# PhishDestroy threat dossier — lonjasantamarta.com ================================================================ Fetched: 2026-07-19 03:25:11 UTC Canonical: https://phishdestroy.io/domain/lonjasantamarta.com/ ## VERDICT ---------------------------------------------------------------- CRITICAL THREAT — DO NOT VISIT Composite threat score: 82/100 (PhishDestroy scoring — see methodology below) ## DETECTION EVIDENCE ---------------------------------------------------------------- VirusTotal: 1/91 security vendors flagged this domain Flagging vendors: SOCRadar URLQuery: 2 detections Public blocklists: listed on 1 independent blocklist ## INFRASTRUCTURE ---------------------------------------------------------------- IP address: 74.208.22.143 (US, Kansas City) Hosting org: AS8560 IONOS SE Registrar: GoDaddy.com, LLC Nameservers: ns55.domaincontrol.com, ns56.domaincontrol.com Registered: 2022-03-10 Expires: 2027-03-10 Page title: Lonja de Santa Marta – Sitio web de la lonja inmobiliaria de Santa marta y el Magdalena HTTP response: 200 ## TLS CERTIFICATE ---------------------------------------------------------------- Issuer: Let's Encrypt / YR2 Expires: 2026-09-01 Status: INVALID chain Fingerprint: 61c512c1672d5a33220295ad5d6a382bd52a341708e59f336a1db3ea7a1c772e Subject Alternative Names (related infrastructure — often same operator): - www.lonjasantamarta.com ## ABUSE-REPORT HISTORY (evidence of registrar non-response) ---------------------------------------------------------------- Status: pending notification queue. No abuse reports filed yet — this domain is waiting for the next cycle of our automated abuse-reporter. ## TIMELINE ---------------------------------------------------------------- Domain registered: 2022-03-10 (per WHOIS / CT — may reflect a renewal or transfer date, not first-ever registration) First detected: 2026-07-18 19:46:19 UTC (by PhishDestroy tracker) First reported: 2026-07-18 17:48:49 UTC (abuse notice filed) Last verified: 2026-07-19 04:30:13 UTC Current status: ACTIVE / observable ## EXTERNAL CORROBORATION (third-party evidence) ---------------------------------------------------------------- URLScan.io: https://urlscan.io/result/019f7655-068b-745c-ba69-7888673e8c52/ URLQuery: https://urlquery.net/report/b1468ce3-f56b-4b7b-9b57-f76ce41761f5 Wayback Machine: https://web.archive.org/web/*/lonjasantamarta.com crt.sh CT logs: https://crt.sh/?q=%25.lonjasantamarta.com Google transparency: https://transparencyreport.google.com/safe-browsing/search?url=lonjasantamarta.com AlienVault OTX: https://otx.alienvault.com/indicator/domain/lonjasantamarta.com URLhaus: https://urlhaus.abuse.ch/host/lonjasantamarta.com/ ## ANALYST NARRATIVE ---------------------------------------------------------------- [Generated: 2026-07-18 19:52:39 UTC — narrative may predate facts above. Treat fields in TIMELINE / DETECTION EVIDENCE / INFRASTRUCTURE as authoritative if they differ from the prose below.] Is lonjasantamarta.com a Scam? Analysis indicates that the domain lonjasantamarta.com is currently active and categorized under a high-risk threat type of generic phishing. The domain was created on March 10, 2022, and has been flagged on one known security blocklist, specifically OpenPhish. The page title associated with this domain is 'Lonja de Santa Marta – Sitio web de la lonja inmobiliaria de Santa marta y el Magdalena'. This suggests that the site may be impersonating a real estate platform related to Santa Marta and the Magdalena region. Infrastructure analysis reveals that the domain resolves to the IP address 74.208.22.143 and is registered through the registrar GoDaddy.com, LLC. The domain has also been issued an SSL certificate from Let's Encrypt, which while common for legitimate sites, does not guarantee the site's safety. Furthermore, a scan on VirusTotal indicated that only 1 out of 95 security vendors flagged this domain, which highlights a disparity in detection efficacy among different security measures. Given its presence on a blocklist and the nature of its registration and hosting, it is advisable for defenders to monitor interactions with the domain and educate users to avoid potential phishing attempts. ## EVIDENCE HASHES ---------------------------------------------------------------- PhishDestroy Case ID: PD-20260718-AAB519 Favicon MD5: 9d1b031ca1395a94a6886087e245cb7b TLS cert SHA-256: 61c512c1672d5a33220295ad5d6a382bd52a341708e59f336a1db3ea7a1c772e ## SCORING METHODOLOGY ---------------------------------------------------------------- Composite score is NOT derived from VirusTotal alone. PhishDestroy aggregates: - VirusTotal positive ratio - Public blocklist consensus (MetaMask, ScamSniffer, OpenPhish, PhishTank, URLhaus, CryptoFirewall, SEAL, Polkadot, Enkrypt, Phishunt, DiscordPhishing, PhishingDB) - Cloaking detection (HTTP 666 or rendering delta between bot and real visitor) - DNS-filter consensus (Quad9, CleanBrowsing, NextDNS, AdGuard, Cloudflare, etc.) - AlienVault OTX pulses + Cloudflare Radar + Google Safe Browsing - URLScan / URLQuery verdicts - Brand-impersonation heuristics (DOM analysis of forms, logos, wording) - Known phishing-kit fingerprinting (favicon hash, JS obfuscation signatures) - Wallet-drainer family classification (Angel, MS, Rainbow, Pink, Inferno, ...) - Free-TLS vs paid-cert ratio (throwaway infrastructure signal) - Registrar/hosting abuse history (this registrar's track record) - Human researcher sign-off (operator takedown team) A domain present in our database is ALREADY flagged. A low VT count by itself does NOT mean the domain is safe — new scam domains routinely show 0/95 VT for their first 7–30 days while actively draining wallets. Always cross-reference the composite score and the individual indicators above, not just VT. ## CORRECTIONS / APPEALS ---------------------------------------------------------------- Full HTML report: https://phishdestroy.io/domain/lonjasantamarta.com/ JSON API: https://api.destroy.tools/v1/check?domain=lonjasantamarta.com Appeal a flag: https://phishdestroy.io/appeals/ (responded to within 48 hours, FP rate <0.01%) Submit a report: https://t.me/PhishDestroy_bot About PhishDestroy: independent open-source threat-intelligence platform. Tracked: 180,257 domains (51,270 alive under monitoring, 127,206 confirmed takedowns/dead). Site: https://phishdestroy.io