ecopetrol.cyou Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Submission: On October 12 via api (October 12th 2024, 3:03:29 am UTC) from CA — Scanned from NL

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is ecopetrol.cyou.
TLS certificate: Issued by WE1 on September 27th 2024. Valid for: 3 months.

This is the only time ecopetrol.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 20	188.114.97.3 188.114.97.3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	2

20 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ecopetrol.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	ecopetrol.cyou 1 redirects ecopetrol.cyou	257 KB
19	1

	Domain	Requested by
20	ecopetrol.cyou	1 redirects ecopetrol.cyou
19	1

This site contains no links.

Subject Issuer	Validity	Valid
ecopetrol.cyou WE1	`2024-09-27` - `2024-12-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Frame ID: DBF37002AC9271EF49182664AB3C26B3
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ecopetrol

Page URL History Show full URLs

https://ecopetrol.cyou/login/register?inviteCode=af32f76f Page URL
https://ecopetrol.cyou/cdn-cgi/phish-bypass?atok=n4rFNNyWZWDg.3wLOJTd1y6PzOHRyr1sImuZnZvAWpY-172870... HTTP 301
https://ecopetrol.cyou/login/register?inviteCode=af32f76f Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

262 kB
Transfer

679 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ecopetrol.cyou/login/register?inviteCode=af32f76f Page URL
https://ecopetrol.cyou/cdn-cgi/phish-bypass?atok=n4rFNNyWZWDg.3wLOJTd1y6PzOHRyr1sImuZnZvAWpY-1728702198-0.0.1.1-%2Flogin%2Fregister%3FinviteCode%3Daf32f76f HTTP 301
https://ecopetrol.cyou/login/register?inviteCode=af32f76f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 register Show response
ecopetrol.cyou/login/ 4 KB
2 KB 80ms
21ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a539f07c968d440cec0c44ea902d886902f6f68b9bf96da9606026102bc974b9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8d13db24f9986676-AMS
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 12 Oct 2024 03:03:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lhTTyS15EbPOOTX5SKTmlxNFugRB6nCxxo0bhtaF7VLY7ZBqISZ%2FKFvl%2BJbW1TJIRTZfXOSqpgyykJ%2FPNY81FBEw4O%2BDVDZmFrhseev5YDk1IxApoAtJeTJaTxu0pnFBdw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 speculation
ecopetrol.cyou/cdn-cgi/ 128 B
561 B 26ms
26ms Other
application/speculationrules+json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://ecopetrol.cyou
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4MXFITxujP2gtpW9Np02eVoliaNpTrxAs8JDdRNgh4Wxyrwyjgqq4%2Bs3YIhVpz0fB6H7X8kWtMVBPRO%2FtO7g3gPQ%2FuLKqQVAP4Gpy%2FOn9QT5wzY4LqWhqQiH0r2UQx0%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db2529b36676-AMS
access-control-allow-origin: https://ecopetrol.cyou
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Sat, 12 Oct 2024 03:03:18 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
ecopetrol.cyou/cdn-cgi/styles/ 23 KB
5 KB 19ms
19ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ecopetrol.cyou/cdn-cgi/styles/cf.errors.css

Requested by

Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"67055fb5-5df3"
x-content-type-options: nosniff
cf-ray: 8d13db2529b46676-AMS
expires: Sat, 12 Oct 2024 05:03:18 GMT
date: Sat, 12 Oct 2024 03:03:18 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2024 16:37:09 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
ecopetrol.cyou/cdn-cgi/images/ 452 B
635 B 23ms
23ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ecopetrol.cyou/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "67055fb5-1c4"
x-content-type-options: nosniff
cf-ray: 8d13db2549cb6676-AMS
expires: Sat, 12 Oct 2024 05:03:18 GMT
accept-ranges: bytes
content-length: 452
date: Sat, 12 Oct 2024 03:03:18 GMT
content-type: image/png
last-modified: Tue, 08 Oct 2024 16:37:09 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 favicon.ico
ecopetrol.cyou/ 47 KB
46 KB 29ms
29ms Other
image/x-icon 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 461db2e00f4e6ccd0974316e2e8ee3c5b39a9cb53d03a5dc36d74631269bacd6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"66f96866-bb69"
age: 3004
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xwdfi0f3eikNOYbtTTy1IrZkI7qq%2FaUZagji%2FHhCIZHbv9HRNN%2BuAYEC92Pb7C2EUu38E5HIOSSjVVLN84UAYepKyWrF7oh53kWVIHj31xV8y6oUPcBgYZ1EpiVqoT1TIA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db2579dc6676-AMS
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:18 GMT
content-type: image/x-icon
last-modified: Sun, 29 Sep 2024 14:47:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3

200

Primary Request register Show response
ecopetrol.cyou/login/
Redirect Chain

https://ecopetrol.cyou/cdn-cgi/phish-bypass?atok=n4rFNNyWZWDg.3wLOJTd1y6PzOHRyr1sImuZnZvAWpY-1728702198-0.0.1.1-%2Flogin%2Fregister%3FinviteCode%3Daf32f76f
https://ecopetrol.cyou/login/register?inviteCode=af32f76f

22 KB
7 KB

379ms
379ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dc29fc0999455e49faf70d897b5c75e67d1665556f4494d243019aa17471b0c

Request headers

Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 8d13db44bde86676-AMS
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Sat, 12 Oct 2024 03:03:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GiKwKkUToRG5x33YqLCFcNIeQiwKI8r7db%2FjFRp1ZUjyMip1AowMJ5D%2BiRtJfQ0QjKdJvNKgtygRRIYTXmP%2F125wU0Z3Cz9AXivttN9Flh%2BMb48joH5WdYGag4dLj4o0g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8d13db449dcb6676-AMS
content-length: 167
content-type: text/html
date: Sat, 12 Oct 2024 03:03:23 GMT
location: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
ecopetrol.cyou/cdn-cgi/ 128 B
556 B 22ms
22ms Other
application/speculationrules+json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://ecopetrol.cyou
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FwWKTlmB2LnGWxtO7WMPE9yIiplw6ceZE7IL4SdBipbr%2BfA9eFD7iNmMulY3JIZA4Y9Dobd0VHrzNx1mVtVyEQl0SSR8tbB8mmIrL9fn2Cb413Nra4RD7ZxfPyZH4QJ7FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47180b6676-AMS
access-control-allow-origin: https://ecopetrol.cyou
alt-svc: h3=":443"; ma=86400
content-length: 128
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 framework7.ios.min.css
ecopetrol.cyou/static/home/css/ 165 KB
29 KB 28ms
28ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/css/framework7.ios.min.css
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9c035f80cb823ac85db49e3602a9b74f23830db9230f082bf856fd5a134bd2e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-29422"
age: 22332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HQLtvnVHjzYJzlwvh4I8wtTG4qwTtHRM%2Flp%2FQMmP5Hp23KzyKfrapK6Xz7%2Ff5O1ovFFFauWXpUHbDURfBCXxFJFzEhac4LbrkzS8CbQRqyXH8hvhmdOztkHqe4i55WGzaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47180c6676-AMS
expires: Sat, 12 Oct 2024 08:51:12 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: text/css
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 app.css
ecopetrol.cyou/static/home/css/ 74 KB
15 KB 29ms
29ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/css/app.css?v=5.8
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82f5186f34a653adfa6355f8245b830eb8625c1aae10a3dfd26029741f54eeec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66f96632-12722"
age: 20655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ku9HltxtGHothi9PLya9HF%2FuiU9Fgjparj58tKlfFp%2F7dVGxqAnSNGr12eKRd%2F8IbyeARLI8SbXWLlC5MW9i%2FE5Bqmeg%2BUyUkuyDUAexLeIQFXQlpXK78FF46qROCOYPhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47180d6676-AMS
expires: Sat, 12 Oct 2024 09:19:09 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: text/css
last-modified: Sun, 29 Sep 2024 14:37:38 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 iconfont.css
ecopetrol.cyou/static/home/css/ 8 KB
6 KB 43ms
43ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/css/iconfont.css
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cacd438aa0c20dc37f54d304140d49306a321a838316a9229384f1ce659ba73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-1fab"
age: 32389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FKhsy%2BSfGPNoThckQlY4zLIWdDNMK%2FDwjXliwa1EKB57r1BbY0C7zJ4Xh5IDtXpN07NjwDNIzamK8AH0qbmbM1hZ%2BWuXDOfI2%2FohawCeBRSi0CawX7QJrfQDBbN2Qh6Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47180f6676-AMS
expires: Sat, 12 Oct 2024 06:03:35 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: text/css
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 kf2.png
ecopetrol.cyou/static/home/img/ 5 KB
5 KB 43ms
43ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecopetrol.cyou/static/home/img/kf2.png
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0abc6f8f0fbea8d444436152458e93730542167485179684463e4f5e18afee77

