promocionesparavos.ru Open in urlscan Pro
2606:4700:3034::ac43:a77f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://promocionesparavos.ru/galicia/index.php
Submission: On October 09 via api (October 9th 2024, 8:52:05 pm UTC) from US — Scanned from JP

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3034::ac43:a77f, located in United States and belongs to CLOUDFLARENET, US. The main domain is promocionesparavos.ru.
TLS certificate: Issued by WE1 on October 8th 2024. Valid for: 3 months.

This is the only time promocionesparavos.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Galicia (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:303... 2606:4700:3034::ac43:a77f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	172.67.167.127 172.67.167.127	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

5 2606:4700:3034::ac43:a77f (United States)

ASN13335 (CLOUDFLARENET, US)

promocionesparavos.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.67.167.127 (United States)

ASN13335 (CLOUDFLARENET, US)

promocionesparavos.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	promocionesparavos.ru promocionesparavos.ru	718 KB
10	1

	Domain	Requested by
10	promocionesparavos.ru	promocionesparavos.ru
10	1

This site contains no links.

Subject Issuer	Validity	Valid
promocionesparavos.ru WE1	`2024-10-08` - `2025-01-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://promocionesparavos.ru/galicia/index.php
Frame ID: 2B7FCA3E387205D7D505ED6D00C133D6
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Banking

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

718 kB
Transfer

2120 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response promocionesparavos.ru/galicia/	10 KB 2 KB	955ms 689ms	Document text/html	2606:4700:3034::ac43:a77f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a77f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `557f5bf2f9d30b8a2678b46fdedd8743d7b1b00b34f8ad28811b960936a6c83e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8d014057acddd753-NRT content-encoding br content-type text/html; charset=UTF-8 date Wed, 09 Oct 2024 20:51:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6SJg2HP0HqXXVce9wMvisw2NzNjfElJ0lL1XvbzrmJirci07JlJ7BqecI%2F0ZR8XVkH%2B7rvPSx5EQlm1VUVlKQ%2FiL%2Bre%2Fqmp7bbLT2yjAXqjnzdMUcLrlIta%2FzaaS4EZFureME2%2FSJbYZItohxqAnW7c9as%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" vary Accept-Encoding
GET H2	200	speculation promocionesparavos.ru/cdn-cgi/	128 B 481 B	9ms 7ms	Other application/speculationrules+json	2606:4700:3034::ac43:a77f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/cdn-cgi/speculation Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a77f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Origin https://promocionesparavos.ru Referer https://promocionesparavos.ru/galicia/index.php Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DuG9X%2BfO2t60IMAv0K%2BePkb1Q24rKZWjktTt8j0bH55mcaOdWSKN7mpud44oEzGB7ywM9tAmzegpKuqbLH1JSd8wYwbP5zfQInTkDrj%2F2cPkmiXkS5Oq%2Fc9sdgRoELKNzBzSo3EtlBEh2obyDYRfdudzE8%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d01405c0ac3d753-NRT access-control-allow-origin https://promocionesparavos.ru alt-svc h3=":443"; ma=86400 content-length 128 date Wed, 09 Oct 2024 20:51:54 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H2	200	bootstrap.min.css promocionesparavos.ru/galicia/assetsindex/css/	156 KB 22 KB	850ms 849ms	Stylesheet text/css	2606:4700:3034::ac43:a77f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/css/bootstrap.min.css Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a77f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `25ee5f9f16b33d9c0f39b007287dc8f1d27092efd151da309303aa807bb38d92` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/index.php Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66eaecde-271f3" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=os02DERJduQ58XPeVKSwYBtQwBSbIXSVTBpP3Kz93v7MELY8lgizcOweAEGg5E%2B24HtzuFUq8jdq8lG4KNexynN5efqioqoKRYNvL1UxZzaIapbnuEKAIUvsBLwZtk5zeAARzl6wO3T6gEuOwuu0giuRJtM%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d01405c0abed753-NRT expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 date Wed, 09 Oct 2024 20:51:55 GMT content-type text/css last-modified Wed, 18 Sep 2024 15:08:14 GMT vary Accept-Encoding server cloudflare
GET H2	200	customcarousel.min.css promocionesparavos.ru/galicia/assetsindex/css/	2 KB 1 KB	568ms 567ms	Stylesheet text/css	2606:4700:3034::ac43:a77f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/css/customcarousel.min.css Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a77f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e7be2d8041a9132b8d88373cf1f3ba55032b30343e461ce8b32903c766dd6c3b` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/index.php Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66eae652-79e" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQzFf7cYODgMvEElJkMcztB5Vg0fQKEXVNZHopqjxqXSl2LuS5IpjR4n9XvDVJ9fBBl3Xogg4Wufm%2FMyL1hB5iA%2BdnntrcXrCUDhCemrn8ZOTXHysEB%2Fphc2ySPQb0RmRfUjVsNqWld7IZJZEkmTeQJadd8%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d01405c0ac1d753-NRT expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 date Wed, 09 Oct 2024 20:51:55 GMT content-type text/css last-modified Wed, 18 Sep 2024 14:40:18 GMT vary Accept-Encoding server cloudflare
GET H2	200	default.min.css promocionesparavos.ru/galicia/assetsindex/css/	1 MB 148 KB	859ms 859ms	Stylesheet text/css	2606:4700:3034::ac43:a77f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a77f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f8da466e47dea788c45ab5bd1ed73a0047bfc9cea6535e9e41c4ad3dfd4cb7be` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/index.php Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66eaeccc-15fae1" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmX1cGLUbUWSy3LLkBf4a4I0YZcdOg3f%2BoONYylMP5lP3yL4s0K4l7dGADwDqsKvR9AVsOdSpHdgOanwwKoE%2BNsnokheTD7%2B7wrtWiqa6C%2FcgbJHsu5FPZCwS80UVJMlfPEEFG2qPb%2BblgKV2Wja7Tf3%2B%2Bc%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d01405c0ac2d753-NRT expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 date Wed, 09 Oct 2024 20:51:55 GMT content-type text/css last-modified Wed, 18 Sep 2024 15:07:56 GMT vary Accept-Encoding server cloudflare
GET H3	200	logo.svg promocionesparavos.ru/galicia/assetsindex/img/	5 KB 2 KB	575ms 575ms	Image image/svg+xml	172.67.167.127 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://promocionesparavos.ru/galicia/assetsindex/img/logo.svg Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.127 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fad6369e7b4e8af718c87cf1d5e13e9f3c3e831725a388ad52a971ee70c1abe8` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66eaeac4-148b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WO400QC78Fzm2NglOrBwL5CR0kvi4tfuiM8pQiSFtAtJYQooak%2FbfQxN8uDQw1eg3cnawOrfw7iW%2FYm45WXFes%2FRgoDE%2FQhYHd2847qxJfsJgIZ%2FS2vsfcSEOqjKmD0JThshngYqwWw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d0140652e186868-NRT expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 date Wed, 09 Oct 2024 20:51:56 GMT content-type image/svg+xml last-modified Wed, 18 Sep 2024 14:59:16 GMT vary Accept-Encoding server cloudflare
GET H3	200	Promociones-1-JaviPane.jpg promocionesparavos.ru/galicia/assetsindex/img/	376 KB 376 KB	3904ms 3904ms	Image image/jpeg	172.67.167.127 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://promocionesparavos.ru/galicia/assetsindex/img/Promociones-1-JaviPane.jpg Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/index.php Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.127 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `39c46f73fec7e62691c7de228409661d8b080285fef779021efee1e3c7e331f1` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/index.php Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "66eae8b4-5df23" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cso61dcHrRTKo3QPEYMSwpmlV3Ate%2B80djlKBPIRXY3qKoHFCn%2BcM2ZyN7ADMWLepflqdf4gZF%2FKm4T8cdw9NiRnRa0Rp1atRZf1ZqvJ4IOjFDepCk9KUR1kQDHX2DH%2BWifQCk0MAFI%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d0140652e1a6868-NRT expires Thu, 31 Dec 2037 23:55:55 GMT accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 384803 date Wed, 09 Oct 2024 20:51:57 GMT content-type image/jpeg last-modified Wed, 18 Sep 2024 14:50:28 GMT vary Accept-Encoding server cloudflare
GET H3	200	Inter-Regular.woff2 promocionesparavos.ru/galicia/assetsindex/fonts/	87 KB 88 KB	3890ms 3890ms	Font font/woff2	172.67.167.127 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/fonts/Inter-Regular.woff2 Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.127 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `77ca56870309a85759fb7116aef2119a26e358145e808868543ca1fe16c27720` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Origin https://promocionesparavos.ru Referer https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "66eaeb1c-15c7c" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVIUbgI%2BaQcR41iO4x%2BZQnSA4DjEZPs7pOKsnQNaZYvd5KVv9tDGm%2FeqbHzEaZKUBk1TtQPDgN%2FOV01GDO7tNghnGC3bbXETSNtZ72%2FJAM1JelZaVQAYKTJCCMSt2vcLdsteH0xVR2I%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d0140653e236868-NRT expires Thu, 31 Dec 2037 23:55:55 GMT accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 89212 date Wed, 09 Oct 2024 20:51:57 GMT content-type font/woff2 last-modified Wed, 18 Sep 2024 15:00:44 GMT vary Accept-Encoding server cloudflare
GET H3	200	fontawesome-webfont.woff2 promocionesparavos.ru/galicia/assetsindex/fonts/	75 KB 76 KB	3875ms 3874ms	Font font/woff2	172.67.167.127 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/fonts/fontawesome-webfont.woff2 Requested by Host: promocionesparavos.ru URL: https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.127 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Origin https://promocionesparavos.ru Referer https://promocionesparavos.ru/galicia/assetsindex/css/default.min.css Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "66eaeb24-12d68" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dgl1IaFA8aHmqbK1vDZc3LJzLlNPSz4CWk%2FbXsBdQiBSXZOu3WfRODsoMA57D2DCLd05%2B3OL7NylJn4%2Fd47msHkw2ZgAeBdrL6RVwKafkuzxI4blF9dP1W1lMv4RVpYYKQUDkW%2BS%2FA4%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d0140653e246868-NRT expires Thu, 31 Dec 2037 23:55:55 GMT accept-ranges bytes alt-svc h3=":443"; ma=86400 content-length 77160 date Wed, 09 Oct 2024 20:51:57 GMT content-type font/woff2 last-modified Wed, 18 Sep 2024 15:00:52 GMT vary Accept-Encoding server cloudflare
GET H3	200	favicon.ico promocionesparavos.ru/galicia/assetsindex/img/	2 KB 2 KB	551ms 550ms	Other image/x-icon	172.67.167.127 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://promocionesparavos.ru/galicia/assetsindex/img/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.167.127 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f20a33fd40173f122bec15a105374059fb3ec612d51146485ed84ef0001f2f03` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Referer https://promocionesparavos.ru/galicia/index.php Response headers cache-control max-age=315360000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66eae978-617" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NovlrJkocaCW2v7Irm%2BqYGfA52JDuOP6do1oi7%2FJKTty32%2B5LC5O6yUevnGcSMHuDMWhoUQzNcvEeKMmlMlutBpjlI%2F3d8223HEF3nq2F2boqSQUcw1F9O9LfH96sNRKd4oZS7jp6ps%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8d01407e1d546868-NRT expires Thu, 31 Dec 2037 23:55:55 GMT alt-svc h3=":443"; ma=86400 date Wed, 09 Oct 2024 20:52:00 GMT content-type image/x-icon last-modified Wed, 18 Sep 2024 14:53:44 GMT vary Accept-Encoding server cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Galicia (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://promocionesparavos.ru/galicia/index.php Message: [DOM] Found 2 elements with non-unique id #soloNumeros: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://promocionesparavos.ru/galicia/index.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://promocionesparavos.ru/galicia/index.php Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

promocionesparavos.ru
172.67.167.127
2606:4700:3034::ac43:a77f
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
25ee5f9f16b33d9c0f39b007287dc8f1d27092efd151da309303aa807bb38d92
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
39c46f73fec7e62691c7de228409661d8b080285fef779021efee1e3c7e331f1
557f5bf2f9d30b8a2678b46fdedd8743d7b1b00b34f8ad28811b960936a6c83e
77ca56870309a85759fb7116aef2119a26e358145e808868543ca1fe16c27720
e7be2d8041a9132b8d88373cf1f3ba55032b30343e461ce8b32903c766dd6c3b
f20a33fd40173f122bec15a105374059fb3ec612d51146485ed84ef0001f2f03
f8da466e47dea788c45ab5bd1ed73a0047bfc9cea6535e9e41c4ad3dfd4cb7be
fad6369e7b4e8af718c87cf1d5e13e9f3c3e831725a388ad52a971ee70c1abe8

promocionesparavos.ru Open in urlscan Pro 2606:4700:3034::ac43:a77f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

718 kBTransfer

2120 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

promocionesparavos.ru Open in urlscan Pro
2606:4700:3034::ac43:a77f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

718 kB
Transfer

2120 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!