onekad.com Open in urlscan Pro
82.115.223.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onekad.com/
Submission: On July 26 via manual (July 26th 2023, 4:46:39 pm UTC) from AU — Scanned from NL

Summary HTTP 21 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 82.115.223.134, located in Amsterdam, Netherlands and belongs to WAICORE-TRANSIT, RU. The main domain is onekad.com.
TLS certificate: Issued by R3 on July 21st 2023. Valid for: 3 months.

This is the only time onekad.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Kiwibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
17	82.115.223.134 82.115.223.134	202973 (WAICORE-T...) (WAICORE-TRANSIT)
1	13.237.146.114 13.237.146.114	16509 (AMAZON-02) (AMAZON-02)
1	64.185.227.156 64.185.227.156	18450 (WEBNX) (WEBNX)
21	4

17 82.115.223.134 (Amsterdam, Netherlands)

ASN202973 (WAICORE-TRANSIT, RU)

onekad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.237.146.114 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-237-146-114.ap-southeast-2.compute.amazonaws.com

www.images-home.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.185.227.156 (Los Angeles, United States)

ASN18450 (WEBNX, US)
PTR: 64-185-227-156.static.webnx.com

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	onekad.com onekad.com	27 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2750	204 B
1	images-home.com www.images-home.com — Cisco Umbrella Rank: 93260	521 B
0	kiwibank.co.nz Failed www.ib.kiwibank.co.nz Failed
21	4

	Domain	Requested by
17	onekad.com	onekad.com
1	api.ipify.org	onekad.com
1	www.images-home.com	onekad.com
0	www.ib.kiwibank.co.nz Failed	onekad.com
21	4

This site contains links to these domains. Also see Links.

Domain
www.kiwibank.co.nz
www.ib.kiwibank.co.nz

Subject Issuer	Validity	Valid
krushpaincream.com R3	`2023-07-21` - `2023-10-19`	3 months	crt.sh
images-home.com Amazon RSA 2048 M02	`2023-02-13` - `2023-11-04`	9 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://onekad.com/
Frame ID: 6B251609E95CE581C84A23AD52071FF8
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - Kiwibank Internet Banking

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Page Statistics

21
Requests

90 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

28 kB
Transfer

45 kB
Size

1
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.kiwibank.co.nz/

Search URL Search Domain Scan URL

URL: https://www.ib.kiwibank.co.nz/login#content
Title: Skip to content

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/support-hub/internet-banking/
Title: More about internet banking

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/security/ways-we-keep-you-safe/internet-banking-guarantee/

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/security/ways-we-keep-you-safe/keepsafe/
Title: KeepSafe

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/security/
Title: Staying safe online

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/security/ways-to-keep-yourself-safe/phishing/
Title: Forward suspicious emails

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/security/ways-we-keep-you-safe/monitoring-and-data-safety/

Search URL Search Domain Scan URL

URL: https://www.kiwibank.co.nz/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response onekad.com/	16 KB 5 KB	379ms 24ms	Document text/html	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `7e25e8cdf36836c3df967888dc302fddbaeae7221c3f77d69befea5e6fe09aac` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 4490 Content-Type text/html Date Wed, 26 Jul 2023 16:46:33 GMT ETag "3f82-60112db24f608-gzip" Keep-Alive timeout=5, max=100 Last-Modified Sat, 22 Jul 2023 12:52:37 GMT Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	style.css onekad.com/assets/	9 KB 3 KB	25ms 24ms	Stylesheet text/css	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/assets/style.css Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `0451cbd559c1e482411fb37e2b30d883eba69f0453aa6be9e607f0a8dba2f3b4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Content-Encoding gzip Last-Modified Sat, 22 Jul 2023 10:25:21 GMT Server Apache/2.4.29 (Ubuntu) ETag "23c4-60110cc726869-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2511
GET H/1.1	200 OK	logo.png onekad.com/assets/	3 KB 3 KB	82ms 29ms	Image image/png	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/logo.png Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `47f3a82c0fd4785efa18ca15b38c8db31c8a795debcf1da8e40d6e18a3a9f342` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:20 GMT Server Apache/2.4.29 (Ubuntu) ETag "bab-60110cc67c9a9" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2987
GET H/1.1	200 OK	icon_ms_error.gif onekad.com/assets/	1 KB 2 KB	77ms 24ms	Image image/gif	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/icon_ms_error.gif Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `a9abd4099befa1bd1fbe1d91fc80824e6ad8310880b2ff31bb0e1de32354b7c6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:20 GMT Server Apache/2.4.29 (Ubuntu) ETag "50a-60110cc6170aa" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1290
GET H/1.1	200 OK	image.js Show response onekad.com/assets/	210 B 529 B	48ms 24ms	Script application/javascript	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/assets/image.js Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `86d5e50eee00c010a3f8d9380fa0ef5ada9609f5c15ea639bd4071bfa0ce1e55` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Content-Encoding gzip Last-Modified Sat, 22 Jul 2023 10:25:20 GMT Server Apache/2.4.29 (Ubuntu) ETag "d2-60110cc61ce6a-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 181
GET H/1.1	200 OK	fraudwatch-logo-266.png onekad.com/assets/	5 KB 6 KB	98ms 26ms	Image image/png	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/fraudwatch-logo-266.png Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `ee3bf2d2a5d05593b1ecafe7016f418c354811023d5827a2930e1fc61b8fc818` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "1564-60110cc5c11aa" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 5476
GET H/1.1	200 OK	86975.gif onekad.com/assets/	43 B 325 B	82ms 23ms	Image image/gif	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/86975.gif Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "2b-60110cc504a0b" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 43
GET H/1.1	200 OK	ALibrary.js Show response onekad.com/	5 KB 2 KB	81ms 28ms	Script application/javascript	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/ALibrary.js Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `640b25b3b19680e893baa48153c90e8d6635e0a2daac9214d2306a18fc609d95` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Content-Encoding gzip Last-Modified Sat, 22 Jul 2023 10:25:16 GMT Server Apache/2.4.29 (Ubuntu) ETag "1412-60110cc2438ce-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1278
GET H/1.1	200 OK	media.css onekad.com/assets/	1 KB 844 B	26ms 25ms	Stylesheet text/css	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/assets/media.css Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `11acca568c42cc3abec4cf4e12b3f5eab4dc7193ccdeec53561c159df088fb9f` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Content-Encoding gzip Last-Modified Sat, 22 Jul 2023 10:25:21 GMT Server Apache/2.4.29 (Ubuntu) ETag "542-60110cc6caba9-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 509
GET H/1.1	200 OK	bg-block-header-light.png onekad.com/assets/	313 B 598 B	35ms 24ms	Image image/png	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/bg-block-header-light.png Requested by Host: onekad.com URL: https://onekad.com/assets/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `e3b027a5fa3feb0cf20c75388b9e3fe3ffbb8893cb71871fc71198c3c1140c9d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/assets/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "139-60110cc555aeb" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 313
GET H/1.1	200 OK	bg-padlock-sprite.png onekad.com/assets/	2 KB 2 KB	44ms 28ms	Image image/png	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/bg-padlock-sprite.png Requested by Host: onekad.com URL: https://onekad.com/assets/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `120e2bfd4487aced2d8136d7dc7da0aaaa7deb2983c9d4fd6f44d274a642a2bb` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/assets/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "7c8-60110cc55e78b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1992
GET H/1.1	200 OK	button-bg-round.png onekad.com/assets/	2 KB 2 KB	45ms 28ms	Image image/png	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/button-bg-round.png?nocache=1 Requested by Host: onekad.com URL: https://onekad.com/assets/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `898aacff9ca5bbabb20cc8d95194ac050ee91b25fbc5897dd397aaea4a4755f8` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/assets/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "7f3-60110cc55e78b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2035
GET		geograph-medium.woff2 www.ib.kiwibank.co.nz/fonts/kiwibank/	0 0

GET H2	200	86975.gif www.images-home.com/	43 B 521 B	894ms 284ms	Image image/gif	13.237.146.114 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.images-home.com/86975.gif?from=onekad.com Requested by Host: onekad.com URL: https://onekad.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.237.146.114 Sydney, Australia, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-237-146-114.ap-southeast-2.compute.amazonaws.com Software lighttpd/1.4.63 / Resource Hash `ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Wed, 26 Jul 2023 16:46:34 GMT last-modified Thu, 08 Jun 2023 00:34:55 GMT server lighttpd/1.4.63 accept-ranges bytes etag "2013886196" content-length 43 content-type image/gif
GET H/1.1	200 OK	/ Show response api.ipify.org/	10 B 204 B	292ms 92ms	Fetch text/plain	64.185.227.156 WEBNX
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/ Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.185.227.156 Los Angeles, United States, ASN18450 (WEBNX, US), Reverse DNS 64-185-227-156.static.webnx.com Software nginx/1.25.1 / Resource Hash `58e365e9ed1dcf670a57e650b1e502aa50f9fbe56f602e7d301399078be319b1` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Wed, 26 Jul 2023 16:46:34 GMT Server nginx/1.25.1 Connection keep-alive Content-Length 10 Vary Origin Content-Type text/plain
GET H/1.1	200 OK	idString.php Show response onekad.com/	5 B 207 B	30ms 29ms	Fetch text/html	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/idString.php Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `18f04adca71c371b73c51782df5098c7a4caabdde6749a29d63fd14fa2d36034` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 5 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	arrow-blue-sm-right.gif onekad.com/assets/	49 B 331 B	28ms 28ms	Image image/gif	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Show image Full URL https://onekad.com/assets/arrow-blue-sm-right.gif Requested by Host: onekad.com URL: https://onekad.com/assets/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `c86f525e2bd64646ee66904133b5b96fb068693940bf8967e31eb7b9b6fa9e5a` Request headers accept-language nl-NL,nl;q=0.9 Referer https://onekad.com/assets/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers Date Wed, 26 Jul 2023 16:46:33 GMT Last-Modified Sat, 22 Jul 2023 10:25:19 GMT Server Apache/2.4.29 (Ubuntu) ETag "31-60110cc52bb0b" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 49
GET		geograph-regular.woff2 www.ib.kiwibank.co.nz/fonts/kiwibank/	0 0

