ScanMalware.com

Security Scan Report: ffb.file.force.com

Redirected to:
https://ffb.okta.com/app/salesforce/exk21uj0nKFuKGbVL5d6/sso/saml
Site favicon
Submitted: Jun 30, 2026, 2:27:52 AMCompleted: Jun 30, 2026, 2:29:03 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 2 HTTP transactions. The main domain is ffb.okta.com and was registered NaN years ago.

Submitted URL: https://ffb.file.force.com

Effective URL: https://ffb.okta.com/app/salesforce/exk21uj0nKFuKGbVL5d6/sso/samlRedirected

The Cisco Umbrella rank of the primary domain is #1,491 of the top 1 million websitesTop 10K Site

AI Security Verdict

Low Risk

Confidence: 86%

2
Risk Score

Phishing login page impersonating First Fidelity Bank, harvesting user credentials.

Risk Factors
Brand impersonation of a financial institution
Credential collection on a domain unrelated to the brand
Highly obfuscated JavaScript
Cross‑origin form submission to external SSO endpoint
Safety Factors
Domain age >30 years (well‑established)
Cisco Umbrella ranking within top 10K
No network IDS alerts or known IoC matches
No detected JavaScript malware patterns
Page served from an identity-provider sign-in endpoint (ffb.okta.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 8 to 2
Domain age information unavailable

Details

Page Title

First Fidelity Bank - Sign In

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(73%)

Domain Information

The domain 'ffb.file.force.com' uses the commercial generic top-level domain (.com) and includes subdomain 'ffb.file'. The second-level label 'force' is 5 characters long containing two vowels alongside 3 consonants. Splitting it apart reveals one word: force. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://ffb.file.force.com

Page Load Overview

4.40s
Total Load Time
22
HTTP Requests
5
Domains
266 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:339 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking73% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
73%
technology software
49%
documentation technical
38%
social_media
25%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
899.83.233.105United States
AS16509Amazon.com, Inc.
735.158.127.53Frankfurt am Main, Hesse, Germany
AS16509Amazon.com, Inc.
735.158.127.52Frankfurt am Main, Hesse, Germany
AS16509Amazon.com, Inc.
223--

Detected Technologies2

PasswordField
100%
HSTS
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A1F2E6D21904C9EE06465C88967B960A3642A307C6A2DEC477FCCEC9EFADD0B741E64C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:kX/qTyBNbDzbIThqWPa91hwIiMPJTFNVDzbIvhqWPaRWDgTcem29m:kX/qTwNnGqcw1hd9VFNVUqcK3s

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:35274:QtAJgEUEBE4E5AFxBXJlAUA1RQMARVacAQWse9hLBJpyUBAIfAUE4Q8YVg6CYMiRDQVoPAIEq4SCHaEqCAKaAsgD8gjkAAKQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:f7e7e7ffffa5e7ff
Perceptual Hash:b3ccc46699e6668c
Difference Hash:0c082810304d0cb0
Wavelet Hash:e7001818dbc309ff
Color Hash:#3a7078

Other Hashes

Crop Resistant:0c082810304d0cb0

Scan History

Scan history not available

Unable to load historical scan data