salbb.com.do Open in urlscan Pro
2606:4700:3031::ac43:98c2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://salbb.com.do/
Submission: On February 26 via manual (February 26th 2023, 5:07:27 pm UTC) from IL — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3031::ac43:98c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is salbb.com.do.
TLS certificate: Issued by GTS CA 1P5 on January 20th 2023. Valid for: 3 months.

This is the only time salbb.com.do was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: HSBC (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	2606:4700:303... 2606:4700:3031::ac43:98c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2

16 2606:4700:3031::ac43:98c2 (United States)

ASN13335 (CLOUDFLARENET, US)

salbb.com.do	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	salbb.com.do salbb.com.do	256 KB
1	fontawesome.com pro.fontawesome.com — Cisco Umbrella Rank: 5121	29 KB
17	2

	Domain	Requested by
16	salbb.com.do	salbb.com.do
1	pro.fontawesome.com	salbb.com.do
17	2

This site contains no links.

Subject Issuer	Validity	Valid
*.salbb.com.do GTS CA 1P5	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://salbb.com.do/
Frame ID: 16FB15DAD3D30BFD460FB5782C03A151
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log on to online banking: Username | SABB

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

285 kB
Transfer

674 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response salbb.com.do/	6 KB 2 KB	585ms 309ms	Document text/html	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.0.28 PleskLin Resource Hash `6da7f91ad665fe06815f36c9e2954c04583b6222a41e32a959143ca2f67c2a46` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 79fa46ccdb069125-FRA content-encoding br content-type text/html; charset=UTF-8 date Sun, 26 Feb 2023 17:07:22 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SC19sv6tmhO%2B%2B1SILU3x0ZlrMB7MDc64b5JClMFg77KlQyi1EIAVLr%2FqFqeqKNSlMpZTayN1xn6n9cWHlk0ce91gaFPtWPp%2Frwk60RQVsOgSyYddiq6U5NAtSa5gEydlnfqoANgX%2FTlmzXI%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.0.28 PleskLin
GET H2	200	bootstrap.css salbb.com.do/css/	188 KB 26 KB	557ms 555ms	Stylesheet text/css	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/css/bootstrap.css Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `98e83d9984650ba5490166476129ec0ae631dd146d6701c6027c5209854005f8` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status MISS last-modified Mon, 06 Dec 2021 07:36:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"61adbd76-2f178" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uws2CuDxiyEGwHr8qD6sMiZ7%2FQzHpeSKGNBUHSDl63OllAc8XtkiB%2FYp0o14lbnHl7Pd3D60XvLfK6duryuulcrn9%2FS%2Fit6m1GIdNjMKhsvkLmQOtZmTvl5T7FLTWHdQ2I2YwCMBHmfWQYw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79fa46cebe969125-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	test.css salbb.com.do/css/	1 KB 898 B	292ms 291ms	Stylesheet text/css	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/css/test.css Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `f185c3b49c985c9be586c5ca1a4f4a4889083025e6f6c1f9e536d98255a1edf4` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status MISS last-modified Tue, 07 Dec 2021 06:04:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"61aef982-5f3" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9xAITE%2FyKhhP8eqQDXCok%2FegKhWElQZd6S98Rr%2BjE3WdLDitxtafCwzyZRbPoXDt2%2B46KwBMDR27ehYuIYphac1%2BZSQdXyiOqWulk9wOO%2FwaxNcgabJIqPmJw1qXNyhrWNBbERa8yxWEDhk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79fa46cebe979125-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	html5shiv.min.js Show response salbb.com.do/js/	3 KB 2 KB	295ms 294ms	Script application/javascript	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/js/html5shiv.min.js Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 21 Aug 2017 22:37:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"599b60b2-aaa" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1sJOyMKoVxDIRR9tWCh5HvglgUGnNMwR4iJioi3WV8d4XgGALvjjs2DgcvKoVgg86caQMNfWXCdBP16y9wluSVZ0dh56bLrDu44lwHlJvJMkQjtbNMloLDm%2FiV4epphcA3gLMBHR2o4aDg%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79fa46cebe989125-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	respond.min.js Show response salbb.com.do/js/	4 KB 2 KB	293ms 292ms	Script application/javascript	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/js/respond.min.js Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status REVALIDATED last-modified Fri, 27 Jan 2017 06:50:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"588aedaa-11f1" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vl1UnfzU6u%2FgTPy41aR5gI00q7zdV%2BQw1O%2FsIzyz7u168yaHAk1vs%2BLdhG44yGVA5aCaRZPuPQUC0lld3SUs6vCn1Mk4sCJEXOKFBFLxvtfi6fr2nAwzuOrendZbbiso5N%2B9dfPD49Xqm08%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79fa46cebe9c9125-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	all.css pro.fontawesome.com/releases/v5.10.0/css/	153 KB 29 KB	83ms 31ms	Stylesheet text/css	2606:4700::6812:1734 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pro.fontawesome.com/releases/v5.10.0/css/all.css Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec` Request headers Referer https://salbb.com.do/ Origin https://salbb.com.do accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding gzip cf-cache-status HIT x-amz-request-id NC3M9XVZBM7XDNBY age 32938 x-amz-id-2 RObHxv0uwxf7vFCkigj182A/vzoOc4bi3hYnkPUkVgPZwSstgBji9LpBDpzt2raUn5ecbXkI+VQ= last-modified Mon, 28 Jun 2021 16:54:32 GMT server cloudflare etag W/"aa1272633e7e552395d147a499bad186" access-control-max-age 3000 vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding access-control-allow-methods GET access-control-allow-origin * content-type text/css cache-control max-age=31556926 cf-ray 79fa46cf0d5d9193-FRA
GET H3	200	logo.gif salbb.com.do/image/	2 KB 3 KB	290ms 290ms	Image image/gif	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/logo.gif Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `cab78213e8c945c10cae355403260048dad7936a706febbacf3782fb0b15f059` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 03:12:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aed126-8b1" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XcWZTZsKLsheA6odP62wnAyVvgtUAIVA770%2Bj4F0EOEtsntdpLKkfl9CxO61WVNinK1X2SzDv%2BlBIOIEdxXcCAd12R3jGtef%2BSKGq3xYCdRJYMgBbJb4GTPAkEfQbl4s98MwugoLYhGxXZc%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d248f690ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 2225
GET H3	200	menu.png salbb.com.do/image/	867 B 1 KB	298ms 297ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/menu.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `73d0257f6024ef6f53834099a5fc651aae14e19f87a8a76b4204b8ced328006a` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 867 last-modified Tue, 07 Dec 2021 05:24:42 GMT x-accel-version 0.01 server cloudflare etag "363-5d2879728ba80" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vILSE3fatVS8%2Bbr1auPE8gN3ZO3O88WBFgkuJ1RwaXXVegx56%2FCCNXOrZzw%2FvTL9IzyVeN6QbDLU6QzIWHOXCgVBtnRA1GR2%2Fx1DUhwz60kZpNKdxuJ2bNOiEG4n4Kr2UwjXf1BnTZMhf00%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d248fb90ae-FRA
GET H3	200	remeber.png salbb.com.do/image/	3 KB 4 KB	307ms 306ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/remeber.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `04de83a4dba4fbfacbbb3da5036f0fae95793069c000ff3e9fb9abb3f0ca14f7` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:17:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee03e-d3c" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9RH0MG1ZJtk7rsAR6dhTwJwTBwhrLa7lOWmtOkxxLcbTM0f8xGU0VgngwLcExNgBfd7rYVBSyqcSJ6Mz%2FZfza%2B8TCPNUSxQzzpic39pXq94OcGU1kRSgaI02Ej8kms4kJsYU%2BEdjbxFBj4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d248fc90ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3388
GET H3	200	zx.png salbb.com.do/image/	155 KB 156 KB	291ms 289ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/zx.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b941adb10fcdeeafca5a5e0496b5f54448fd898e03ee87319e00f25233c94da3` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:18:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee0ac-26be9" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZFoqbmepio1nFQTNaNP9Q14w3wm7XNU6AOz39QMCFGo6zhFlkvD0eTf1GRYLjzXe0QhRDJLVP6zQ6kOJxW4dGOYcYbII3ob9%2BhzpeDECJfrHubv4zCXaLNfAc%2FBeZGY%2F5j0bopqFilqRHE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d248ff90ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 158697
GET H3	200	1.png salbb.com.do/image/	2 KB 2 KB	317ms 316ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/1.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `33a9c5b7300fddb6ced5853fc001470f3eb615e0c4d9b59058a17f947c74e63c` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:38:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee552-6ac" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBZ%2FeuHOIcRvEtHSmoAyu01IGVP71GTSI4TTrCXvchjk6cEHNtU488jKSXScvjLfIqWE9aOjDjGRVxN5nKNd1nVw52Y6RnZCkyA2vLPFjLetQfMGFofoIPW9M3otbH7mTgnVC%2Bpl6kVuK5A%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d2490090ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1708
GET H3	200	2.png salbb.com.do/image/	2 KB 2 KB	319ms 318ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/2.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7bcb111cc3a9155f581bd6f6e2c54c0f63e5ad05f806de19204747e58f4c17a9` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:38:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee558-7c4" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5CBHbMQg8wrz7lWH30prcQ8o%2FzoFu1nuHlpqsQ5AGe5eUaCxfhuhJ7HJ2OASl5yXzuSPTLC%2FE%2B1bFLhxZY%2BtpqRttFSltGIYgI%2FRxqmiWYzgHBp4c%2B%2FPy0eV%2FsssxRfiDSgXrnD05ubIK0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d2490390ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1988
GET H3	200	3.png salbb.com.do/image/	1 KB 2 KB	320ms 319ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/3.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b52ab67633eda703096205d52b00899f6c0d6258272f07b239ed322a3d34df05` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:38:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee560-4e2" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jG7HBFLAJOmV6LrtzDMc%2B6e6Zt1NHpmXb4En3YgW%2BgokfrYsjxxs6mJSaar6LMdxgAZwafFZd1tNRDnYq8B2ejOt4KcyyVP8zlg3pEqXUeqnqnYE45VXn8QOeaAOBks8tobj8mejjoklVls%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d2490490ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1250
GET H3	200	4.png salbb.com.do/image/	2 KB 2 KB	321ms 320ms	Image image/png	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/4.png Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `febd6d6dc8e864bd600a611bd836ff58f9498a31a9f184d7c357041839770bd4` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:39:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aee56c-691" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37HB54JGz%2BD4or488yuOteTic9JTW1aKKdthuhYic%2BsOKYnZAo0mcjEwerGWwjhtCzjX7ORgUlNqaABAEIpn61u5Ccs5Ea66z7UT7nMB5Qkn3SHZOuSWMhn%2FnhYL0JbS3CaeX92fDbMsmrM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d2490690ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1681
GET H3	200	jquery-3.5.1.min.js Show response salbb.com.do/js/	87 KB 32 KB	304ms 304ms	Script application/javascript	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/js/jquery-3.5.1.min.js Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status REVALIDATED last-modified Tue, 24 Nov 2020 01:18:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"5fbc5f60-15d84" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSBifuxoOX28yZzhWovRQqD3RrHJtS07oXCXPUsx4EpI815xNvDwXmqx2TSHbRcieAVq3O4wOsPWq1Yk0xp%2FgjxvIdpVd6qCM4EUHFBdVXVTxthBSOnYeip2%2BNUEtKuPPdP1FDF3W%2BfaRhw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79fa46d08ef590ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	bootstrap.min.js Show response salbb.com.do/js/	61 KB 17 KB	291ms 291ms	Script application/javascript	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://salbb.com.do/js/bootstrap.min.js Requested by Host: salbb.com.do URL: https://salbb.com.do/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 07 Dec 2020 16:50:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"5fce5d44-f3cb" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kc1iqCyU%2FjGM5BIwnZudtpTx%2FstH%2BUvJ5AdTHpQGz0bQW7XPgMJvzMhdPknDKLKwW%2BQVc3alcZXyO%2BYlSxFElcrItNNNXMHFKmc8YE4Uq1pE0hmcKXbQf3Ezs3fOqMcTlaRBRyv6823TPgo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79fa46d238dd90ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	btn.gif salbb.com.do/image/	3 KB 3 KB	317ms 316ms	Image image/gif	2606:4700:3031::ac43:98c2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://salbb.com.do/image/btn.gif Requested by Host: salbb.com.do URL: https://salbb.com.do/css/test.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::ac43:98c2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `f2d04f19fe518e0201f68d3a0b0e6979c06848a95d84f3f07c32b000fc621367` Request headers accept-language de-DE,de;q=0.9 Referer https://salbb.com.do/css/test.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 17:07:22 GMT cf-cache-status REVALIDATED last-modified Tue, 07 Dec 2021 04:13:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "61aedf68-a03" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2Wn4yCi0gz3GGnsGJ7gMEYgN6XLAe1eLu%2F1ulepxUeL7ehX6D3hCDhm8bvbFTwznxXZ0lZmI5Gn4sB%2BiBizQXN9wzZ1hqOQ%2BisTz3yAotz5pYrd%2FA9fh6VJvXdZb7CY1aMBOgq7Mfw9ZzQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 79fa46d2590990ae-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 2563