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66b651cd-152b"
age: 1001604
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PtavAeUND7savs9OPN4QQou7tz%2FJ8j2vkHgahx5Y2OEWVu2HqEBz0%2BMzrQsqORfJh7h7yECyi1vpVwZU4jtiwxMjhnULX01QuMBK3GLClb178wwVEyI4f8LvGovjTfSdwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db4718116676-AMS
expires: Wed, 30 Oct 2024 12:50:00 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: image/png
last-modified: Fri, 09 Aug 2024 17:28:45 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 jquery-1.11.3.min.js Show response
ecopetrol.cyou/static/home/js/ 94 KB
37 KB 45ms
45ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/js/jquery-1.11.3.min.js
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-176d5"
age: 32389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hABxgSu1vxV5b71KEcgmCgAHOl9Yx0Juj4R5sshWm0J1m1o60fo%2F08KJTNqSYcCfLMd95PdBdhCXsLg7mM%2BnEmdTaaWXTCj%2FU4sRhuo9L0xcUfAsger%2BD7G0ndQyeCOaSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db4718126676-AMS
expires: Sat, 12 Oct 2024 06:03:35 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 jquery-weui.min.js Show response
ecopetrol.cyou/static/home/js/ 76 KB
26 KB 52ms
52ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/js/jquery-weui.min.js
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ba0a293f51554b681f14e51268e1e23bfeef06149f9a667e3119540f1704c0b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-12edd"
age: 4551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMhdCCfyi7yoRUe%2Bu%2BjZwpsOW9fvJ9cw0gGOqhkjbngj4xbAWFd7p83TQRgRZ2CisLlMsOjIWwlLCINSYk4bTOqJ%2Fg7xj%2FnH82x8CppdoswIciGMmZcnhJNWVNy9B%2BTF%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47281f6676-AMS
expires: Sat, 12 Oct 2024 13:47:33 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 layui.js Show response
ecopetrol.cyou/static/home/layui/ 7 KB
4 KB 52ms
52ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/layui/layui.js
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-1ce3"
age: 32389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVQLXn5pwTBWZm1SzTi0u%2BJ4A1cZn8Zhk4ocswbh8CSfzLJh%2B8rXE%2Bih3mlLdJnAe22HBCP3Uz1eX9I8NgedKPz94aOqdVqeK4IAFPbxGqrpurm532rOTHN%2BTeWpiX%2FkhA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db4728206676-AMS
expires: Sat, 12 Oct 2024 06:03:35 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 lg06.png
ecopetrol.cyou/static/home/img/ 57 KB
58 KB 25ms
25ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecopetrol.cyou/static/home/img/lg06.png
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8b2cdc754cd9a62f41e3a9f9fd4ff7825147f7b6a2452c35ec463c2df6ce377

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66f9dc7d-e4e4"
age: 914283
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXlyVClkTXpMZXd4XVWz9EQjhtHvEcRYsM%2FjLnQ%2BZ5qeErF%2BLezRDiNKJcn0kyG95edPphXJBqd%2FgpClW8m4k2oSanQEB03UEkUnG4usFvccuXxNvHEjn%2FCglrA7wbtfow%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47783f6676-AMS
expires: Thu, 31 Oct 2024 13:05:21 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: image/png
last-modified: Sun, 29 Sep 2024 23:02:21 GMT
vary: Accept-Encoding
server: cloudflare

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1e0b37e2e8fd4e762978926eb039af2a4f6e7c7d2f937961953c372dc7e3f9d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://ecopetrol.cyou
Referer

