www.jurukapitonuasociacija.lt
Open in
urlscan Pro
79.98.29.32
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On July 18 via api from GB
Summary
This is the only time www.jurukapitonuasociacija.lt was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 79.98.29.32 79.98.29.32 | 62282 (RACKRAY U...) (RACKRAY UAB Rakrejus) | |
2 | 203.104.163.42 203.104.163.42 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
3 | 210.89.164.55 210.89.164.55 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
2 | 23.89.198.13 23.89.198.13 | 18978 (ENZUINC-US) (ENZUINC-US - Enzu Inc) | |
1 | 203.104.163.21 203.104.163.21 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
9 | 5 |
ASN62282 (RACKRAY UAB Rakrejus, LT)
PTR: rododendras.serveriai.lt
www.jurukapitonuasociacija.lt |
ASN18978 (ENZUINC-US - Enzu Inc, US)
PTR: srvrn.bwh.net.br
www.goodsellmall.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
naver.com
nid.naver.com static.nid.naver.com lcs.naver.com |
121 KB |
3 |
jurukapitonuasociacija.lt
2 redirects
www.jurukapitonuasociacija.lt |
5 KB |
2 |
goodsellmall.com
www.goodsellmall.com |
|
9 | 3 |
Domain | Requested by | |
---|---|---|
3 | static.nid.naver.com |
www.jurukapitonuasociacija.lt
|
3 | www.jurukapitonuasociacija.lt | 2 redirects |
2 | www.goodsellmall.com |
www.jurukapitonuasociacija.lt
|
2 | nid.naver.com |
www.jurukapitonuasociacija.lt
|
1 | lcs.naver.com | |
9 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.naver.com |
help.naver.com |
nid.naver.com |
www.navercorp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nid.naver.com COMODO RSA Extended Validation Secure Server CA |
2017-08-25 - 2019-08-31 |
2 years | crt.sh |
static.nid.naver.com GeoTrust RSA CA 2018 |
2019-01-30 - 2021-01-29 |
2 years | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart
Frame ID: 4D45C28D179BABBDCCE42981AE7E09E8
Requests: 9 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: NAVER
Search URL Search Domain Scan URL
Title: View help
Search URL Search Domain Scan URL
Title: Username
Search URL Search Domain Scan URL
Title: Password?
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: naver
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://www.jurukapitonuasociacija.lt/login/js/common.all.js?141216 HTTP 301
- http://www.goodsellmall.com/
- http://www.jurukapitonuasociacija.lt/login/js/bvsd.1.3.4.min.js HTTP 301
- http://www.goodsellmall.com/
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
error.php
www.jurukapitonuasociacija.lt/wp-content/09/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w_20190613.css
nid.naver.com/login/css/global/desktop/ |
95 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sp_u_skip.png
static.nid.naver.com/images/web/user/ |
967 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pc_sp_login_190522.png
static.nid.naver.com/images/ui/login/ |
88 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sel_arr_2x.gif
static.nid.naver.com/images/login/global/sns/desktop/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.goodsellmall.com/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.goodsellmall.com/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lcs_nclicks.js
nid.naver.com/login/js/ |
38 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m
lcs.naver.com/ |
43 B 512 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| swap_social_menu string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol undefined| login_chk function| isOldIE function| persist_usage undefined| view_onetimeusage function| viewOnetime function| selectItemByValue undefined| id_error_msg undefined| pw_error_msg undefined| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit object| porperties function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version string| g_ssc string| ccsrv string| lcs_SerName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lcs.naver.com
nid.naver.com
static.nid.naver.com
www.goodsellmall.com
www.jurukapitonuasociacija.lt
203.104.163.21
203.104.163.42
210.89.164.55
23.89.198.13
79.98.29.32
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc
ca54dfd937fb4650007e8ffb7a52ddd28a3ff0b620bae2c0bb6643b7001a2342
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed8f1904fb484b405ea30200281d1365739cd24f8e89d5178c3db13f681a14c3