ventajacolombia.com Open in urlscan Pro
2606:4700:3032::6815:1ef2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ventajacolombia.com/B62nzJQP
Submission: On October 18 via automatic, source openphish (October 18th 2024, 2:17:56 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3032::6815:1ef2, located in United States and belongs to CLOUDFLARENET, US. The main domain is ventajacolombia.com.
TLS certificate: Issued by WE1 on August 30th 2024. Valid for: 3 months.

This is the only time ventajacolombia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
10	2606:4700:303... 2606:4700:3032::6815:1ef2		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

10 2606:4700:3032::6815:1ef2 (United States)

ASN13335 (CLOUDFLARENET, US)

ventajacolombia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ventajacolombia.com ventajacolombia.com	159 KB
10	1

	Domain	Requested by
10	ventajacolombia.com	ventajacolombia.com
10	1

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid
ventajacolombia.com WE1	`2024-08-30` - `2024-11-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ventajacolombia.com/B62nzJQP
Frame ID: A6ED62D77D1B1E104328C20A50529AF9
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram: Join Group Chat

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

159 kB
Transfer

444 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/

Search URL Search Domain Scan URL

URL: https://telegram.org/dl?tme=00089c78e1de9f355c_2545374862466764717
Title: Download

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request B62nzJQP Show response ventajacolombia.com/	15 KB 8 KB	389ms 328ms	Document text/html	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 Resource Hash `1e9bf4a6fc98581eb69cea3b22934f7cb49b5e679b1e7979f17ecc235b00e60c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8d4927835a62dbe0-FRA content-encoding zstd content-type text/html; charset=utf-8 date Fri, 18 Oct 2024 14:17:52 GMT expires Fri, 18 Oct 2024 14:17:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EA3Fzbb0GIKECpjPDlKLKl4VH00vXKLCtLwyo2oXqL%2F1T0Ch7aFu9Wzo4SdVQm7xiQs3dYjaRVN%2FtLSkLkgoYWynXVjKN4uJLXIVHHTyHHo0Kndp%2B9C7laohp64BuLaqcMXV3Al23Wh6uvSarT3eYHVc"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	font-roboto.css ventajacolombia.com/lander/test-telegram/	6 KB 958 B	36ms 35ms	Stylesheet text/css	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/font-roboto.css Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `27780ccf89e3853f260323c142e835e76d72fb2846169c8425ff39565da7efac` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers content-encoding gzip cf-cache-status HIT etag W/"66f7f860-16c6" age 315428 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECJy6pIzwM6aBCq%2BXxuQU%2B8UsbiPp6sYqPNZ%2BGCQvaFd9LmepEkiG4iaZRCHVeEBxVS5Fr6c1Fiw6fKI4wVUzVTjU%2BBoBM6QPDxWuyz0bw4%2BqMXEqtbhyYqCc6krfrH5ZorQt0YSrsofG69ZPWUE2d6A"}],"group":"cf-nel","max_age":604800} expires Thu, 24 Oct 2024 22:40:44 GMT alt-svc h3=":443"; ma=86400 date Fri, 18 Oct 2024 14:17:52 GMT content-type text/css last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785798adbe0-FRA access-control-allow-origin * server cloudflare
GET H2	200	bootstrap.min.css ventajacolombia.com/lander/test-telegram/	42 KB 8 KB	28ms 27ms	Stylesheet text/css	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/bootstrap.min.css Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers content-encoding gzip cf-cache-status HIT etag W/"66f7f860-a61b" age 315428 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMR%2FlxRgeurF8NzLavlkHEV6eXs6bn1eR4uKzmqyePds64K97yMnvCNmxgJz1XV02re7wHJXYG%2FAOWLF7nKTh5FTgGQoYsZo9JTCjPMFnhoLA1mn0TAnvEAN%2BKPbYK2YeYBPwfyoyqL0lRjOKIdfY%2Bam"}],"group":"cf-nel","max_age":604800} expires Thu, 24 Oct 2024 22:40:44 GMT alt-svc h3=":443"; ma=86400 date Fri, 18 Oct 2024 14:17:52 GMT content-type text/css last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785798cdbe0-FRA access-control-allow-origin * server cloudflare
GET H2	200	telegram.css ventajacolombia.com/lander/test-telegram/	103 KB 19 KB	29ms 29ms	Stylesheet text/css	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/telegram.css Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2be52a8c507b254437abadb3ec0ceef1ecdd9b2d56d52b7cadea1bf82237379d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers content-encoding gzip cf-cache-status HIT etag W/"66f7f860-19ddd" age 129160 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BaFghIdVdmaawZSdaHCV58tiFzdsHdSBmzC1qsM5m%2F%2Fe87N0SFKI5RuSGzIrEM9MmT2J7iLZmVUUVP%2BEiIfcLgp4QifqUd%2FrX7MWNTcW48wUSKQDfM3MpUTkfTDi0Tpp8WqdKc5VEO%2FCjs%2B4NC%2FDQYo"}],"group":"cf-nel","max_age":604800} expires Sun, 27 Oct 2024 02:25:12 GMT alt-svc h3=":443"; ma=86400 date Fri, 18 Oct 2024 14:17:52 GMT content-type text/css last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785798edbe0-FRA access-control-allow-origin * server cloudflare
GET H2	200	1.jpg ventajacolombia.com/lander/test-telegram/img/	25 KB 25 KB	31ms 31ms	Image image/jpeg	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ventajacolombia.com/lander/test-telegram/img/1.jpg Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7c4af40ed4d9cd970b0847ebf4d423bb9af4a152e6016eb0a03f2d3fdbc551cb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers cf-cache-status HIT etag "670d998f-63e7" age 128849 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1OZw5SF9ekxtqkaWsELms%2FhIIrww50WE96yd2c9VRRtYb%2B1estp9TKBedAG0f5reJW00lZHObdEJ3suIiEpeh4hV1MeYfNU%2FTrmjdG4bcloGe4x2FPs09qH4B9%2Fekn1TmCSPYT6NnbnnQzBNiSIB0ne%2B"}],"group":"cf-nel","max_age":604800} expires Sun, 27 Oct 2024 02:30:23 GMT alt-svc h3=":443"; ma=86400 date Fri, 18 Oct 2024 14:17:52 GMT content-type image/jpeg last-modified Mon, 14 Oct 2024 22:22:07 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785798fdbe0-FRA accept-ranges bytes access-control-allow-origin * content-length 25575 server cloudflare
GET H2	200	tgwallpaper.min.js Show response ventajacolombia.com/lander/test-telegram/	3 KB 2 KB	31ms 30ms	Script application/javascript	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/tgwallpaper.min.js Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/B62nzJQP Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers content-encoding zstd cf-cache-status HIT etag W/"66f7f860-ba3" age 315428 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9kKE2fnHxYd6MexYVVaCz1ttiOYMFRdURuBG%2F3bWQRV7bSPK93ZAA9AKqcCqMyJeprFzGVi7HCwApe9x4CXP6NOm0F8v6oShbcdn2iQ6AfrdbXpSEm8lD25Q8kbT0zb%2Fa%2BG0k81Q0f%2Fv%2BMx3CmEjDos"}],"group":"cf-nel","max_age":604800} expires Thu, 24 Oct 2024 22:40:44 GMT alt-svc h3=":443"; ma=86400 date Fri, 18 Oct 2024 14:17:52 GMT content-type application/javascript last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d4927857993dbe0-FRA access-control-allow-origin * server cloudflare
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bb3ebda804c7092a12e87f11ecf4505be8c1c2a47ba58e960024e57f10ff1033` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET H3	200	pattern.svg ventajacolombia.com/lander/test-telegram/	226 KB 72 KB	35ms 35ms	Image image/svg+xml	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ventajacolombia.com/lander/test-telegram/pattern.svg Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/lander/test-telegram/telegram.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/lander/test-telegram/telegram.css Response headers content-encoding zstd cf-cache-status HIT etag W/"66f7f860-3891a" age 233386 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrpGL4olSiWNeAz4rlVk9CSgepQRB4PzXOfIOlFAxHGcUxGIUy0UioZ5oHfNcpZhdBUCYFMjuqwLf%2F4DgG7z6tugnRpjScS0JRCaCbgGjGdP4otcT3dOdTaa8PafxB6Ym58OWrQz48Bz7OyjmBqWLpho"}],"group":"cf-nel","max_age":604800} expires Fri, 25 Oct 2024 21:28:06 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Fri, 18 Oct 2024 14:17:52 GMT content-type image/svg+xml last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785ba2f1d8a-FRA access-control-allow-origin * server cloudflare
GET H3	200	KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 ventajacolombia.com/lander/test-telegram/	11 KB 11 KB	68ms 68ms	Font font/woff2	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/lander/test-telegram/font-roboto.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://ventajacolombia.com Referer https://ventajacolombia.com/lander/test-telegram/font-roboto.css Response headers cf-cache-status HIT etag "66f7f860-2b20" age 273125 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ghqeJgQyHMITB95WZzEY6HOuAuNsDAfPxYOXXTDqrT8Z07pRhCW1lq2HqWe5lehBuhjMKevVJl9VjwL1F%2F3y%2BS5%2FS6MqdCpucflWOylsVJx%2F%2FpSCPodyILnOWTcyqYwQd%2BICl8tpuOttCxf%2FvNUxEMy"}],"group":"cf-nel","max_age":604800} expires Fri, 25 Oct 2024 10:25:47 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Fri, 18 Oct 2024 14:17:52 GMT content-type font/woff2 last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785ca451d8a-FRA accept-ranges bytes access-control-allow-origin * content-length 11040 server cloudflare
GET H3	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 ventajacolombia.com/lander/test-telegram/	11 KB 11 KB	86ms 86ms	Font font/woff2	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/lander/test-telegram/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: ventajacolombia.com URL: https://ventajacolombia.com/lander/test-telegram/font-roboto.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://ventajacolombia.com Referer https://ventajacolombia.com/lander/test-telegram/font-roboto.css Response headers cf-cache-status HIT etag "66f7f860-2b14" age 233386 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lB%2FFfpqU6Hc3hQXBsEgCYVn7g7AAQ6oOaKrNXMy3XFGT00keBVTQ7HL1j6UVLLKldnQZ5A9PWJjbxb7j1DYY1W2lAzAQSp31ZxOmbSrUW876%2BYeLLsbNCbT%2F4oiTrwkU2o%2BvLYzDUZOfy8jICO3%2Bdzze"}],"group":"cf-nel","max_age":604800} expires Fri, 25 Oct 2024 21:28:06 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Fri, 18 Oct 2024 14:17:52 GMT content-type font/woff2 last-modified Sat, 28 Sep 2024 12:36:48 GMT vary Accept-Encoding cache-control max-age=864000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d492785ca481d8a-FRA accept-ranges bytes access-control-allow-origin * content-length 11028 server cloudflare
GET H3	404	favicon.ico ventajacolombia.com/	548 B 613 B	57ms 57ms	Other text/html	2606:4700:3032::6815:1ef2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ventajacolombia.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1ef2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://ventajacolombia.com/B62nzJQP Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hMN%2FPrMcDuOKYG4BWwfZK5CglLW1KLaQO9iXnd1nkELY%2F2avv6r%2BFw3qmump8AS86PxBaF1BeSdTIMEatfNJ%2BpeWto19Wnq7LKIPIns2C9FIJRtFT2T1wSN%2FAob8oBx1hREotwLyjlOlvcog5czPxdpg"}],"group":"cf-nel","max_age":604800} cf-ray 8d4927865acf1d8a-FRA alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Fri, 18 Oct 2024 14:17:52 GMT content-type text/html vary Accept-Encoding server cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| TWallpaper

