https://web.syroxtech.com/?utm_source=fb&utm_medium=ADV%2B+|+GENERAL+-+CALLE+-+14/06/2026&utm_campaign=Campa%C3%B1a+SyroxTech+-+03/06/2026&utm_content=ADV%2B+|+GENERAL+-+CALLE+-+14/06/2026&utm_term=Facebook_Marketplace&fbclid=IwdGRjcASdnoFleHRuA2FlbQEwAGFkaWQBqzHdDtZ6G3NydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHtsRGQnu5TMEDufsV-CEKgmPCiRfN6py7hgWJF_H9agVg2zbGD3fYaPmASUv_aem_BA5eWD89jJqAYLuFkvqRAw&utm_id=120243510190100539
104.18.35.90 · Cloudflare, Inc.
Toronto, Canada
580 days
200 · 45.2s
Valid· WE1, Google Trust Services, US
COMPLETED
Registered-domain escalation
Submit syroxtech.com as the primary IOC, enriched with evidence from hostile subdomains like web.syroxtech.com.
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page presents branding that resembles a software development service with Spanish copy and a strong visual design. However, the domain web.syroxtech.com does not obviously map to a well-known legitimate brand, and the page appears to host marketing content rather than a bona fide official product page. The screenshot shows a generic tech-services layout rather than a recognized brand’s authentic UI, making impersonation risk uncertain from visuals alone; credential collection indicators are not evident in the static HTML, but the SPA nature means forms could render dynamically. The evidence does not clearly indicate credential harvesting or malware delivery, but the presence of tracking scripts and third-party endpoints suggests potential data collection and marketing integration. No explicit login form is found in the static HTML, but the SPA could render forms at runtime; POSTs to an attribution service and rum endpoint imply user interaction tracking.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 142
Hosts: 11
Domains: 7
No suspicious indicators identified
The site is hosting a marketing/brand-building page with SPA-driven content and multiple third-party integrations for analytics and session tracking. While there is no concrete evidence of credential harvesting on the static HTML, the SPA architecture means credentials could be captured via dynamically rendered forms. The presence of POST requests to analytics/attribution endpoints and a non-trivial set of external scripts warrants caution and monitoring. Given the lack of a clear official brand mapping and the visual impersonation risk in the screenshot, this should be flagged for further verification but not definitively classified as phishing at this stage.
Monitor