agenciakelps.com.br - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 191.252.80.165, located in Brazil and belongs to Locaweb Servicos de Internet SA, BR. The main domain is agenciakelps.com.br.
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.

This is the only time agenciakelps.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: one.com (Online)

Domain & IP information

	IP Address	AS Autonomous System
3 3	190.92.190.221 190.92.190.221	55293 (A2HOSTING) (A2HOSTING)
3 4	191.252.80.165 191.252.80.165	27715 (Locaweb S...) (Locaweb Servicos de Internet SA)
2	2a02:2350:6::... 2a02:2350:6::d1e8:4d8d	51468 (ONECOM) (ONECOM)
3	3

3 190.92.190.221 (United States) 3 redirects

ASN55293 (A2HOSTING, US)
PTR: server.no-paralel.com

lamadarbanonedomai.lesgriffes51online.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 191.252.80.165 (Brazil) 3 redirects

ASN27715 (Locaweb Servicos de Internet SA, BR)
PTR: vpshost7328.publiccloud.com.br

agenciakelps.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2350:6::d1e8:4d8d (Denmark)

ASN51468 (ONECOM, DK)

login-static.cdn-one.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	agenciakelps.com.br 3 redirects agenciakelps.com.br	703 KB
3	lesgriffes51online.it 3 redirects lamadarbanonedomai.lesgriffes51online.it	411 B
2	cdn-one.com login-static.cdn-one.com	173 KB
3	3

	Domain	Requested by
4	agenciakelps.com.br	3 redirects
3	lamadarbanonedomai.lesgriffes51online.it	3 redirects
2	login-static.cdn-one.com	agenciakelps.com.br
3	3

This site contains links to these domains. Also see Links.

Domain
www.one.com
filemanager.one.com
webshop.one.com
webeditor.one.com
mail.one.com
account.one.com

Subject Issuer	Validity	Valid
agenciakelps.com.br R3	`2023-04-10` - `2023-07-09`	3 months	crt.sh
*.cdn-one.com R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php
Frame ID: C5754AAC8140AA5FA08C158F7D682693
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to One.com

Page URL History Show full URLs

https://lamadarbanonedomai.lesgriffes51online.it/customer HTTP 301
https://lamadarbanonedomai.lesgriffes51online.it/customer/ HTTP 302
https://lamadarbanonedomai.lesgriffes51online.it/customer/go.php HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One HTTP 301
https://agenciakelps.com.br/wp-admin/user/customer/One/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

905 kB
Transfer

906 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.one.com/

Search URL Search Domain Scan URL

URL: https://www.one.com/admin/webapp-sso-login.do?loginTarget=wordpress
Title: WordPress

Search URL Search Domain Scan URL

URL: https://filemanager.one.com/
Title: File Manager

Search URL Search Domain Scan URL

URL: https://webshop.one.com/
Title: Online Shop

Search URL Search Domain Scan URL

URL: https://webeditor.one.com/
Title: Website Builder

Search URL Search Domain Scan URL

URL: https://mail.one.com/
Title: Webmail

Search URL Search Domain Scan URL

URL: https://www.one.com/admin/forgotpassword.do
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=da
Title: Dansk

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=de
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=en
Title: English

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=es
Title: Español

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=fr
Title: Français

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=it
Title: Italiano

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=nl
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=no
Title: Norsk

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=pt
Title: Português

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=fi
Title: Suomi

Search URL Search Domain Scan URL

URL: https://account.one.com/auth/realms/customer/login-actions/authenticate?client_id=crm-appsrv&tab_id=nIKZFMZ7HG4&execution=18715cea-ac50-4a71-beba-dd532060ca05&kc_locale=sv
Title: Svenska

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lamadarbanonedomai.lesgriffes51online.it/customer HTTP 301
https://lamadarbanonedomai.lesgriffes51online.it/customer/ HTTP 302
https://lamadarbanonedomai.lesgriffes51online.it/customer/go.php HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One HTTP 301
https://agenciakelps.com.br/wp-admin/user/customer/One/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request authenticate.php Show response
agenciakelps.com.br/wp-admin/user/customer/One/customer/
Redirect Chain

https://lamadarbanonedomai.lesgriffes51online.it/customer
https://lamadarbanonedomai.lesgriffes51online.it/customer/
https://lamadarbanonedomai.lesgriffes51online.it/customer/go.php
https://agenciakelps.com.br/wp-admin/user/customer/One
https://agenciakelps.com.br/wp-admin/user/customer/One/
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php

702 KB
703 KB

261ms
261ms

Document
text/html

191.252.80.165
Locaweb Servicos ...

General

Check archive.org

Show headers Download Go to

Full URL: https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 191.252.80.165 , Brazil, ASN27715 (Locaweb Servicos de Internet SA, BR),
Reverse DNS: vpshost7328.publiccloud.com.br
Software: Apache / PHP/7.4.11
Resource Hash: 5c782d8f9acae60b33dfb1aa3e0e84e3a4babfacefa2206f2076f959cf8fa057

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Connection: Keep-Alive
Content-Length: 719336
Content-Type: text/html; charset=UTF-8
Date: Mon, 15 May 2023 09:18:11 GMT
Keep-Alive: timeout=5, max=97
Server: Apache
X-Powered-By: PHP/7.4.11

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 15 May 2023 09:18:11 GMT
Keep-Alive: timeout=5, max=98
Location: ./authenticate.php
Server: Apache
X-Powered-By: PHP/7.4.11

GET
H2 200 one.com.b70a2250.svg
login-static.cdn-one.com/v8.1.0/media/ 3 KB
2 KB 146ms
40ms Image
image/svg+xml 2a02:2350:6::d1e8:4d8d
ONECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login-static.cdn-one.com/v8.1.0/media/one.com.b70a2250.svg

Requested by

Host: agenciakelps.com.br
URL: https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:2350:6::d1e8:4d8d , Denmark, ASN51468 (ONECOM, DK),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

0cdb7effe1b70a6969a1ee136d5b79b235307f0242427a43a4334faa723b67b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15778800

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://agenciakelps.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 05:55:38 GMT
content-encoding: gzip
via: 1.1 webcache1 (Varnish/7.3)
strict-transport-security: max-age=15778800
age: 271356
x-node: webproxy1.cst.cdnpod2-cph3.one.com
content-length: 1274
last-modified: Mon, 24 Aug 2020 13:59:49 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"5f43c7d5-b66"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-varnish: 39329701 1278067
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cp.c1266867.jpg
login-static.cdn-one.com/v8.1.0/media/ 171 KB
171 KB 147ms
41ms Image
image/jpeg 2a02:2350:6::d1e8:4d8d
ONECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login-static.cdn-one.com/v8.1.0/media/cp.c1266867.jpg

Requested by

Host: agenciakelps.com.br
URL: https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2a02:2350:6::d1e8:4d8d , Denmark, ASN51468 (ONECOM, DK),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

e6cb5bd66f9b89bf087dca8fc573ec1d652d3603f1b35165ce40d5964310d7c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15778800

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://agenciakelps.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 05:55:38 GMT
via: 1.1 webcache1 (Varnish/7.3)
strict-transport-security: max-age=15778800
last-modified: Mon, 24 Aug 2020 13:59:49 GMT
server: nginx/1.18.0 (Ubuntu)
age: 271356
etag: "5f43c7d5-2aa06"
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 39329702 950342
cache-control: max-age=315360000, public, immutable
accept-ranges: bytes
content-length: 174598
x-node: webproxy1.cst.cdnpod2-cph3.one.com
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 30 KB
30 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Request headers

Referer
Origin: https://agenciakelps.com.br
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: one.com (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

agenciakelps.com.br
lamadarbanonedomai.lesgriffes51online.it
login-static.cdn-one.com
190.92.190.221
191.252.80.165
2a02:2350:6::d1e8:4d8d
0cdb7effe1b70a6969a1ee136d5b79b235307f0242427a43a4334faa723b67b2
5c782d8f9acae60b33dfb1aa3e0e84e3a4babfacefa2206f2076f959cf8fa057
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
e6cb5bd66f9b89bf087dca8fc573ec1d652d3603f1b35165ce40d5964310d7c2

agenciakelps.com.br Open in urlscan Pro 191.252.80.165 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

905 kBTransfer

906 kBSize

0 Cookies

18 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

agenciakelps.com.br Open in urlscan Pro
191.252.80.165 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

905 kB
Transfer

906 kB
Size

0
Cookies

3 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!