://*.googlesyndication.com https://*.google.com https://*.google.de https://*.google.com.mx https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://www.facebook.com https://*.linkedin.com snap.licdn.com p.adsymptoptic.com https://*.userzoom.com https://t.co https://*.adform.net https://*.bronson.vwfs.io https://*.mx.ventas.credit.vwfs.io https://mx.ventas.credit.vwfs.io https://vpfs-dev.outsystemsenterprise.com https://vpfs-int.outsystemsenterprise.com https://media.volkswagen.com https://r-media.volkswagen.com https://www.seatmx.com seatmx-ecommerce.com http2.mlstatic.com; object-src 'self' data: https://*.mx.ventas.credit.vwfs.io https://*.preautorizacionfs.com https://preautorizacionfs.com; frame-src 'self' https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://*.googlesyndication.com https://cm.g.doubleclick.net https://www.youtube-nocookie.com https://www.facebook.com https://*.adform.net 'unsafe-inline' data: https://*.mx.ventas.credit.vwfs.io https://mx.ventas.credit.vwfs.io https://*.preautorizacionfs.com https://preautorizacionfs.com; frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com; script-src 'self' 'unsafe-inline' https://assets.adobedtm.com https://*.omtrdc.net https://*.omniture.com https://*.adobe.com https://*.demdex.net https://cm.everesttech.net https://smetrics.preautorizacionfs.com https://smetrics.vwfs.io https://target.preautorizacionfs.com https://target.vwfs.io https://cc.cdn.civiccomputing.com https://*.googlesyndication.com www.google.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://www.googletagmanager.com https://*.fls.doubleclick.net https://www.googleadservices.com cm.g.doubleclick.net https://www.google.de https://www.google.com.mx https://*.youtube.com https://s.ytimg.com https://connect.facebook.net *.linkedin.com snap.licdn.com p.adsymptoptic.com https://*.userzoom.com https://*.twitter.com https://static.ads-twitter.com https://*.adform.net 'unsafe-eval' https://*.mx.ventas.credit.vwfs.io https://mx.ventas.credit.vwfs.io https://*.preautorizacionfs.com https://preautorizacionfs.com; style-src 'self' 'unsafe-inline' *.bronson.vwfs.io https://target.preautorizacionfs.com https://target.vwfs.io https://*.userzoom.com https://*.bronson.vwfs.io; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
cdn.bronson.vwfs.io
vwfs.int.mx.ventas.credit.vwfs.io
13.224.198.114
13.225.80.81
2a02:26f0:df:3a5::1e80
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
b52d6d8c9c820a55349ad87284bc077de2a0b7bfb94b794934192577e4e38217
b7973fe93950639655a8e8ca96a79250aea4dda950b9f0e44b2d82edf8545733
c6bfccf717f4d4ea9f82647f466f8c819701290b5af958e6f9674d8f937b7e5d
c87f8a22b4b823306a26f8db71756c802bdfe5e2ea6a666d5dbf507c9b09b283
ec5402b13b9f22a2eef3dce1c5a81f526e3a618026ad3df9c6c3bb5b98ad167c