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 form.js Show response
ecopetrol.cyou/static/home/layui/lay/modules/ 9 KB
4 KB 31ms
31ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/layui/lay/modules/form.js
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/static/home/layui/layui.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 431ff3f49bdf257fba233f0ce45629eb247146487aabcd8d70e4109209b67fb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-24f7"
age: 13327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OWQ2eJFoLsbh81DAjQUX6nkxD5zRUNbFcTGySfmvt6zDy08IlD18QaHdQkVKoZyVQ%2FeynleyWxOPzqCzLOcw9b1703KSDmuRfrnMNJ9gihcyeha8yH0%2B4f9uiskgIHo%2BbA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47985f6676-AMS
expires: Sat, 12 Oct 2024 11:21:17 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 layer.js Show response
ecopetrol.cyou/static/home/layui/lay/modules/ 22 KB
9 KB 26ms
26ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/layui/lay/modules/layer.js
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/static/home/layui/layui.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-5619"
age: 32389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RR1MwibBC9mOCJR7JAhTJyQv0h55A4VM1FHcWgMsGR2Abv22FFs6oB30gPguEB%2BEs%2FudkFizj%2FXrcWMnUJ4PqoHsn6CKpLr34wjlK3vY91cpte4zl9sKns0JNgu8%2F3%2BFgw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47d8756676-AMS
expires: Sat, 12 Oct 2024 06:03:35 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 layer.css
ecopetrol.cyou/static/home/layui/css/modules/layer/default/ 14 KB
4 KB 29ms
29ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/static/home/layui/css/modules/layer/default/layer.css?v=3.1.1
Requested by: Host: ecopetrol.cyou
URL: https://ecopetrol.cyou/static/home/layui/layui.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba2baf1bb08b0bff57cce75934bab7768c52567bf389479bed787004ae6e653b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=43200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"61b6aaaa-3859"
age: 36008
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5beGxAgFSseU3z%2BEvCm5EK396qMVmxJaUJlISOHwLl%2Bb2vIUFOc4R6GkvwCwa9FMNiUJ0Su3P%2FWeLDnduANK7sRxOhuhHGAJPVOQ4KBPFg83JxR6w0%2BKwUoyZucF0mWPmg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db47f88a6676-AMS
expires: Sat, 12 Oct 2024 05:03:16 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:24 GMT
content-type: text/css
last-modified: Mon, 13 Dec 2021 02:06:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 favicon.ico
ecopetrol.cyou/ 47 KB
0 0ms
0ms Other
image/x-icon 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ecopetrol.cyou/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 461db2e00f4e6ccd0974316e2e8ee3c5b39a9cb53d03a5dc36d74631269bacd6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ecopetrol.cyou/login/register?inviteCode=af32f76f

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
etag: W/"66f96866-bb69"
age: 3004
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xwdfi0f3eikNOYbtTTy1IrZkI7qq%2FaUZagji%2FHhCIZHbv9HRNN%2BuAYEC92Pb7C2EUu38E5HIOSSjVVLN84UAYepKyWrF7oh53kWVIHj31xV8y6oUPcBgYZ1EpiVqoT1TIA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d13db2579dc6676-AMS
alt-svc: h3=":443"; ma=86400
date: Sat, 12 Oct 2024 03:03:18 GMT
content-type: image/x-icon
last-modified: Sun, 29 Sep 2024 14:47:02 GMT
vary: Accept-Encoding
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ecopetrol.cyou/	1970-01-21 00:13:08	Name: __cf_mw_byp Value: n4rFNNyWZWDg.3wLOJTd1y6PzOHRyr1sImuZnZvAWpY-1728702198-0.0.1.1-/login/register?inviteCode=af32f76f
			ecopetrol.cyou/	1970-01-21 00:11:49	Name: sec_session Value: eyJpdiI6IjJ1d21GWkRCSXZwZm5xUEliVnM4Vnc9PSIsInZhbHVlIjoiaGdVRHpsa1R6UEFcL0RXWmoxQm82TWI2SWtONkwzeGY3YWxhOWlSR2kxdWIzKzl2VFpKekdFb1NJNzZySTI0eFEiLCJtYWMiOiJlNDg5ZTU0NzhiZDViOTIxOGRkYzdkMjA4NDdhNWQxY2U4MzMzZWFjMTM0ODI4N2M5YmFmNjlmNWY3YmYwZDdmIn0%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ecopetrol.cyou/login/register?inviteCode=af32f76f Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ecopetrol.cyou
188.114.97.3
0abc6f8f0fbea8d444436152458e93730542167485179684463e4f5e18afee77
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5
431ff3f49bdf257fba233f0ce45629eb247146487aabcd8d70e4109209b67fb8
461db2e00f4e6ccd0974316e2e8ee3c5b39a9cb53d03a5dc36d74631269bacd6
7cacd438aa0c20dc37f54d304140d49306a321a838316a9229384f1ce659ba73
7dc29fc0999455e49faf70d897b5c75e67d1665556f4494d243019aa17471b0c
82f5186f34a653adfa6355f8245b830eb8625c1aae10a3dfd26029741f54eeec
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ba0a293f51554b681f14e51268e1e23bfeef06149f9a667e3119540f1704c0b
91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2
a539f07c968d440cec0c44ea902d886902f6f68b9bf96da9606026102bc974b9
b1e0b37e2e8fd4e762978926eb039af2a4f6e7c7d2f937961953c372dc7e3f9d
b8b2cdc754cd9a62f41e3a9f9fd4ff7825147f7b6a2452c35ec463c2df6ce377
b9c035f80cb823ac85db49e3602a9b74f23830db9230f082bf856fd5a134bd2e
ba2baf1bb08b0bff57cce75934bab7768c52567bf389479bed787004ae6e653b
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

ecopetrol.cyou Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

262 kBTransfer

679 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

ecopetrol.cyou Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

262 kB
Transfer

679 kB
Size

2
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!