POST H/1.1	200 OK	checkExistIp.php Show response onekad.com/	1 B 203 B	25ms 25ms	Fetch text/html	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/checkExistIp.php Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9` Request headers Referer https://onekad.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 26 Jul 2023 16:46:34 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 1 Content-Type text/html; charset=UTF-8
POST H/1.1	200 OK	getExistIp.php Show response onekad.com/	1 B 203 B	24ms 24ms	Fetch text/html	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/getExistIp.php Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9` Request headers Referer https://onekad.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 26 Jul 2023 16:46:34 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 1 Content-Type text/html; charset=UTF-8
POST H/1.1	200 OK	writeIp.php Show response onekad.com/	31 B 234 B	38ms 38ms	Fetch text/html	82.115.223.134 WAICORE-TRANSIT
General Check archive.org Show headers Download Go to Full URL https://onekad.com/writeIp.php Requested by Host: onekad.com URL: https://onekad.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.115.223.134 Amsterdam, Netherlands, ASN202973 (WAICORE-TRANSIT, RU), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `a888959f222e0dc055b8cd3ab60ed5d1a8d5dd72ca3128dc5260ce8058496147` Request headers Referer https://onekad.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Wed, 26 Jul 2023 16:46:34 GMT Server Apache/2.4.29 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 31 Content-Type text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.ib.kiwibank.co.nz
URL: https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-medium.woff2

Domain: www.ib.kiwibank.co.nz
URL: https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-regular.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Kiwibank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.images-home.com/	1970-01-20 13:43:14	Name: AWSALBCORS Value: PtOifAicruqIz2tDpxWi+SvEy7lxFDOcFmE0B4GI0+kR/pTskWbCZQdPW7Rd8M3H34mxd+gax4Gzx6lQgeIG58iLdgOls8uiVou9WXLfwB2NsV6FYU470km0Nxsb

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://onekad.com/ Message: Access to font at 'https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-medium.woff2' from origin 'https://onekad.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-medium.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://onekad.com/ Message: Access to font at 'https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-regular.woff2' from origin 'https://onekad.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-regular.woff2 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
onekad.com
www.ib.kiwibank.co.nz
www.images-home.com
www.ib.kiwibank.co.nz
13.237.146.114
64.185.227.156
82.115.223.134
0451cbd559c1e482411fb37e2b30d883eba69f0453aa6be9e607f0a8dba2f3b4
11acca568c42cc3abec4cf4e12b3f5eab4dc7193ccdeec53561c159df088fb9f
120e2bfd4487aced2d8136d7dc7da0aaaa7deb2983c9d4fd6f44d274a642a2bb
18f04adca71c371b73c51782df5098c7a4caabdde6749a29d63fd14fa2d36034
47f3a82c0fd4785efa18ca15b38c8db31c8a795debcf1da8e40d6e18a3a9f342
58e365e9ed1dcf670a57e650b1e502aa50f9fbe56f602e7d301399078be319b1
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
640b25b3b19680e893baa48153c90e8d6635e0a2daac9214d2306a18fc609d95
7e25e8cdf36836c3df967888dc302fddbaeae7221c3f77d69befea5e6fe09aac
86d5e50eee00c010a3f8d9380fa0ef5ada9609f5c15ea639bd4071bfa0ce1e55
898aacff9ca5bbabb20cc8d95194ac050ee91b25fbc5897dd397aaea4a4755f8
a888959f222e0dc055b8cd3ab60ed5d1a8d5dd72ca3128dc5260ce8058496147
a9abd4099befa1bd1fbe1d91fc80824e6ad8310880b2ff31bb0e1de32354b7c6
c86f525e2bd64646ee66904133b5b96fb068693940bf8967e31eb7b9b6fa9e5a
e3b027a5fa3feb0cf20c75388b9e3fe3ffbb8893cb71871fc71198c3c1140c9d
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ee3bf2d2a5d05593b1ecafe7016f418c354811023d5827a2930e1fc61b8fc818

onekad.com Open in urlscan Pro 82.115.223.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

90 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

28 kBTransfer

45 kBSize

1 Cookies

9 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

onekad.com Open in urlscan Pro
82.115.223.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

28 kB
Transfer

45 kB
Size

1
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!