ksa-walaem.com
Open in
urlscan Pro
212.83.131.231
Malicious Activity!
Public Scan
Submission: On April 05 via automatic, source openphish
Summary
This is the only time ksa-walaem.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Daum (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 212.83.131.231 212.83.131.231 | 12876 (AS12876) (AS12876) | |
10 | 211.231.99.82 211.231.99.82 | 38099 (KAKAO-AS-...) (KAKAO-AS-KR Kakao Corp) | |
2 | 203.217.227.141 203.217.227.141 | 9764 (DAUM-NET ...) (DAUM-NET Kakao Corp) | |
1 2 | 27.0.237.18 27.0.237.18 | 38099 (KAKAO-AS-...) (KAKAO-AS-KR Kakao Corp) | |
1 | 203.133.167.12 203.133.167.12 | 9764 (DAUM-NET ...) (DAUM-NET Kakao Corp) | |
2 | 148.253.246.77 148.253.246.77 | 36408 (CDNETWORK...) (CDNETWORKSUS-02 - CDNetworks Inc.) | |
19 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
daum.net
logins.daum.net display.ad.daum.net |
4 KB |
4 |
daumcdn.net
s1.daumcdn.net t1.daumcdn.net |
43 KB |
3 |
ksa-walaem.com
ksa-walaem.com |
12 KB |
2 |
kakao.com
1 redirects
developers.kakao.com |
38 KB |
19 | 4 |
Domain | Requested by | |
---|---|---|
10 | logins.daum.net |
ksa-walaem.com
|
3 | ksa-walaem.com |
ksa-walaem.com
|
2 | t1.daumcdn.net |
ksa-walaem.com
|
2 | developers.kakao.com |
1 redirects
ksa-walaem.com
|
2 | s1.daumcdn.net |
ksa-walaem.com
|
1 | display.ad.daum.net |
ksa-walaem.com
|
19 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.daum.net |
member.daum.net |
www.kakaocorp.com |
cs.daum.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
logins.daum.net DigiCert SHA2 Extended Validation Server CA |
2018-05-18 - 2020-05-21 |
2 years | crt.sh |
*.daumcdn.net Thawte TLS RSA CA G1 |
2018-07-09 - 2020-10-08 |
2 years | crt.sh |
*.kakao.com Thawte TLS RSA CA G1 |
2018-07-09 - 2020-10-08 |
2 years | crt.sh |
ad.daum.net Thawte TLS RSA CA G1 |
2018-12-11 - 2021-02-08 |
2 years | crt.sh |
krssl.cdngc.net DigiCert SHA2 High Assurance Server CA |
2019-04-05 - 2020-07-27 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://ksa-walaem.com/da/daum.htm
Frame ID: 97A941C71A02BCA79F367EA89EBC19FB
Requests: 18 HTTP requests in this frame
Frame:
https://display.ad.daum.net/imp?slotid=00Y28
Frame ID: 1D68F40E3BFA69A7E15D2A5A79000A96
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
SWFObject (Miscellaneous) Expand
Detected patterns
- script /swfobject.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: DAUM
Search URL Search Domain Scan URL
Title: 회원가입
Search URL Search Domain Scan URL
Title: 아이디 찾기
Search URL Search Domain Scan URL
Title: 비밀번호 찾기
Search URL Search Domain Scan URL
Title: © Kakao Corp.
Search URL Search Domain Scan URL
Title: 고객센터
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- http://developers.kakao.com/sdk/js/kakao.min.js HTTP 301
- https://developers.kakao.com/sdk/js/kakao.min.js
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
daum.htm
ksa-walaem.com/da/ |
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pc.css
logins.daum.net/contents/min/css/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font_pc.css
logins.daum.net/contents/min/css/ |
452 B 673 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.10.2.min.js
s1.daumcdn.net/svc/original/U03/cssjs/jquery/ |
91 KB 36 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie-1.3.1.min.js
s1.daumcdn.net/svc/original/U03/cssjs/jquery/plugin/ |
1000 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-init.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-all.js
ksa-walaem.com/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swfobject.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginform.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form-resize.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kakao.min.js
developers.kakao.com/sdk/js/ Redirect Chain
|
105 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
imp
display.ad.daum.net/ Frame 1D68 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_daum.png
t1.daumcdn.net/id/logins/2016/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ico_login_161130.gif
t1.daumcdn.net/id/logins/2016/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-init.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-all.js
ksa-walaem.com/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swfobject.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginform.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form-resize.js
logins.daum.net/min/js/2.4/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Daum (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| submitform function| validate function| $ function| jQuery function| _typeof object| Kakao1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ad.daum.net/ | Name: aid Value: 1c8043e6fc9a4c09930823558190b63f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
developers.kakao.com
display.ad.daum.net
ksa-walaem.com
logins.daum.net
s1.daumcdn.net
t1.daumcdn.net
148.253.246.77
203.133.167.12
203.217.227.141
211.231.99.82
212.83.131.231
27.0.237.18
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
26450dab38e7901205bc3da8baf0b6421917ce504d0b3002f20595abe17eddb9
36403324611cc97d65951340619761abee806ea6e573f219e49e4c7163816ec0
41ce6750eceade787cc0392e2786fb9664b170b5a08eff0663931dbaf4003ad9
4f234a86fb6a1fe1b2469288e98bd05d47cfc74def411ff67a106bc733caee59
b087fc621c378afcba0a8629c65ac34fc9fb8a6288e9ce50401be990815edc0b
da5f569022b8228ab411e3561313fdd82273ddbe20267d1e00b0f727e0da678c
e59bba1708d06698afe08ebc4c9ce3c9a14e1fca0d7826e824bd6ed04a153b54