![](/screenshots/658a42ec-2b88-4646-9cf3-199fb210d2cb.png)
remarkable-eclair-245249.netlify.app
Open in
urlscan Pro
2600:1f18:2489:8202::c8
Malicious Activity!
Public Scan
Submission: On April 15 via api from US — Scanned from US
Summary
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on December 21st 2022. Valid for: a year.
This is the only time remarkable-eclair-245249.netlify.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2600:1f18:248... 2600:1f18:2489:8202::c8 | 14618 (AMAZON-AES) (AMAZON-AES) | |
4 | 223.130.195.168 223.130.195.168 | 23576 (NHN-AS-KR...) (NHN-AS-KR NAVER Cloud Corp.) | |
3 | 184.29.128.196 184.29.128.196 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 203.104.164.18 203.104.164.18 | 23576 (NHN-AS-KR...) (NHN-AS-KR NAVER Cloud Corp.) | |
10 | 5 |
ASN14618 (AMAZON-AES, US)
remarkable-eclair-245249.netlify.app |
ASN16625 (AKAMAI-AS, US)
PTR: a184-29-128-196.deploy.static.akamaitechnologies.com
ssl.pstatic.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
naver.com
nid.naver.com — Cisco Umbrella Rank: 14902 lcs.naver.com — Cisco Umbrella Rank: 28638 |
26 KB |
3 |
pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 13349 |
111 KB |
1 |
netlify.app
remarkable-eclair-245249.netlify.app |
5 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
10 | 4 |
Domain | Requested by | |
---|---|---|
4 | nid.naver.com |
remarkable-eclair-245249.netlify.app
|
3 | ssl.pstatic.net |
nid.naver.com
|
1 | lcs.naver.com |
remarkable-eclair-245249.netlify.app
|
1 | remarkable-eclair-245249.netlify.app | |
0 | Failed |
remarkable-eclair-245249.netlify.app
|
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.naver.com |
help.naver.com |
nid.naver.com |
www.navercorp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-12-21 - 2024-01-21 |
a year | crt.sh |
nid.naver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-08-25 - 2023-09-13 |
a year | crt.sh |
ssl.pstatic.net GeoTrust RSA CA 2018 |
2022-09-06 - 2023-09-07 |
a year | crt.sh |
cc.naver.com GeoTrust RSA CA 2018 |
2022-05-18 - 2023-06-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://remarkable-eclair-245249.netlify.app/
Frame ID: FA46A2DE7D29B758406E76582350A039
Requests: 10 HTTP requests in this frame
11 Outgoing links
These are links going to different origins than the main page.
Title: NAVER
Search URL Search Domain Scan URL
Title: 도움말보기
Search URL Search Domain Scan URL
Title: Username
Search URL Search Domain Scan URL
Title: Password?
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Line
Search URL Search Domain Scan URL
Title: Weibo
Search URL Search Domain Scan URL
Title: Wechat
Search URL Search Domain Scan URL
Title: naver
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
remarkable-eclair-245249.netlify.app/ |
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w_20161104.css
nid.naver.com/login/css/global/desktop/ |
70 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e_20161104.css
nid.naver.com/login/css/global/desktop/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clickcr.js
nid.naver.com/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lcslog.js
nid.naver.com/js/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
common.all.js
/H%7C/secktor7/secktor7/pages/login/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pc_sp_login_170424.png
ssl.pstatic.net/static.gn/images/ui/login/ |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sel_arr.gif
ssl.pstatic.net/static.gn/images/login/global/sns/desktop/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pc_sp_btn_170530.png
ssl.pstatic.net/static.gn/images/ui/login/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
lcs.naver.com/ |
43 B 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)70 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| swap_social_menu string| disp_stat string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol undefined| login_chk function| persist_usage undefined| view_onetimeusage function| viewOnetime number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| nclks_select object| nclk boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.naver.com/ | Name: NNB Value: LO45VF565Q4WI |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lcs.naver.com
nid.naver.com
remarkable-eclair-245249.netlify.app
ssl.pstatic.net
184.29.128.196
203.104.164.18
223.130.195.168
2600:1f18:2489:8202::c8
1708a58918cd4c3921e571726c848bad200fbcb8dc03adc374a1e35adf6c2b05
1d0c1b522fe3664b90b13d4cf5716d54a87084625ba2b2674b8cf4e5cae97107
383b038cf3099d6eec1303bbb4dbe77dfda1a426e5d41d92802a0be3356cd332
4d80aa5bdc94b5bb4da26187c29c7818f8355c1ead175a42bb6ca3e368148472
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc
c92b022eaae1cc65a32a924071032c6efcf2b4c8f462c75ed22c2e802052c638
ca054697b26267fe3931c0d76df7a050230ca53f92bebdad727b195dd4bffc90
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e4b15f3a6f4563091165af67a866fab241b78973f94a9553d63b125f9883be56