ScanMalware.com

Security Scan Report: bbva.saltoks.com

Redirected to: https://idp.live.global.platform.bbva.com/idp/profile/SAML2/Redirect/SSO?execution=e1s1

Submitted: Mar 11, 2026, 3:13:27 AMCompleted: Mar 11, 2026, 3:14:44 AMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 63 HTTP transactions. The main domain is idp.live.global.platform.bbva.com and was registered NaN years ago.

Submitted URL: https://bbva.saltoks.com

Effective URL: https://idp.live.global.platform.bbva.com/idp/profile/SAML2/Redirect/SSO?execution=e1s1Redirected

The Cisco Umbrella rank of the primary domain is #822,286 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 82%

8
Risk Score

Phishing page impersonating BBVA; redirects to legitimate BBVA login but harvests credentials on a suspicious domain.

Risk Factors
Brand impersonation via subdomain on an unrelated domain
Cross‑origin credential form (email + password)
Multiple redirects (4) before reaching final URL
Low Cisco Umbrella ranking for a site claiming to be BBVA
Domain age information unavailable

Details

Page Title

BBVA

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(29%)

Domain Information

Within the commercial generic top-level domain (.com), 'bbva.saltoks.com' is registered, featuring subdomain 'bbva'. The core label 'saltoks' covers 7 characters containing two vowels alongside five consonants. It segments into 3 words: salt, ok, s. Average segment length settles at 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://bbva.saltoks.com

Page Load Overview

2.79s
Total Load Time
68
HTTP Requests
9
Domains
794 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:156 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking29% confidence
Type: spa
Method: ml+structural

All Detected Categories

finance banking
29%
social media
15%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1313.226.244.52United States
AS8075
1199.84.152.72United States
AS16509Amazon.com, Inc.
1135.180.222.86Paris, Île-de-France, France
AS16509Amazon.com, Inc.
1123.197.143.45Frankfurt am Main, Hesse, Germany
AS16625Akamai Technologies, Inc.
11104.18.87.42United States
AS13335Cloudflare, Inc.
1120.82.73.88Amsterdam, North Holland, Netherlands
AS8075Microsoft Corporation
686--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T11FD174A1AC68DC33B6438DD972E596DDB1F5C14DCA2BC80875EC19A81FE9DC84E1AD03

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:GwdwOquU35mdMWWqHJRA1MdL7jAQWAhCAr+e:GwCZ36991

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:6382:ACBDALKFQDADIQUA1whoKQOJjRXACpg4IAhAadiAYAVBECCAGBQATMasChZCgJAbCBmACEBCWEBCBAMECcEAhEIAiCoRxEIW

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:e7e7ffe7e7e7ffff
Perceptual Hash:b3333933398966cc
Difference Hash:4c4c684d4d687004
Wavelet Hash:03272727e4e4fcf0
Color Hash:#2d53d2

Other Hashes

Crop Resistant:4c4c684d4d687004

Scan History

Scan history not available

Unable to load historical scan data