![](/screenshots/cec01764-f10d-426e-8177-585358e2c490.png)
agenciakelps.com.br
Open in
urlscan Pro
191.252.80.165
Malicious Activity!
Public Scan
Effective URL: https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php
Submission: On May 15 via manual from BE — Scanned from IT
Summary
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.
This is the only time agenciakelps.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: one.com (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 190.92.190.221 190.92.190.221 | 55293 (A2HOSTING) (A2HOSTING) | |
3 4 | 191.252.80.165 191.252.80.165 | 27715 (Locaweb S...) (Locaweb Servicos de Internet SA) | |
2 | 2a02:2350:6::... 2a02:2350:6::d1e8:4d8d | 51468 (ONECOM) (ONECOM) | |
3 | 3 |
ASN55293 (A2HOSTING, US)
PTR: server.no-paralel.com
lamadarbanonedomai.lesgriffes51online.it |
ASN27715 (Locaweb Servicos de Internet SA, BR)
PTR: vpshost7328.publiccloud.com.br
agenciakelps.com.br |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
agenciakelps.com.br
3 redirects
agenciakelps.com.br |
703 KB |
3 |
lesgriffes51online.it
3 redirects
lamadarbanonedomai.lesgriffes51online.it |
411 B |
2 |
cdn-one.com
login-static.cdn-one.com |
173 KB |
3 | 3 |
Domain | Requested by | |
---|---|---|
4 | agenciakelps.com.br | 3 redirects |
3 | lamadarbanonedomai.lesgriffes51online.it | 3 redirects |
2 | login-static.cdn-one.com |
agenciakelps.com.br
|
3 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.one.com |
filemanager.one.com |
webshop.one.com |
webeditor.one.com |
mail.one.com |
account.one.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
agenciakelps.com.br R3 |
2023-04-10 - 2023-07-09 |
3 months | crt.sh |
*.cdn-one.com R3 |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php
Frame ID: C5754AAC8140AA5FA08C158F7D682693
Requests: 4 HTTP requests in this frame
Screenshot
![](/screenshots/cec01764-f10d-426e-8177-585358e2c490.png)
Page Title
Log in to One.comPage URL History Show full URLs
-
https://lamadarbanonedomai.lesgriffes51online.it/customer
HTTP 301
https://lamadarbanonedomai.lesgriffes51online.it/customer/ HTTP 302
https://lamadarbanonedomai.lesgriffes51online.it/customer/go.php HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One HTTP 301
https://agenciakelps.com.br/wp-admin/user/customer/One/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
18 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: WordPress
Search URL Search Domain Scan URL
Title: File Manager
Search URL Search Domain Scan URL
Title: Online Shop
Search URL Search Domain Scan URL
Title: Website Builder
Search URL Search Domain Scan URL
Title: Webmail
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: Dansk
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: Español
Search URL Search Domain Scan URL
Title: Français
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: Norsk
Search URL Search Domain Scan URL
Title: Português
Search URL Search Domain Scan URL
Title: Suomi
Search URL Search Domain Scan URL
Title: Svenska
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lamadarbanonedomai.lesgriffes51online.it/customer
HTTP 301
https://lamadarbanonedomai.lesgriffes51online.it/customer/ HTTP 302
https://lamadarbanonedomai.lesgriffes51online.it/customer/go.php HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One HTTP 301
https://agenciakelps.com.br/wp-admin/user/customer/One/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/ HTTP 302
https://agenciakelps.com.br/wp-admin/user/customer/One/customer/authenticate.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
authenticate.php
agenciakelps.com.br/wp-admin/user/customer/One/customer/ Redirect Chain
|
702 KB 703 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
one.com.b70a2250.svg
login-static.cdn-one.com/v8.1.0/media/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cp.c1266867.jpg
login-static.cdn-one.com/v8.1.0/media/ |
171 KB 171 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: one.com (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 boolean| credentialless0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
agenciakelps.com.br
lamadarbanonedomai.lesgriffes51online.it
login-static.cdn-one.com
190.92.190.221
191.252.80.165
2a02:2350:6::d1e8:4d8d
0cdb7effe1b70a6969a1ee136d5b79b235307f0242427a43a4334faa723b67b2
5c782d8f9acae60b33dfb1aa3e0e84e3a4babfacefa2206f2076f959cf8fa057
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
e6cb5bd66f9b89bf087dca8fc573ec1d652d3603f1b35165ce40d5964310d7c2