45.76.206.204
Open in
urlscan Pro
45.76.206.204
Malicious Activity!
Public Scan
Submission: On February 20 via api from KR — Scanned from JP
Summary
This is the only time 45.76.206.204 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 45.76.206.204 45.76.206.204 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
6 | 23.32.13.29 23.32.13.29 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 110.93.151.132 110.93.151.132 | 23576 (NHN-AS-KR...) (NHN-AS-KR NAVER Cloud Corp.) | |
12 | 3 |
ASN20473 (AS-CHOOPA, US)
PTR: 45.76.206.204.vultrusercontent.com
45.76.206.204 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-32-13-29.deploy.static.akamaitechnologies.com
ssl.pstatic.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 21146 |
306 KB |
1 |
naver.com
lcs.naver.com — Cisco Umbrella Rank: 42178 |
575 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
6 | ssl.pstatic.net |
45.76.206.204
ssl.pstatic.net |
1 | lcs.naver.com | |
12 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.naver.com |
help.naver.com |
www.navercorp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssl.pstatic.net GeoTrust RSA CA 2018 |
2023-08-01 - 2024-08-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://45.76.206.204/login.php
Frame ID: 440DA4ABDD003FDC929D13C556D3D5DC
Requests: 12 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: 본문 바로가기
Search URL Search Domain Scan URL
Title: 이용약관
Search URL Search Domain Scan URL
Title: 개인정보처리방침
Search URL Search Domain Scan URL
Title: 책임의 한계와 법적고지
Search URL Search Domain Scan URL
Title: 회원정보 고객센터
Search URL Search Domain Scan URL
Title: 네이버
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
45.76.206.204/ |
10 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
w_20220216.css
45.76.206.204/css/global/desktop/ |
36 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfp-sdk.js
ssl.pstatic.net/tveta/libs/glad/prod/2.19.0/ |
269 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfp-ext-nda.js
ssl.pstatic.net/tveta/libs/glad/prod/2.19.0/ |
48 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bvsd.1.3.9.min.js
45.76.206.204/js/ |
103 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfp-core.js
ssl.pstatic.net/tveta/libs/glad/prod/ |
47 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common_202201.js
45.76.206.204/js/v2/default/ |
97 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default_202105.js
45.76.206.204/js/v2/default/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m_sp_00_common_978240a6.png
ssl.pstatic.net/static/nid/login/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m_sp_01_login_008d5216.png
ssl.pstatic.net/static/nid/login/ |
83 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gfp-sdk.js
ssl.pstatic.net/tveta/libs/glad/prod/2.23.0/ |
276 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m
lcs.naver.com/ |
43 B 575 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)204 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| __core-js_shared__ object| __sofabfp_registry object| sofa function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale function| normal function| show function| hide function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck function| ipCheckonClick boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| swap_social_menu function| isOldIE function| selectItemByValue boolean| inSubmitProgress function| confirmSplitSubmit boolean| timeoutCall function| doTimeoutLogin function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit function| ncaptchaInit function| doBUK function| goNotAdult boolean| already_submit function| loginAndDeviceAdd function| selectEvt function| useForm function| getNumberEscZero function| confirmAbroadContactSubmit function| confirmCaptchaSubmit function| confirmCaptchaSplitSubmit function| reCaptcha function| changeCaptchaMode object| playTimer function| clearAudio function| playSoundCaptcha function| goPage function| confirmNumberSubmit function| isNumberValidate function| initcheck function| u_skip function| help_ip_popup function| isIpSecBlockEnv function| isUnderChromeVersion function| isObjExist function| addNclicksEvent function| addNormalEvent function| addNormalEventWithType function| getObjValue function| makeScroll function| isPrivateMode function| privateModeCheck function| idLogin function| onetimeLogin function| qrlogin function| checkProxy undefined| g_ssc undefined| ccsrv object| targetElement string| pageDirective function| showBanner string| id_error_msg string| pw_error_msg string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol number| soundDelay function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version function| ES6Promise boolean| isSet object| gladsdk undefined| focusPw undefined| idElement undefined| id_line undefined| pwElement undefined| pw_line function| nolink number| smart_level object| gladSdkJsonp object| regeneratorRuntime string| lcs_SerName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
lcs.naver.com
ssl.pstatic.net
110.93.151.132
23.32.13.29
45.76.206.204
07c8d442815b3145c40ab0a920a11f87375b05c78ba358294bd46eeeae79af92
19b1496c1ed430d025fddb0eebc89c9523eeb9faf46a9bab1a4b0b4aa862bb75
1bf14b8b72b6a63f58405cf21a1954a75b85b00c85fec19bc784d33f6c8e4a64
1d1382f280c7782330b9d62917857e6da1873a132b73fde9f81deaa55475956c
3b6cd40d55b97574ac24be1789542ff37b2afa7513475c5756401bf658158d0c
3be89f766c6a9ac418ec1c6f33dc7a24607a6e067c0731e77b8cc01fb3355bc7
3f692b696236fa575df3c448df1b9c3156ecf730249f63ddeff7a417d55d8a06
3f881de4a84966097a34e7398354b3c07866bae0cc4e315a1b5b70d1dd37443c
4abab68f12bf85548d8f33d7cee7a1e5afce2a0d20d6db68fe7d74bfeb490a87
5098d987b05c8648e1855e7f816060421ab329ae1192d02d529a2e2c3f36070e
cf053a15a2a0d9632a41bccc9c898a829726b392907a3708f879c25910c44dba
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda