gtdetailing.com.au Open in urlscan Pro
216.172.184.76  Malicious Activity! Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/	13 KB 5 KB	1412ms 268ms	Document text/html	216.172.184.76 Unified Layer
General Check archive.org Show headers Download Go to Full URL http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol HTTP/1.1 Server 216.172.184.76 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US), Reverse DNS ns3264.hostgator.com Software Apache / Resource Hash 905db5ffd37e33d5c5c796fcae5b16246547fc22f52d4304bb5d7ef9ecc40167 Request headers Host gtdetailing.com.au Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 14 Jul 2019 02:04:20 GMT Server Apache Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding Content-Encoding gzip Content-Length 4433 Keep-Alive timeout=5, max=75 Content-Type text/html; charset=UTF-8
GET H2	200	w_20181218.css nid.naver.com/login/css/global/desktop/	88 KB 17 KB	326ms 18ms	Stylesheet text/css	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218 Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 448529c9d96881a4b1d52f60b7cbf00c375e9128915b697a820ee66f49c1293f Request headers Referer http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 14 Jul 2019 02:04:21 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-15fb0" vary Accept-Encoding content-type text/css status 200
GET H2	200	common.all.js Show response nid.naver.com/login/js/	51 KB 14 KB	328ms 21ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/common.all.js?141216 Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 330c4a187a7f9364d6efe5a3b7dad0c2b6b05ce53738ff065fe5069a6669617d Request headers Referer http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 14 Jul 2019 02:04:21 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-ca84" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	bvsd.1.3.4.min.js Show response nid.naver.com/login/js/	94 KB 28 KB	327ms 20ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/bvsd.1.3.4.min.js Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca Request headers Referer http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 14 Jul 2019 02:04:21 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-17748" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	lcs_nclicks.js Show response nid.naver.com/login/js/	38 KB 11 KB	326ms 19ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/lcs_nclicks.js?dt=20190122 Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f Request headers Referer http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 14 Jul 2019 02:04:21 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-9620" vary Accept-Encoding content-type application/javascript status 200
GET H/1.1	200 OK	sp_u_skip.png static.nid.naver.com/images/web/user/	967 B 1 KB	1867ms 276ms	Image image/png	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/web/user/sp_u_skip.png Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46 Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 14 Jul 2019 02:04:23 GMT Last-Modified Mon, 11 Apr 2016 11:25:27 GMT Server nginx ETag "570b89a7-3c7" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 967 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	pc_sp_login_170424.png static.nid.naver.com/images/ui/login/	80 KB 80 KB	2164ms 565ms	Image image/png	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/ui/login/pc_sp_login_170424.png Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 14 Jul 2019 02:04:23 GMT Last-Modified Fri, 28 Apr 2017 06:47:59 GMT Server nginx ETag "5902e59f-13ff8" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 81912 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	sel_arr_2x.gif static.nid.naver.com/images/login/global/sns/desktop/	2 KB 2 KB	2146ms 278ms	Image image/gif	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/login/global/sns/desktop/sel_arr_2x.gif Requested by Host: gtdetailing.com.au URL: http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66 Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 14 Jul 2019 02:04:23 GMT Last-Modified Wed, 27 Jul 2016 07:09:12 GMT Server nginx ETag "57985e18-66a" Content-Type image/gif Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 1642 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	m lcs.naver.com/	43 B 512 B	1211ms 92ms	Image image/gif	203.104.163.21 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL http://lcs.naver.com/m?u=http%3A%2F%2Fgtdetailing.com.au%2Fwordpress%2Fwp-content%2Fu7jhhhhhhh%2Fnavernew%2Fnavernew%2Findex.php&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1563069859576&fetchStart=1563069859576&domainLookupStart=1563069859576&domainLookupEnd=1563069859577&connectStart=1563069859577&connectEnd=1563069860720&requestStart=1563069860720&responseStart=1563069860988&responseEnd=1563069860989&domLoading=1563069860991&domInteractive=1563069861403&domContentLoadedEventStart=1563069861403&domContentLoadedEventEnd=1563069861403&domComplete=1563069864088&loadEventStart=1563069864088&loadEventEnd=1563069864088&first-paint=1815.500000026077&first-contentful-paint=1815.500000026077&pid=0f2d3251dd6947ab95a46fb1abfee36e&ts=1563069864116&EOU Protocol HTTP/1.1 Security , , Server 203.104.163.21 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers Referer http://gtdetailing.com.au/wordpress/wp-content/u7jhhhhhhh/navernew/navernew/index.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 14 Jul 2019 02:04:25 GMT Server nginx P3P CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC" Cache-Control no-cache, no-store, must-revalidate, max-age=0 Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 01 Jan 1980 09:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| swap_social_menu function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect function| nclk function| nclk_clsnm function| nclk_chk function| nclk_if string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z string| b64map string| b64pad boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt object| keys object| keystr string| keyname string| evalue string| nvalue number| initEnc string| is_ipcheck undefined| enctp boolean| is_sid boolean| is_spw boolean| is_mid boolean| is_mpw undefined| browser number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol object| login_chk function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue string| id_error_msg string| pw_error_msg boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit number| smart_level boolean| isSet object| __core-js_shared__ object| __sofabfp_registry object| sofa object| porperties object| bvsd function| nclk_proxy function| nclk_v2 function| nclks_select function| lcs_get_lpid function| lcs_update_lpid string| lcs_version string| g_ssc string| lcs_SerName

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gtdetailing.com.au
lcs.naver.com
nid.naver.com
static.nid.naver.com
203.104.163.21
203.104.163.42
210.89.164.55
216.172.184.76
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
330c4a187a7f9364d6efe5a3b7dad0c2b6b05ce53738ff065fe5069a6669617d
448529c9d96881a4b1d52f60b7cbf00c375e9128915b697a820ee66f49c1293f
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc
905db5ffd37e33d5c5c796fcae5b16246547fc22f52d4304bb5d7ef9ecc40167
ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda