urlscan.io logo urlscan.io
SecurityTrails logo

remarkable-eclair-245249.netlify.app Open in urlscan Pro
2600:1f18:2489:8202::c8  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://remarkable-eclair-245249.netlify.app/
Submission: On April 15 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2600:1f18:2489:8202::c8, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is remarkable-eclair-245249.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on December 21st 2022. Valid for: a year.
This is the only time remarkable-eclair-245249.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

IP Address AS Autonomous System
1 2600:1f18:248... 14618 (AMAZON-AES)
4 223.130.195.168 23576 (NHN-AS-KR...)
3 184.29.128.196 16625 (AKAMAI-AS)
1 203.104.164.18 23576 (NHN-AS-KR...)
10 5
Apex Domain
Subdomains		 Transfer
5 naver.com
nid.naver.com — Cisco Umbrella Rank: 14902
lcs.naver.com — Cisco Umbrella Rank: 28638
26 KB
3 pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 13349
111 KB
1 netlify.app
remarkable-eclair-245249.netlify.app
5 KB
0 Failed
function sub() { [native code] }. Failed
10 4
Domain Requested by
4 nid.naver.com remarkable-eclair-245249.netlify.app
3 ssl.pstatic.net nid.naver.com
1 lcs.naver.com remarkable-eclair-245249.netlify.app
1 remarkable-eclair-245249.netlify.app
0 Failed remarkable-eclair-245249.netlify.app
10 5

This site contains links to these domains. Also see Links.

Domain
www.naver.com
help.naver.com
nid.naver.com
www.navercorp.com
Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-21 -
2024-01-21		 a year crt.sh
nid.naver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-25 -
2023-09-13		 a year crt.sh
ssl.pstatic.net
GeoTrust RSA CA 2018		 2022-09-06 -
2023-09-07		 a year crt.sh
cc.naver.com
GeoTrust RSA CA 2018		 2022-05-18 -
2023-06-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://remarkable-eclair-245249.netlify.app/
Frame ID: FA46A2DE7D29B758406E76582350A039
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Naver Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

10
Requests

90 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

142 kB
Transfer

241 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
remarkable-eclair-245249.netlify.app/ 		18 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:2489:8202::c8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
e4b15f3a6f4563091165af67a866fab241b78973f94a9553d63b125f9883be56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 15 Apr 2023 00:15:56 GMT
etag
"f80523176b570515295d9ff2fb7bdc06-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-nf-request-id
01GY149GEEWCAT3XM8Q6KBJGTB
w_20161104.css
nid.naver.com/login/css/global/desktop/ 		70 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nid.naver.com/login/css/global/desktop/w_20161104.css?dt=20170718
Requested by
Host: remarkable-eclair-245249.netlify.app
URL: https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
223.130.195.168 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
ca054697b26267fe3931c0d76df7a050230ca53f92bebdad727b195dd4bffc90

Request headers

accept-language
en-US,en;q=0.9
Referer
https://remarkable-eclair-245249.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
content-encoding
gzip
last-modified
Thu, 13 Apr 2023 08:52:29 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"6437c2cd-1164b"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/css
x-ua-compatible
IE=edge
e_20161104.css
nid.naver.com/login/css/global/desktop/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Requested by
Host: remarkable-eclair-245249.netlify.app
URL: https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
223.130.195.168 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
4d80aa5bdc94b5bb4da26187c29c7818f8355c1ead175a42bb6ca3e368148472

Request headers

accept-language
en-US,en;q=0.9
Referer
https://remarkable-eclair-245249.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
content-encoding
gzip
last-modified
Thu, 13 Apr 2023 08:52:29 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"6437c2cd-5bcf"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/css
x-ua-compatible
IE=edge
clickcr.js
nid.naver.com/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nid.naver.com/js/clickcr.js?140717
Requested by
Host: remarkable-eclair-245249.netlify.app
URL: https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
223.130.195.168 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
383b038cf3099d6eec1303bbb4dbe77dfda1a426e5d41d92802a0be3356cd332

Request headers

accept-language
en-US,en;q=0.9
Referer
https://remarkable-eclair-245249.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 03:00:00 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"5e7977b0-2601"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
application/javascript
x-ua-compatible
IE=edge
lcslog.js
nid.naver.com/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nid.naver.com/js/lcslog.js
Requested by
Host: remarkable-eclair-245249.netlify.app
URL: https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
223.130.195.168 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
c92b022eaae1cc65a32a924071032c6efcf2b4c8f462c75ed22c2e802052c638

Request headers

accept-language
en-US,en;q=0.9
Referer
https://remarkable-eclair-245249.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 03:00:00 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"5e7977b0-2a92"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
application/javascript
x-ua-compatible
IE=edge
common.all.js
/H%7C/secktor7/secktor7/pages/login/js/ 		0
0
pc_sp_login_170424.png
ssl.pstatic.net/static.gn/images/ui/login/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static.gn/images/ui/login/pc_sp_login_170424.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.29.128.196 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-196.deploy.static.akamaitechnologies.com
Software
Testa/6.1.1 /
Resource Hash
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.1
etag
"61812601-13ff8"
content-type
image/png
cache-control
max-age=70295
accept-ranges
bytes
content-length
81912
expires
Sat, 15 Apr 2023 19:47:33 GMT
sel_arr.gif
ssl.pstatic.net/static.gn/images/login/global/sns/desktop/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static.gn/images/login/global/sns/desktop/sel_arr.gif
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.29.128.196 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-196.deploy.static.akamaitechnologies.com
Software
Testa/6.1.1 /
Resource Hash
1708a58918cd4c3921e571726c848bad200fbcb8dc03adc374a1e35adf6c2b05

Request headers

accept-language
en-US,en;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.1
etag
"61812601-527"
content-type
image/gif
cache-control
max-age=74736
accept-ranges
bytes
content-length
1319
expires
Sat, 15 Apr 2023 21:01:34 GMT
pc_sp_btn_170530.png
ssl.pstatic.net/static.gn/images/ui/login/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static.gn/images/ui/login/pc_sp_btn_170530.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.29.128.196 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-196.deploy.static.akamaitechnologies.com
Software
Testa/6.1.1 /
Resource Hash
1d0c1b522fe3664b90b13d4cf5716d54a87084625ba2b2674b8cf4e5cae97107

Request headers

accept-language
en-US,en;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:15:58 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.1
etag
"61812601-7492"
content-type
image/png
cache-control
max-age=37686
accept-ranges
bytes
content-length
29842
expires
Sat, 15 Apr 2023 10:44:04 GMT
m
lcs.naver.com/ 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lcs.naver.com/m?u=https%3A%2F%2Fremarkable-eclair-245249.netlify.app%2F&e=&i=&os=Win32&ln=en-US&sr=1600x1200&bw=1600&bh=1200&c=24&j=N&jv=1.8&k=Y&fv=&sl=&ct=&p=Chrome%20PDF%20Plugin%3BChrome%20PDF%20Viewer%3BNative%20Client&EOU
Requested by
Host: remarkable-eclair-245249.netlify.app
URL: https://remarkable-eclair-245249.netlify.app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
203.104.164.18 , Singapore, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-US,en;q=0.9
Referer
https://remarkable-eclair-245249.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:15:58 GMT
server
nginx
p3p
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
43
expires
Tue, 01 Jan 1980 09:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
URL
file:///H%7C/secktor7/secktor7/pages/login/js/common.all.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| swap_social_menu string| disp_stat string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol undefined| login_chk function| persist_usage undefined| view_onetimeusage function| viewOnetime number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| nclks_select object| nclk boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers

1 Cookies

Domain/Path Name / Value
.naver.com/ Name: NNB
Value: LO45VF565Q4WI

1 Console Messages

Source Level URL
Text
javascript error URL: https://remarkable-eclair-245249.netlify.app/
Message:
Not allowed to load local resource: file:///H%7C/secktor7/secktor7/pages/login/js/common.all.js

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload