ScanMalware.com

Security Scan Report: mail-one-update-xztcwrffabbdpqkyjnxjmpcf.pages.dev

Redirected to: https://login.one.com/mail

Submitted: Mar 31, 2026, 3:20:51 AMCompleted: Mar 31, 2026, 3:21:38 AMpubliccompleted
Loading additional data...

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 1 HTTP transaction. The main domain is login.one.com and was registered NaN years ago.

Submitted URL: https://mail-one-update-xztcwrffabbdpqkyjnxjmpcf.pages.dev/

Effective URL: https://login.one.com/mailRedirected

AI Security Verdict

Confirmed Scam

Confidence: 92%

9
Risk Score

Phishing page impersonating one.com webmail login, harvesting credentials via a cross‑origin form.

Risk Factors
Brand impersonation of one.com on an untrusted domain
Cross‑origin credential form (email + password) to a different domain
New/unknown subdomain on a free hosting platform
Login form present on a site with no reputable background
Domain age information unavailable

Details

Page Title

Webmail Login

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(52%)

Domain Information

Domain 'mail-one-update-xztcwrffabbdpqkyjnxjmpcf.pages.dev' uses the developer-focused generic top-level domain (.dev), featuring subdomain 'mail-one-update-xztcwrffabbdpqkyjnxjmpcf'. The core label 'pages' covers 5 characters split between two vowels and three consonants. Segmentation suggests one word: pages. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://mail-one-update-xztcwrffabbdpqkyjnxjmpcf.pages.dev/

Page Load Overview

4.22s
Total Load Time
53
HTTP Requests
17
Domains
2.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en-US
Text Length:1,990 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software52% confidence
Type: spa
Method: ml+structural

All Detected Categories

technology software
52%
e-commerce shopping
48%
documentation technical
31%
social media network
27%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
13195.47.247.13Denmark
AS51468One.com A/S
546.30.212.98Copenhagen, Capital Region, Denmark
AS51468One.com A/S
5172.66.47.112United States
AS13335Cloudflare, Inc.
546.30.212.97Copenhagen, Capital Region, Denmark
AS51468One.com A/S
5195.47.247.12Denmark
AS51468One.com A/S
5142.251.110.95United States
AS15169Google LLC
5142.251.14.94United States
AS15169Google LLC
5142.251.110.97United States
AS15169Google LLC
546.30.212.103Copenhagen, Capital Region, Denmark
AS51468One.com A/S
539--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T10A42A7B100F1155309D785C1263253362992F11F9907DF8ABCFD9BAA0FEBDA6CDA7448

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:h3gO+AdeWG4ibCJujcrytVAokt9H983otnqyiNKqclcLSSuH2xuO/dkLPvr0ZTxO:FQcrytVNkMKqwkGv+NMj

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:12847:BTAJmQFElFY4gABFEAw5AEDNgCIgqwEeUQAHgIQXDM4WCCgAEYZzDgYCgIyMLAABCAmkRHhNKwsgEiIjjDitgAEFiiAYcBAA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ff6060707060ffff
Perceptual Hash:c042bb3dbcbfc1c0
Difference Hash:31c9ccc686e67a00
Wavelet Hash:ff0060607040ffff
Color Hash:#865e2d

Other Hashes

Crop Resistant:000100d1c10c0029,cdccc68686e61082,a9ccccc6c68686e6

Scan History

Scan history not available

Unable to load historical scan data