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: HSBC (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			salbb.com.do/	1969-12-31 23:59:59	Name: PHPSESSID Value: kb5qmq4n996jg07m0mjmh8h4mg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pro.fontawesome.com
salbb.com.do
2606:4700:3031::ac43:98c2
2606:4700::6812:1734
04de83a4dba4fbfacbbb3da5036f0fae95793069c000ff3e9fb9abb3f0ca14f7
1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e
2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
33a9c5b7300fddb6ced5853fc001470f3eb615e0c4d9b59058a17f947c74e63c
6da7f91ad665fe06815f36c9e2954c04583b6222a41e32a959143ca2f67c2a46
73d0257f6024ef6f53834099a5fc651aae14e19f87a8a76b4204b8ced328006a
7bcb111cc3a9155f581bd6f6e2c54c0f63e5ad05f806de19204747e58f4c17a9
98e83d9984650ba5490166476129ec0ae631dd146d6701c6027c5209854005f8
b52ab67633eda703096205d52b00899f6c0d6258272f07b239ed322a3d34df05
b941adb10fcdeeafca5a5e0496b5f54448fd898e03ee87319e00f25233c94da3
cab78213e8c945c10cae355403260048dad7936a706febbacf3782fb0b15f059
dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
f185c3b49c985c9be586c5ca1a4f4a4889083025e6f6c1f9e536d98255a1edf4
f2d04f19fe518e0201f68d3a0b0e6979c06848a95d84f3f07c32b000fc621367
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
febd6d6dc8e864bd600a611bd836ff58f9498a31a9f184d7c357041839770bd4

salbb.com.do Open in urlscan Pro 2606:4700:3031::ac43:98c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

285 kBTransfer

674 kBSize

1 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

salbb.com.do Open in urlscan Pro
2606:4700:3031::ac43:98c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

285 kB
Transfer

674 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!