cleanlavapromes.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 23.254.253.192, located in United States and belongs to HOSTWINDS, US. The main domain is cleanlavapromes.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 3rd 2023. Valid for: 3 months.

This is the only time cleanlavapromes.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Promerica (Banking)

Domain & IP information

	IP Address		AS Autonomous System
7	23.254.253.192 23.254.253.192		54290 (HOSTWINDS) (HOSTWINDS)
7	1

7 23.254.253.192 (United States)

ASN54290 (HOSTWINDS, US)
PTR: client-23-254-253-192.hostwindsdns.com

cleanlavapromes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cleanlavapromes.com cleanlavapromes.com	164 KB
7	1

	Domain	Requested by
7	cleanlavapromes.com	cleanlavapromes.com
7	1

This site contains no links.

Subject Issuer	Validity	Valid
cleanlavapromes.com cPanel, Inc. Certification Authority	`2023-05-03` - `2023-08-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cleanlavapromes.com/
Frame ID: 6682E4280BFF9EAEAE50F902F37566F2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Promeric@

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

164 kB
Transfer

169 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cleanlavapromes.com/	5 KB 2 KB	628ms 177ms	Document text/html	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / PHP/7.4.33 Resource Hash `3ebf9bf3bf204a34659a075dbcce26895b32df1794900c9ce524060aaa364cf6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 1329 content-type text/html; charset=UTF-8 date Thu, 04 May 2023 18:03:28 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	style1.css cleanlavapromes.com/	3 KB 896 B	162ms 161ms	Stylesheet text/css	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://cleanlavapromes.com/style1.css Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `26a2ef22b262a61f88d848cab76a437db09dedc3e59e434c07804cbdbe41bc7e` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT content-encoding br last-modified Thu, 05 Jan 2023 03:39:24 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 829
GET H2	200	index1.js Show response cleanlavapromes.com/	1 KB 455 B	162ms 162ms	Script application/javascript	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://cleanlavapromes.com/index1.js Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `f1cccba9536f10d409f63655fc65c66c81dae3d67ea691d61a22c07942343faa` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT content-encoding br last-modified Wed, 22 Mar 2023 00:57:16 GMT server Apache vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 383
GET H2	200	delay1.png cleanlavapromes.com/media/	37 KB 37 KB	322ms 322ms	Image image/png	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Show image Full URL https://cleanlavapromes.com/media/delay1.png Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `3a8e7cd802c66571fea3dc0723d829c521704187acb2c417a1f0e806def1a147` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT last-modified Thu, 05 Jan 2023 00:01:42 GMT server Apache accept-ranges bytes content-length 37947 content-type image/png
GET H2	200	img1.gif cleanlavapromes.com/media/	4 KB 4 KB	321ms 321ms	Image image/gif	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Show image Full URL https://cleanlavapromes.com/media/img1.gif Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `5c1294b70210120e92c044bc38a7fb7fae66c20c248ab80c125181ffbce1e8b8` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT last-modified Fri, 30 Dec 2022 05:23:52 GMT server Apache accept-ranges bytes content-length 4216 content-type image/gif
GET H2	200	img5.jpg cleanlavapromes.com/media/	103 KB 104 KB	458ms 457ms	Image image/jpeg	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Show image Full URL https://cleanlavapromes.com/media/img5.jpg Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `6a45513dc262f6da005e1eb5326beef8c796bfdae76052775a609286f8f429bb` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT last-modified Fri, 30 Dec 2022 16:23:56 GMT server Apache accept-ranges bytes content-length 105898 content-type image/jpeg
GET H2	200	img6.png cleanlavapromes.com/media/	16 KB 16 KB	458ms 457ms	Image image/png	23.254.253.192 HOSTWINDS
General Check archive.org Show headers Download Go to Show image Full URL https://cleanlavapromes.com/media/img6.png Requested by Host: cleanlavapromes.com URL: https://cleanlavapromes.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.254.253.192 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS client-23-254-253-192.hostwindsdns.com Software Apache / Resource Hash `9f64352d61ee287a001ed71d0fbbce62978ee99865b263961ffa8157e826fe4d` Request headers accept-language fi-FI,fi;q=0.9 Referer https://cleanlavapromes.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36 Response headers date Thu, 04 May 2023 18:03:28 GMT last-modified Fri, 30 Dec 2022 21:35:04 GMT server Apache accept-ranges bytes content-length 16209 content-type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Promerica (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cleanlavapromes.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 381a938cc4e7521106a4ab4309dca85d

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cleanlavapromes.com
23.254.253.192
26a2ef22b262a61f88d848cab76a437db09dedc3e59e434c07804cbdbe41bc7e
3a8e7cd802c66571fea3dc0723d829c521704187acb2c417a1f0e806def1a147
3ebf9bf3bf204a34659a075dbcce26895b32df1794900c9ce524060aaa364cf6
5c1294b70210120e92c044bc38a7fb7fae66c20c248ab80c125181ffbce1e8b8
6a45513dc262f6da005e1eb5326beef8c796bfdae76052775a609286f8f429bb
9f64352d61ee287a001ed71d0fbbce62978ee99865b263961ffa8157e826fe4d
f1cccba9536f10d409f63655fc65c66c81dae3d67ea691d61a22c07942343faa

cleanlavapromes.com Open in urlscan Pro 23.254.253.192 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

164 kBTransfer

169 kBSize

1 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

cleanlavapromes.com Open in urlscan Pro
23.254.253.192 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

164 kB
Transfer

169 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!