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ventajacolombia.com/	1970-01-21 01:05:39	Name: _subid Value: 3lnvqiglun
			ventajacolombia.com/	1970-01-21 00:22:27	Name: 094d1 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjNcIjoxNzI5MjYxMDcxfSxcImNhbXBhaWduc1wiOntcIjNcIjoxNzI5MjYxMDcxfSxcInRpbWVcIjoxNzI5MjYxMDcxfSJ9.hDT7ylQoubzCx6Z6KmrpQUljbvdffwxXqlcyyVaSLI0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ventajacolombia.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ventajacolombia.com
2606:4700:3032::6815:1ef2
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
1e9bf4a6fc98581eb69cea3b22934f7cb49b5e679b1e7979f17ecc235b00e60c
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
27780ccf89e3853f260323c142e835e76d72fb2846169c8425ff39565da7efac
2be52a8c507b254437abadb3ec0ceef1ecdd9b2d56d52b7cadea1bf82237379d
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7c4af40ed4d9cd970b0847ebf4d423bb9af4a152e6016eb0a03f2d3fdbc551cb
bb3ebda804c7092a12e87f11ecf4505be8c1c2a47ba58e960024e57f10ff1033
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

ventajacolombia.com Open in urlscan Pro 2606:4700:3032::6815:1ef2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

159 kBTransfer

444 kBSize

2 Cookies

2 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

ventajacolombia.com Open in urlscan Pro
2606:4700:3032::6815:1ef2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

159 kB
Transfer

444 kB
Size

2
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!