c2251424.ferozo.com Open in urlscan Pro
2800:6c0:2::192 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://c2251424.ferozo.com/
Submission: On November 01 via api (November 1st 2022, 1:04:59 pm UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 2800:6c0:2::192, located in Rosario, Argentina and belongs to Dattatec.com, AR. The main domain is c2251424.ferozo.com.

This is the only time c2251424.ferozo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bancolombia (Banking)

Domain & IP information

	IP Address	AS Autonomous System
13	2800:6c0:2::192 2800:6c0:2::192	27823 (Dattatec.com) (Dattatec.com)
3	162.159.255.116 162.159.255.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

13 2800:6c0:2::192 (Rosario, Argentina)

ASN27823 (Dattatec.com, AR)

c2251424.ferozo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.159.255.116 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

sucursalpersonas.transaccionesbancolombia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ferozo.com c2251424.ferozo.com	97 KB
3	transaccionesbancolombia.com sucursalpersonas.transaccionesbancolombia.com — Cisco Umbrella Rank: 273656	10 KB
16	2

	Domain	Requested by
13	c2251424.ferozo.com	c2251424.ferozo.com
3	sucursalpersonas.transaccionesbancolombia.com	c2251424.ferozo.com
16	2

This site contains no links.

Subject Issuer	Validity	Valid
sucursalpersonas.transaccionesbancolombia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2022-06-17` - `2023-07-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://c2251424.ferozo.com/
Frame ID: 1CC3555783B9C9D04988434183CD5641
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bancolombia

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

16
Requests

19 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

107 kB
Transfer

334 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
c2251424.ferozo.com/ 8 KB
3 KB 577ms
292ms Document
text/html 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache / PHP/7.4.25
Resource Hash: 0c726366b46f1581fa33d26d0a6a0982cc1a2772f0caa99ad2592ba21a605088

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 2295
Content-Type: text/html; charset=UTF-8
Date: Tue, 01 Nov 2022 13:04:53 GMT
Keep-Alive: timeout=10, max=200
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.25

GET
H/1.1 200
OK styles.css
c2251424.ferozo.com/hfh/ 105 KB
16 KB 289ms
288ms Stylesheet
text/css 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/hfh/styles.css
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 99863f90b943f88e314cf12dc84b8ed8fd43ee98eb794b7ed0103fde30f3db2f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Nov 2022 10:58:50 GMT
Server: Apache
ETag: "1a56c-5ec669bed8ca4-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Content-Length: 15722

GET
H/1.1 200
OK bootstrap.css
c2251424.ferozo.com/hfh/ 118 KB
18 KB 286ms
285ms Stylesheet
text/css 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/hfh/bootstrap.css
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 7d9f6a9826f640a47336522bf22a8f2a745691b0f7b9e28e1c3881ca89cd56f2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Nov 2022 10:58:46 GMT
Server: Apache
ETag: "1d9c5-5ec669bb27fc5-gzip"
Vary: Accept-Encoding
Upgrade: h2,h2c
Content-Type: text/css
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=200
Content-Length: 18365

GET
H/1.1 200
OK jquery-ui.css
c2251424.ferozo.com/hfh/ 31 KB
6 KB 562ms
282ms Stylesheet
text/css 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/hfh/jquery-ui.css
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: c9eeb55f7cf16683b871600ce998b61b1031629097be96069d5741f33adaf6d1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Nov 2022 10:58:49 GMT
Server: Apache
ETag: "7c88-5ec669be6e1a5-gzip"
Vary: Accept-Encoding
Upgrade: h2,h2c
Content-Type: text/css
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=200
Content-Length: 6121

GET
H/1.1 200
OK ui.css
c2251424.ferozo.com/hfh/ 13 KB
3 KB 571ms
286ms Stylesheet
text/css 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/hfh/ui.css
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: cbd252e0156b81eb0bb1e0e15c1ae0d28e2b0beb77a35439f9fcd5d7421cb149

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Nov 2022 10:58:52 GMT
Server: Apache
ETag: "349f-5ec669c0d5918-gzip"
Vary: Accept-Encoding
Upgrade: h2,h2c
Content-Type: text/css
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=200
Content-Length: 2988

GET
H/1.1 200
OK icc.png
c2251424.ferozo.com/hfh/ 648 B
918 B 296ms
295ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/icc.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 075210990201bade953adad58db5a225416330c416f5d01ae1fb7b5bf11a7aa0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:45 GMT
Server: Apache
ETag: "288-5ec669ba27e34"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=198
Content-Length: 648

GET
H/1.1 200
OK 1es.png
c2251424.ferozo.com/hfh/ 300 B
570 B 293ms
292ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/1es.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 243ea248dfa07721f3b34d8979be8b940b186e9c108cd688745e8be69dbbd635

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:43 GMT
Server: Apache
ETag: "12c-5ec669b80062b"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Content-Length: 300

GET
H/1.1 200
OK 2es.png
c2251424.ferozo.com/hfh/ 685 B
955 B 287ms
286ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/2es.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 83805f26ff9c00ca11f307178ae0fdff6f327a0e1337f8d995818b8b2f3286f2

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:43 GMT
Server: Apache
ETag: "2ad-5ec669b83656e"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Content-Length: 685

GET
H/1.1 200
OK 3es.png
c2251424.ferozo.com/hfh/ 464 B
734 B 284ms
282ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/3es.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: b79752a18c1fb8cfe44b26b1c212ceec9f992161885106df2e86a2834ecb76ce

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:44 GMT
Server: Apache
ETag: "1d0-5ec669b8c7d82"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=199
Content-Length: 464

GET
H/1.1 200
OK 4es.png
c2251424.ferozo.com/hfh/ 637 B
933 B 566ms
283ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/4es.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 30a0681084ce96ae07f445d550ccdcb84923744ebc3026be2ac5059f7ce4a67e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:44 GMT
Server: Apache
ETag: "27d-5ec669b8f6796"
Upgrade: h2,h2c
Content-Type: image/png
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=200
Content-Length: 637

GET
H/1.1 200
OK imgPublicidad.png
c2251424.ferozo.com/hfh/ 47 KB
47 KB 564ms
281ms Image
image/png 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://c2251424.ferozo.com/hfh/imgPublicidad.png
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash: 35500fe4c97323624f089389243374c56e666e25478685a849c2456461a6163d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Last-Modified: Tue, 01 Nov 2022 10:58:46 GMT
Server: Apache
ETag: "babc-5ec669bb974fc"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=198
Content-Length: 47804

GET
H2 200 logo.svg
sucursalpersonas.transaccionesbancolombia.com/mua/images/ 7 KB
5 KB 34ms
23ms Image
image/svg+xml 162.159.255.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sucursalpersonas.transaccionesbancolombia.com/mua/images/logo.svg

Requested by

Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/hfh/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.255.116 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://cdn.siftscience.com .medallia.com .kampyle.com https://checkout.wompi.co https://www.google.com .googleapis.com api.segment.io .segment.com .todo1.com .cloudbancolombia.com .newrelic.com bam.nr-data.net .gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com .medallia.com .kampyle.com api.segment.io .segment.com .todo1.com .newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com .hotjar.com .hotjar.io .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com .medallia.com .kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com .gstatic.com .cloudbancolombia.com .bancolombia.com .todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' .medallia.com .kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com; frame-src 'self' https://checkout.wompi.co .medallia.com .kampyle.com https://www.google.com/ https://.googleapis.com https://.gstatic.com .salesforce.com .force.com .cloudbancolombia.com .bancolombia.corp .bancolombia.com .transaccionesbancolombia.com .hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://.gstatic.com 'self' data:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin, sameorigin, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Tue, 01 Nov 2022 17:04:54 GMT
date: Tue, 01 Nov 2022 13:04:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://cdn.siftscience.com *.medallia.com *.kampyle.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com *.medallia.com *.kampyle.com api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com *.medallia.com *.kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com *.gstatic.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' *.medallia.com *.kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src 'self' https://checkout.wompi.co *.medallia.com *.kampyle.com https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com *.hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
cf-cache-status: HIT
x-permitted-cross-domain-policies: master-only
age: 5627
content-encoding: gzip
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
server: cloudflare
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cache-control: public, max-age=14400
cf-ray: 7634d6c49b9ce05a-NRT
x-content-security-policy: default-src 'self';

GET
H2 200 icon-user.png
sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/ 447 B
3 KB 35ms
25ms Image
image/png 162.159.255.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-user.png

