main.sbm-demo.xyz Open in urlscan Pro
18.168.219.128 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://main.sbm-demo.xyz/zero-phishing
Effective URL:
https://main.sbm-demo.xyz/zero-phishing
Submission: On October 26 via api (October 26th 2024, 9:05:19 am UTC) from US — Scanned from GB

Summary HTTP 8 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 18.168.219.128, located in London, United Kingdom and belongs to AMAZON-02, US. The main domain is main.sbm-demo.xyz.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 28th 2023. Valid for: a year.

This is the only time main.sbm-demo.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	18.168.219.128 18.168.219.128	16509 (AMAZON-02) (AMAZON-02)
1	23.36.162.208 23.36.162.208	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2

7 18.168.219.128 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com

main.sbm-demo.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.36.162.208 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-208.deploy.static.akamaitechnologies.com

c.salesforce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	sbm-demo.xyz main.sbm-demo.xyz	298 KB
1	salesforce.com c.salesforce.com — Cisco Umbrella Rank: 13233
8	2

	Domain	Requested by
7	main.sbm-demo.xyz	main.sbm-demo.xyz
1	c.salesforce.com	main.sbm-demo.xyz
8	2

This site contains links to these domains. Also see Links.

Domain
login.salesforce.com
www.salesforce.com

Subject Issuer	Validity	Valid
*.sbm-demo.xyz Amazon RSA 2048 M02	`2023-12-28` - `2025-01-25`	a year	crt.sh
www.salesforce.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-14` - `2025-05-13`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://main.sbm-demo.xyz/zero-phishing
Frame ID: 76231B7A73FA89973C09B0482D9703BE
Requests: 7 HTTP requests in this frame

Frame: https://c.salesforce.com/login-messages/promos.html
Frame ID: ECF69F9AA6158E9C0E29E408118BE147
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login | Salesforce

Page URL History Show full URLs

http://main.sbm-demo.xyz/zero-phishing HTTP 307
https://main.sbm-demo.xyz/zero-phishing Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

298 kB
Transfer

296 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://login.salesforce.com/secur/forgotpassword.jsp?locale=us
Title: Forgot Your Password?

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/form/trial/freetrial.jsp?d=70130000000Enus
Title: Try for Free

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://main.sbm-demo.xyz/zero-phishing HTTP 307
https://main.sbm-demo.xyz/zero-phishing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request zero-phishing Show response
main.sbm-demo.xyz/
Redirect Chain

http://main.sbm-demo.xyz/zero-phishing
https://main.sbm-demo.xyz/zero-phishing

5 KB
5 KB

149ms
37ms

Document
text/html

18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://main.sbm-demo.xyz/zero-phishing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: 9ee7f7ff9b3562ec0a40d7b5553a15f25d338d6b7a9734fcf3941aa73500e96f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: public, max-age=0
Connection: keep-alive
Content-Length: 5168
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Oct 2024 09:05:14 GMT
ETag: W/"1430-18b662eebe8"
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

Redirect headers

Location: https://main.sbm-demo.xyz/zero-phishing
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK app.css
main.sbm-demo.xyz/css/ 19 KB
20 KB 69ms
68ms Stylesheet
text/css 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://main.sbm-demo.xyz/css/app.css
Requested by: Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/zero-phishing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: f307f47671379a4e8c05f4ededb282e5778aee76b4b01c508e2d1ea14fad2340

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://main.sbm-demo.xyz/zero-phishing

Response headers

Cache-Control: public, max-age=0
ETag: W/"4d59-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19801
Date: Sat, 26 Oct 2024 09:05:14 GMT
Content-Type: text/css; charset=UTF-8
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

GET
H/1.1 200
OK logo214.svg
main.sbm-demo.xyz/img/ 7 KB
7 KB 100ms
36ms Image
image/svg+xml 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://main.sbm-demo.xyz/img/logo214.svg
Requested by: Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/zero-phishing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: a48f997fa23140662c20f7a46e93cefcef071fbf81ce038067582f2d822d86d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://main.sbm-demo.xyz/zero-phishing

Response headers

Cache-Control: public, max-age=0
ETag: W/"1a28-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6696
Date: Sat, 26 Oct 2024 09:05:14 GMT
Content-Type: image/svg+xml
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

GET
H/1.1 200
OK hacked-2127635_640.png
main.sbm-demo.xyz/img/ 206 KB
206 KB 134ms
69ms Image
image/png 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://main.sbm-demo.xyz/img/hacked-2127635_640.png
Requested by: Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/zero-phishing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: 64a589b66d30f94bfa107a61d9185eca42aed2bf995c59eadb6a9ee7491b4a86

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://main.sbm-demo.xyz/zero-phishing

Response headers

Cache-Control: public, max-age=0
ETag: W/"33831-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 210993
Date: Sat, 26 Oct 2024 09:05:14 GMT
Content-Type: image/png
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

GET
H2 200 promos.html
c.salesforce.com/login-messages/ Frame ECF6 0
0 178ms
61ms Document
text/html 23.36.162.208
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c.salesforce.com/login-messages/promos.html

Requested by

Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/zero-phishing

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.208 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-208.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	maxage=16070400; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://main.sbm-demo.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 3881
content-type: text/html
date: Sat, 26 Oct 2024 09:05:14 GMT
expires: Sat, 26 Oct 2024 09:05:14 GMT
last-modified: Fri, 25 Oct 2024 22:50:02 GMT
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: Apache
strict-transport-security: maxage=16070400; includeSubdomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-ua-compatible: IE=9; IE=8; IE=7; IE=EDGE

GET
H/1.1 200
OK SalesforceSans-Regular.woff2
main.sbm-demo.xyz/css/fonts/ 27 KB
27 KB 38ms
38ms Font
application/font-woff2 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://main.sbm-demo.xyz/css/fonts/SalesforceSans-Regular.woff2
Requested by: Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/css/app.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: 1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://main.sbm-demo.xyz
Referer: https://main.sbm-demo.xyz/css/app.css

Response headers

Cache-Control: public, max-age=0
ETag: W/"6bbc-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27580
Date: Sat, 26 Oct 2024 09:05:14 GMT
Content-Type: application/font-woff2
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

GET
H/1.1 200
OK SalesforceSans-Light.woff2
main.sbm-demo.xyz/css/fonts/ 27 KB
27 KB 71ms
70ms Font
application/font-woff2 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://main.sbm-demo.xyz/css/fonts/SalesforceSans-Light.woff2
Requested by: Host: main.sbm-demo.xyz
URL: https://main.sbm-demo.xyz/css/app.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: b7df2d6cb9d0ecda707a1de1302b3c9d9bda16247dc382e696579a8308d49771

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://main.sbm-demo.xyz
Referer: https://main.sbm-demo.xyz/css/app.css

Response headers

Cache-Control: public, max-age=0
ETag: W/"6c58-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27736
Date: Sat, 26 Oct 2024 09:05:14 GMT
Content-Type: application/font-woff2
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

GET
H/1.1 200
OK favicon.ico
main.sbm-demo.xyz/img/ 5 KB
6 KB 49ms
48ms Other
image/x-icon 18.168.219.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://main.sbm-demo.xyz/img/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.219.128 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-219-128.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: 92842fc6c2f66b46f69458c14621fc2eca5d6c02d7937f9124fe8a3a9a55bc91

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://main.sbm-demo.xyz/zero-phishing

Response headers

Cache-Control: public, max-age=0
ETag: W/"1536-18b662eebe8"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5430
Date: Sat, 26 Oct 2024 09:05:16 GMT
Content-Type: image/x-icon
Last-Modified: Wed, 25 Oct 2023 09:33:53 GMT
X-Powered-By: Express

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| displayHahcked

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.salesforce.com
main.sbm-demo.xyz
18.168.219.128
23.36.162.208
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
64a589b66d30f94bfa107a61d9185eca42aed2bf995c59eadb6a9ee7491b4a86
92842fc6c2f66b46f69458c14621fc2eca5d6c02d7937f9124fe8a3a9a55bc91
9ee7f7ff9b3562ec0a40d7b5553a15f25d338d6b7a9734fcf3941aa73500e96f
a48f997fa23140662c20f7a46e93cefcef071fbf81ce038067582f2d822d86d5
b7df2d6cb9d0ecda707a1de1302b3c9d9bda16247dc382e696579a8308d49771
f307f47671379a4e8c05f4ededb282e5778aee76b4b01c508e2d1ea14fad2340

main.sbm-demo.xyz Open in urlscan Pro 18.168.219.128 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

298 kBTransfer

296 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

main.sbm-demo.xyz Open in urlscan Pro
18.168.219.128 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

298 kB
Transfer

296 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions