ScanMalware.com

Security Scan Report: www.marriott.com.ru

Redirected to: https://www.marriott.com/ru/default.mi

Site favicon
Submitted: Dec 26, 2025, 10:35:39 PMCompleted: Dec 26, 2025, 10:36:04 PMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 3 countries across 12 domains to perform 194 HTTP transactions. The main domain is marriott.com and was registered NaN years ago.

Submitted URL: https://www.marriott.com.ru

Effective URL: https://www.marriott.com/ru/default.miRedirected

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Suspicious login page impersonating Marriott on an unranked domain; likely phishing.

Risk Factors
Credential harvesting form on a domain that does not belong to the brand
Unranked/low‑reputation domain impersonating a well‑known brand
Redirect chain that masks the true origin of the login page
Domain age information unavailable

Details

Page Title

Отели Marriott Bonvoy | Бронируйте напрямую по эксклюзивным тарифам

Scan Type

public

Language

🇷🇺

Russian

(80% confidence)

Category

travel tourism

(57%)

Domain Information

The domain name 'www.marriott.com.ru' uses the Russian country-code top-level domain (.ru), featuring subdomain 'www.marriott'. The registrable portion 'com' spans 3 characters split between 1 vowel and two consonants. Breaking it apart gives one word: com. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://www.marriott.com.ru

Page Load Overview

6.71s
Total Load Time
184
HTTP Requests
13
Domains
11.3 MB
Total Size

Language Analysis

Primary Language

🇷🇺Russian
Code: ru
Confidence:80%
Script:Cyrillic
Direction:ltr

Detection Details

Language Code:ru
Detection Confidence:80%
Script Type:Cyrillic
HTML Lang Attribute:ru-RU
Text Length:5,224 chars
Detector Agreement:100%

Website Classification

Primary Category

travel tourism57% confidence
Type: webapp
Method: ml+structural

All Detected Categories

travel tourism
57%
forum community discussion
26%
social_media
25%
news/blog
20%
forum
20%

Detected Features

Login Form
Articles

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2463.140.62.139Ireland
AS16625
2023.52.181.12Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
2063.140.62.200United States
AS16509AMAZON-02
20104.18.87.42United States
AS13335CLOUDFLARENET
20104.126.37.123UnknownUnknown
2023.52.180.103Frankfurt am Main, Hesse, Germany
AS16625AKAMAI-AS
20104.17.209.240United States
AS13335CLOUDFLARENET
2052.222.236.22UnknownUnknown
2054.76.45.183UnknownUnknown
1849--

Detected Technologies2

PasswordField
100%
HSTS
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T155256FE573D008F9A15796D9F932361C300AF5BFDA85AC92F2FE4B981BD18348062F56

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

6144:Jq36JYOk4huSon4h195vu3wo8joYarvSBi6/c9WXYN:JY6JYOkQuCz7vu3nND

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:1039243:K8GQJABFQClP0IBJGuCLCFyBJSQwjJDDTdYAARwIAAiIImwlgKgEyIgohQBSEINOWnGYZh4IMkxCJUkAigASgqwhNubANxcQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ff3e0f0f0700070f
Perceptual Hash:92cccc64bcb83aba
Difference Hash:24f4e9fcfcdddfbc
Wavelet Hash:ff3e0f1f0700070f
Color Hash:#783a6c

Other Hashes

Crop Resistant:ece4dbf87d3d7ff9,0000000000400048,26f4e9fcfcdedfbc,4d2d116566671733,8b684f190f393347,9b9c192b4644d692

Scan History

Scan history not available

Unable to load historical scan data