www.jurukapitonuasociacija.lt Open in urlscan Pro
79.98.29.32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart
Submission Tags: @ipnigh
Submission: On July 18 via api (July 18th 2019, 3:06:04 am UTC) from GB

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 3 domains to perform 9 HTTP transactions. The main IP is 79.98.29.32, located in Lithuania and belongs to RACKRAY UAB Rakrejus, LT. The main domain is www.jurukapitonuasociacija.lt.

This is the only time www.jurukapitonuasociacija.lt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 3	79.98.29.32 79.98.29.32	62282 (RACKRAY U...) (RACKRAY UAB Rakrejus)
2	203.104.163.42 203.104.163.42	23576 (NHN-AS-KR...) (NHN-AS-KR NBP)
3	210.89.164.55 210.89.164.55	23576 (NHN-AS-KR...) (NHN-AS-KR NBP)
2	23.89.198.13 23.89.198.13	18978 (ENZUINC-US) (ENZUINC-US - Enzu Inc)
1	203.104.163.21 203.104.163.21	23576 (NHN-AS-KR...) (NHN-AS-KR NBP)
9	5

3 79.98.29.32 (Lithuania) 2 redirects

ASN62282 (RACKRAY UAB Rakrejus, LT)
PTR: rododendras.serveriai.lt

www.jurukapitonuasociacija.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 203.104.163.42 (Singapore)

ASN23576 (NHN-AS-KR NBP, KR)

nid.naver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 210.89.164.55 (Korea, Republic Of)

ASN23576 (NHN-AS-KR NBP, KR)

static.nid.naver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.89.198.13 (Miami, United States)

ASN18978 (ENZUINC-US - Enzu Inc, US)
PTR: srvrn.bwh.net.br

www.goodsellmall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 203.104.163.21 (Singapore)

ASN23576 (NHN-AS-KR NBP, KR)

lcs.naver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	naver.com nid.naver.com static.nid.naver.com lcs.naver.com	121 KB
3	jurukapitonuasociacija.lt 2 redirects www.jurukapitonuasociacija.lt	5 KB
2	goodsellmall.com www.goodsellmall.com
9	3

	Domain	Requested by
3	static.nid.naver.com	www.jurukapitonuasociacija.lt
3	www.jurukapitonuasociacija.lt	2 redirects
2	www.goodsellmall.com	www.jurukapitonuasociacija.lt
2	nid.naver.com	www.jurukapitonuasociacija.lt
1	lcs.naver.com
9	5

This site contains links to these domains. Also see Links.

Domain
www.naver.com
help.naver.com
nid.naver.com
www.navercorp.com

Subject Issuer	Validity	Valid
nid.naver.com COMODO RSA Extended Validation Secure Server CA	`2017-08-25` - `2019-08-31`	2 years	crt.sh
static.nid.naver.com GeoTrust RSA CA 2018	`2019-01-30` - `2021-01-29`	2 years	crt.sh
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh

This page contains 1 frames:

Primary Page: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart
Frame ID: 4D45C28D179BABBDCCE42981AE7E09E8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

4
Countries

125 kB
Transfer

237 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: http://www.naver.com/
Title: NAVER

Search URL Search Domain Scan URL

URL: https://help.naver.com/support/contents/contents.nhn?serviceNo=532&categoryNo=1523
Title: View help

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user/help.nhn?todo=idinquiry&lang=en_US
Title: Username

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user/help.nhn?todo=pwinquiry&lang=en_US
Title: Password?

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user/join.html?lang=en_US
Title: Sign up

Search URL Search Domain Scan URL

URL: http://www.navercorp.com/
Title: naver

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://www.jurukapitonuasociacija.lt/login/js/common.all.js?141216 HTTP 301
http://www.goodsellmall.com/

Request Chain 5

http://www.jurukapitonuasociacija.lt/login/js/bvsd.1.3.4.min.js HTTP 301
http://www.goodsellmall.com/

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request error.php Show response www.jurukapitonuasociacija.lt/wp-content/09/	14 KB 4 KB	62ms 62ms	Document text/html	79.98.29.32 RACKRAY UAB Rakrejus
General Check archive.org Show headers Download Go to Full URL http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Server 79.98.29.32 , Lithuania, ASN62282 (RACKRAY UAB Rakrejus, LT), Reverse DNS rododendras.serveriai.lt Software Apache / Resource Hash `ca54dfd937fb4650007e8ffb7a52ddd28a3ff0b620bae2c0bb6643b7001a2342` Request headers Host www.jurukapitonuasociacija.lt Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 18 Jul 2019 03:05:47 GMT Server Apache Connection Upgrade, Keep-Alive Vary Accept-Encoding Content-Encoding gzip Keep-Alive timeout=2, max=100 Transfer-Encoding chunked Content-Type text/html
GET H2	200	w_20190613.css nid.naver.com/login/css/global/desktop/	95 KB 18 KB	17ms 16ms	Stylesheet text/css	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/css/global/desktop/w_20190613.css Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `ed8f1904fb484b405ea30200281d1365739cd24f8e89d5178c3db13f681a14c3` Request headers Referer http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 18 Jul 2019 03:05:47 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-17c40" vary Accept-Encoding content-type text/css status 200
GET H/1.1	200 OK	sp_u_skip.png static.nid.naver.com/images/web/user/	967 B 1 KB	273ms 272ms	Image image/png	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/web/user/sp_u_skip.png Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46` Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20190613.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 18 Jul 2019 03:05:48 GMT Last-Modified Mon, 11 Apr 2016 11:25:27 GMT Server nginx ETag "570b89a7-3c7" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 967 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	pc_sp_login_190522.png static.nid.naver.com/images/ui/login/	88 KB 89 KB	548ms 547ms	Image image/png	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/ui/login/pc_sp_login_190522.png Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc` Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20190613.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 18 Jul 2019 03:05:48 GMT Last-Modified Mon, 27 May 2019 09:38:16 GMT Server nginx ETag "5cebb008-16124" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 90404 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	sel_arr_2x.gif static.nid.naver.com/images/login/global/sns/desktop/	2 KB 2 KB	540ms 266ms	Image image/gif	210.89.164.55 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/login/global/sns/desktop/sel_arr_2x.gif Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66` Request headers Referer https://nid.naver.com/login/css/global/desktop/w_20190613.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 18 Jul 2019 03:05:48 GMT Last-Modified Wed, 27 Jul 2016 07:09:12 GMT Server nginx ETag "57985e18-66a" Content-Type image/gif Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 1642 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	/ Show response www.goodsellmall.com/ Redirect Chain http://www.jurukapitonuasociacija.lt/login/js/common.all.js?141216 http://www.goodsellmall.com/	0 0	120ms 119ms	Script text/html	23.89.198.13 Enzu Inc
General Check archive.org Show headers Download Go to Full URL http://www.goodsellmall.com/ Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Security , , Server 23.89.198.13 Miami, United States, ASN18978 (ENZUINC-US - Enzu Inc, US), Reverse DNS srvrn.bwh.net.br Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Redirect headers Date Thu, 18 Jul 2019 03:05:47 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Location http://www.goodsellmall.com Cache-Control no-cache, must-revalidate, max-age=0 Connection Upgrade, Keep-Alive Keep-Alive timeout=2, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	/ Show response www.goodsellmall.com/ Redirect Chain http://www.jurukapitonuasociacija.lt/login/js/bvsd.1.3.4.min.js http://www.goodsellmall.com/	0 0	120ms 120ms	Script text/html	23.89.198.13 Enzu Inc
General Check archive.org Show headers Download Go to Full URL http://www.goodsellmall.com/ Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol HTTP/1.1 Security , , Server 23.89.198.13 Miami, United States, ASN18978 (ENZUINC-US - Enzu Inc, US), Reverse DNS srvrn.bwh.net.br Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Redirect headers Date Thu, 18 Jul 2019 03:05:47 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Location http://www.goodsellmall.com Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Keep-Alive timeout=2, max=99 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	lcs_nclicks.js Show response nid.naver.com/login/js/	38 KB 11 KB	17ms 15ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/lcs_nclicks.js?dt=20190122 Requested by Host: www.jurukapitonuasociacija.lt URL: http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f` Request headers Referer http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 18 Jul 2019 03:05:47 GMT content-encoding gzip last-modified Tue, 18 Jun 2019 05:34:22 GMT server nginx etag W/"5d0877de-9620" vary Accept-Encoding content-type application/javascript status 200
GET H/1.1	200 OK	m lcs.naver.com/	43 B 512 B	14ms 13ms	Image image/gif	203.104.163.21 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL http://lcs.naver.com/m?u=http%3A%2F%2Fwww.jurukapitonuasociacija.lt%2Fwp-content%2F09%2Ferror.php%3Femail%3Djkautopart&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1563419147771&fetchStart=1563419147771&domainLookupStart=1563419147771&domainLookupEnd=1563419147771&connectStart=1563419147771&connectEnd=1563419147771&requestStart=1563419147772&responseStart=1563419147834&responseEnd=1563419147921&domLoading=1563419147837&domInteractive=1563419149273&domContentLoadedEventStart=1563419149273&domContentLoadedEventEnd=1563419149273&domComplete=1563419149273&loadEventStart=1563419149273&loadEventEnd=1563419149273&first-paint=103.1700000166893&first-contentful-paint=103.1700000166893&pid=77afcef819ff7db8bad4c0c4d14db03c&ts=1563419149296&EOU Protocol HTTP/1.1 Security , , Server 203.104.163.21 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash `cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda` Request headers Referer http://www.jurukapitonuasociacija.lt/wp-content/09/error.php?email=jkautopart User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Thu, 18 Jul 2019 03:05:49 GMT Server nginx P3P CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC" Cache-Control no-cache, no-store, must-revalidate, max-age=0 Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 01 Jan 1980 09:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lcs.naver.com
nid.naver.com
static.nid.naver.com
www.goodsellmall.com
www.jurukapitonuasociacija.lt
203.104.163.21
203.104.163.42
210.89.164.55
23.89.198.13
79.98.29.32
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc
ca54dfd937fb4650007e8ffb7a52ddd28a3ff0b620bae2c0bb6643b7001a2342
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed8f1904fb484b405ea30200281d1365739cd24f8e89d5178c3db13f681a14c3

www.jurukapitonuasociacija.lt Open in urlscan Pro 79.98.29.32 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

56 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

5 IPs

4 Countries

125 kBTransfer

237 kBSize

0 Cookies

6 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

37 JavaScript Global Variables

0 Cookies

Indicators

www.jurukapitonuasociacija.lt Open in urlscan Pro
79.98.29.32 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

4
Countries

125 kB
Transfer

237 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!