Requested by

Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/hfh/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.255.116 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://cdn.siftscience.com .medallia.com .kampyle.com https://checkout.wompi.co https://www.google.com .googleapis.com api.segment.io .segment.com .todo1.com .cloudbancolombia.com .newrelic.com bam.nr-data.net .gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com .medallia.com .kampyle.com api.segment.io .segment.com .todo1.com .newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com .hotjar.com .hotjar.io .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com .medallia.com .kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com .gstatic.com .cloudbancolombia.com .bancolombia.com .todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' .medallia.com .kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com; frame-src 'self' https://checkout.wompi.co .medallia.com .kampyle.com https://www.google.com/ https://.googleapis.com https://.gstatic.com .salesforce.com .force.com .cloudbancolombia.com .bancolombia.corp .bancolombia.com .transaccionesbancolombia.com .hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://.gstatic.com 'self' data:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin, sameorigin, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Tue, 01 Nov 2022 17:04:54 GMT
date: Tue, 01 Nov 2022 13:04:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://cdn.siftscience.com *.medallia.com *.kampyle.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com *.medallia.com *.kampyle.com api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com *.medallia.com *.kampyle.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com *.gstatic.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' *.medallia.com *.kampyle.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src 'self' https://checkout.wompi.co *.medallia.com *.kampyle.com https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com *.hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
cf-cache-status: HIT
x-permitted-cross-domain-policies: master-only
age: 5627
content-length: 447
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
server: cloudflare
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7634d6c49b9fe05a-NRT
x-content-security-policy: default-src 'self';

GET
H2 200 icon-lock.png
sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/ 465 B
3 KB 34ms
24ms Image
image/png 162.159.255.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sucursalpersonas.transaccionesbancolombia.com/mua/images/icons/icon-lock.png

Requested by

Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/hfh/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.255.116 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022574e92ba7b69dd3e8f5da1882b053a893b97cf6bfe441753799dcc91655b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://cdn.siftscience.com https://checkout.wompi.co https://www.google.com .googleapis.com api.segment.io .segment.com .todo1.com .cloudbancolombia.com .newrelic.com bam.nr-data.net .gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com api.segment.io .segment.com .todo1.com .newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com .hotjar.com .hotjar.io .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com .gstatic.com .cloudbancolombia.com .bancolombia.com .todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com .todo-1.com .static.browseranalytic.com .browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com .hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com .twitter.com https://t.co .doubleclick.net https://stags.bluekai.com .linkedin.com; frame-src 'self' https://checkout.wompi.co https://www.google.com/ https://.googleapis.com https://.gstatic.com .salesforce.com .force.com .cloudbancolombia.com .bancolombia.corp .bancolombia.com .transaccionesbancolombia.com .hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://.gstatic.com 'self' data:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin, sameorigin, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: http://c2251424.ferozo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Tue, 01 Nov 2022 17:04:54 GMT
date: Tue, 01 Nov 2022 13:04:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' https://cdn.siftscience.com https://checkout.wompi.co https://www.google.com *.googleapis.com api.segment.io *.segment.com *.todo1.com *.cloudbancolombia.com *.newrelic.com bam.nr-data.net *.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'unsafe-inline' 'unsafe-eval'; connect-src https://sessions.bugsnag.com api.segment.io *.segment.com *.todo1.com *.newrelic.com bam.nr-data.net https://www.google-analytics.com www.google-analytics.com tagmanager.google.com *.hotjar.com *.hotjar.io *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self'; img-src https://hexagon-analytics.com images-cdn.info https://www.google-analytics.com www.google-analytics.com https://www.google.com *.gstatic.com *.cloudbancolombia.com *.bancolombia.com *.todo1.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com *.todo-1.com *.static.browseranalytic.com *.browseranalytic.com https://browseranalytic.com/ https://static.browseranalytic.com/ 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com/ tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://tags.bkrtx.com *.hotjar.com https://sjs.bizographics.com https://static.ads-twitter.com *.twitter.com https://t.co *.doubleclick.net https://stags.bluekai.com *.linkedin.com; frame-src 'self' https://checkout.wompi.co https://www.google.com/ https://*.googleapis.com https://*.gstatic.com *.salesforce.com *.force.com *.cloudbancolombia.com *.bancolombia.corp *.bancolombia.com *.transaccionesbancolombia.com *.hotjar.com https://stags.bluekai.com https://www.facebook.com data: blob:; font-src https://*.gstatic.com 'self' data:
cf-cache-status: HIT
x-permitted-cross-domain-policies: master-only
age: 5568
content-length: 465
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Apr 2021 13:04:03 GMT
server: cloudflare
x-frame-options: sameorigin, sameorigin, SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://c.na7.visual.fo.todo1.com
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7634d6c49b9ee05a-NRT
x-content-security-policy: default-src 'self';

GET
H/1.1 404
Not Found OpenSans-Regular.ttf
c2251424.ferozo.com/fonts/opensans/ 0
0 553ms
287ms Font
text/html 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/fonts/opensans/OpenSans-Regular.ttf
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/hfh/styles.css
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: http://c2251424.ferozo.com/hfh/styles.css
Origin: http://c2251424.ferozo.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=10, max=198
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found CIBFontSans-Light.ttf
c2251424.ferozo.com/fonts/opensans/ 0
0 552ms
286ms Font
text/html 2800:6c0:2::192
Dattatec.com

General

Check archive.org

Show headers Download Go to

Full URL: http://c2251424.ferozo.com/fonts/opensans/CIBFontSans-Light.ttf
Requested by: Host: c2251424.ferozo.com
URL: http://c2251424.ferozo.com/hfh/styles.css
Protocol: HTTP/1.1
Server: 2800:6c0:2::192 Rosario, Argentina, ASN27823 (Dattatec.com, AR),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: http://c2251424.ferozo.com/hfh/styles.css
Origin: http://c2251424.ferozo.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Tue, 01 Nov 2022 13:04:54 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=10, max=197
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bancolombia (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.transaccionesbancolombia.com/	1970-01-20 07:08:29	Name: __cf_bm Value: 2B08ER3kZGRPkh3IGaSvMEwYT5uUQzpRTahdKH1yHo4-1667307894-0-AdB+mZEFbWLiL129Tc7+sGoKXC3MjixRyqkSvt8fDiXJi1Uu7uWIQHDo4SdoYp/IgjyxuESzgnN+y3zhreD1LMg=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://c2251424.ferozo.com/fonts/opensans/CIBFontSans-Light.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://c2251424.ferozo.com/fonts/opensans/OpenSans-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c2251424.ferozo.com
sucursalpersonas.transaccionesbancolombia.com
162.159.255.116
2800:6c0:2::192
022574e92ba7b69dd3e8f5da1882b053a893b97cf6bfe441753799dcc91655b6
075210990201bade953adad58db5a225416330c416f5d01ae1fb7b5bf11a7aa0
0c726366b46f1581fa33d26d0a6a0982cc1a2772f0caa99ad2592ba21a605088
243ea248dfa07721f3b34d8979be8b940b186e9c108cd688745e8be69dbbd635
2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0
30a0681084ce96ae07f445d550ccdcb84923744ebc3026be2ac5059f7ce4a67e
35500fe4c97323624f089389243374c56e666e25478685a849c2456461a6163d
75d5b455151a3b1a0a5b100041fee37de2daa0b41d1d177deaa863177c5b5b83
7d9f6a9826f640a47336522bf22a8f2a745691b0f7b9e28e1c3881ca89cd56f2
83805f26ff9c00ca11f307178ae0fdff6f327a0e1337f8d995818b8b2f3286f2
99863f90b943f88e314cf12dc84b8ed8fd43ee98eb794b7ed0103fde30f3db2f
b79752a18c1fb8cfe44b26b1c212ceec9f992161885106df2e86a2834ecb76ce
c9eeb55f7cf16683b871600ce998b61b1031629097be96069d5741f33adaf6d1
cbd252e0156b81eb0bb1e0e15c1ae0d28e2b0beb77a35439f9fcd5d7421cb149

c2251424.ferozo.com Open in urlscan Pro 2800:6c0:2::192 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

19 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

107 kBTransfer

334 kBSize

1 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

c2251424.ferozo.com Open in urlscan Pro
2800:6c0:2::192 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

19 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

107 kB
Transfer

334 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!