gtdetailing.com.au
Open in
urlscan Pro
216.172.184.76
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 14 via api from GB
Summary
This is the only time gtdetailing.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 216.172.184.76 216.172.184.76 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
4 | 203.104.163.42 203.104.163.42 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
3 | 210.89.164.55 210.89.164.55 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
1 | 203.104.163.21 203.104.163.21 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
9 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: ns3264.hostgator.com
gtdetailing.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
naver.com
nid.naver.com static.nid.naver.com lcs.naver.com |
154 KB |
1 |
gtdetailing.com.au
gtdetailing.com.au |
5 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
4 | nid.naver.com |
gtdetailing.com.au
|
3 | static.nid.naver.com |
gtdetailing.com.au
|
1 | lcs.naver.com | |
1 | gtdetailing.com.au | |
9 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.naver.com |
help.naver.com |
nid.naver.com |
www.navercorp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nid.naver.com COMODO RSA Extended Validation Secure Server CA |
2017-08-25 - 2019-08-31 |
2 years | crt.sh |
static.nid.naver.com GeoTrust RSA CA 2018 |
2019-01-30 - 2021-01-29 |
2 years | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php
Frame ID: 98A38B05DEFB1E554023AAB320BED995
Requests: 9 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: NAVER
Search URL Search Domain Scan URL
Title: View help
Search URL Search Domain Scan URL
Title: Username
Search URL Search Domain Scan URL
Title: Password?
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: naver
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w_20181218.css
nid.naver.com/login/css/global/desktop/ |
88 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.all.js
nid.naver.com/login/js/ |
51 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bvsd.1.3.4.min.js
nid.naver.com/login/js/ |
94 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lcs_nclicks.js
nid.naver.com/login/js/ |
38 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sp_u_skip.png
static.nid.naver.com/images/web/user/ |
967 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pc_sp_login_170424.png
static.nid.naver.com/images/ui/login/ |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sel_arr_2x.gif
static.nid.naver.com/images/login/global/sns/desktop/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m
lcs.naver.com/ |
43 B 512 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)212 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| swap_social_menu function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect function| nclk function| nclk_clsnm function| nclk_chk function| nclk_if string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z string| b64map string| b64pad boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt object| keys object| keystr string| keyname string| evalue string| nvalue number| initEnc string| is_ipcheck undefined| enctp boolean| is_sid boolean| is_spw boolean| is_mid boolean| is_mpw undefined| browser number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol object| login_chk function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue string| id_error_msg string| pw_error_msg boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit number| smart_level boolean| isSet object| __core-js_shared__ object| __sofabfp_registry object| sofa object| porperties object| bvsd function| nclk_proxy function| nclk_v2 function| nclks_select function| lcs_get_lpid function| lcs_update_lpid string| lcs_version string| g_ssc string| lcs_SerName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gtdetailing.com.au
lcs.naver.com
nid.naver.com
static.nid.naver.com
203.104.163.21
203.104.163.42
210.89.164.55
216.172.184.76
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
330c4a187a7f9364d6efe5a3b7dad0c2b6b05ce53738ff065fe5069a6669617d
448529c9d96881a4b1d52f60b7cbf00c375e9128915b697a820ee66f49c1293f
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc
905db5ffd37e33d5c5c796fcae5b16246547fc22f52d4304bb5d7ef9ecc40167
ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda