www.ksmrm.org Open in urlscan Pro
121.254.129.93 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ksmrm.org/upload/nlogin.inc
Submission: On February 20 via manual (February 20th 2024, 8:18:35 am UTC) from KR — Scanned from DE

Summary HTTP 2 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 121.254.129.93, located in Korea, Republic Of and belongs to LGDACOM LG DACOM Corporation, KR. The main domain is www.ksmrm.org.
TLS certificate: Issued by Thawte TLS RSA CA G1 on March 29th 2023. Valid for: a year.

This is the only time www.ksmrm.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	121.254.129.93 121.254.129.93	3786 (LGDACOM L...) (LGDACOM LG DACOM Corporation)
1	23.196.243.249 23.196.243.249	16625 (AKAMAI-AS) (AKAMAI-AS)
2	3

1 121.254.129.93 (Korea, Republic Of)

ASN3786 (LGDACOM LG DACOM Corporation, KR)

www.ksmrm.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.196.243.249 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-196-243-249.deploy.static.akamaitechnologies.com

ssl.pstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	pstatic.net ssl.pstatic.net — Cisco Umbrella Rank: 21146	65 KB
1	ksmrm.org www.ksmrm.org	150 KB
2	2

	Domain	Requested by
1	ssl.pstatic.net	www.ksmrm.org
1	www.ksmrm.org
2	2

This site contains links to these domains. Also see Links.

Domain
www.naver.com
nid.naver.com
m.site.naver.com
help.naver.com
www.navercorp.com

Subject Issuer	Validity	Valid
*.ksmrm.org Thawte TLS RSA CA G1	`2023-03-29` - `2024-04-05`	a year	crt.sh
ssl.pstatic.net GeoTrust RSA CA 2018	`2023-08-01` - `2024-08-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.ksmrm.org/upload/nlogin.inc
Frame ID: 5621A331019FAF27235D7E514C225761
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

네이버 : 로그인

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

215 kB
Transfer

234 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.naver.com/
Title: 본문 바로가기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/api/route?m=routePwInquiry&lang=ko_KR
Title: 비밀번호 찾기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/api/route?m=routeIdInquiry&lang=ko_KR
Title: 아이디 찾기

Search URL Search Domain Scan URL

URL: https://nid.naver.com/user2/V2Join?m=agree&lang=ko_KR
Title: 회원가입

Search URL Search Domain Scan URL

URL: https://m.site.naver.com/0PNGp

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/service.html
Title: 이용약관

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/privacy.html
Title: 개인정보처리방침

Search URL Search Domain Scan URL

URL: http://www.naver.com/rules/disclaimer.html
Title: 책임의 한계와 법적고지

Search URL Search Domain Scan URL

URL: https://help.naver.com/support/service/main.nhn?serviceNo=532
Title: 회원정보 고객센터

Search URL Search Domain Scan URL

URL: https://www.navercorp.com/
Title: 네이버

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
11 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request nlogin.inc Show response www.ksmrm.org/upload/	150 KB 150 KB	1770ms 302ms	Document text/html	121.254.129.93 LGDACOM LG DACOM ...
General Check archive.org Show headers Download Go to Full URL https://www.ksmrm.org/upload/nlogin.inc Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 121.254.129.93 , Korea, Republic Of, ASN3786 (LGDACOM LG DACOM Corporation, KR), Reverse DNS Software Apache / PHP/5.2.17 Resource Hash `edd259ea582ac8ec202059ed850160f3980a30341fb8d66886e883431394e450` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection close Content-Type text/html; charset=UTF-8 Date Tue, 20 Feb 2024 08:18:29 GMT Server Apache Transfer-Encoding chunked X-Powered-By PHP/5.2.17
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `85898ff4ec3e92c895887842ac06e533dc16e9379b15623c9c7e3602e24b408a` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	466 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `df94db865fd38c7d71ad3babc154fed8b0d316aeb7eef11386171ef4a82a8617` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1008 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a666663709be469e0d2ff52b483aa8588b2d1103fe165a9104c68f074cc46408` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `43b5012a59f2bb2fb2615a13d495381570b09b9f4b61bfd288fed0f037557352` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	897 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1e9e66fa79a4035f11e4e19fff92e0a236635933f6001f3c0952b9071c001753` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `02278b5570e9832428191c258f41e647f341e35504f6f102b57a3fb851db4b13` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	592 B 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `42581ff473a48daa78aeeaf3c6510c3b627f8100759d2a44b66db9a60faaa012` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	m_banner_qrcheckin_920.jpg ssl.pstatic.net/static/nid/login/banner/	65 KB 65 KB	360ms 12ms	Image image/jpeg	23.196.243.249 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pstatic.net/static/nid/login/banner/m_banner_qrcheckin_920.jpg Requested by Host: www.ksmrm.org URL: https://www.ksmrm.org/upload/nlogin.inc Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.196.243.249 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-196-243-249.deploy.static.akamaitechnologies.com Software Testa/6.1.4 / Resource Hash `d9e8bb6edada840a04fab1e17e14596fb9fcdea4019297a8596e887183829efc` Request headers accept-language de-DE,de;q=0.9 Referer https://www.ksmrm.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Tue, 20 Feb 2024 08:18:31 GMT referrer-policy unsafe-url last-modified Tue, 03 Aug 2021 07:50:31 GMT server Testa/6.1.4 content-type image/jpeg access-control-allow-origin * cache-control max-age=503777 accept-ranges bytes content-length 66137 expires Mon, 26 Feb 2024 04:14:48 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8ae9f780f05d3d47a9a386c4fc1a3ba830fef899048ef7ec42b591882f2b8e30` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f40771c72d27080836c36a80f0f6ced10cff5c37452d73ccb88ede84cfe6810` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b30a556bdb622f6a92dd0eacf17ff80c48d43e8ce41f5e7a436d9b46411af25e` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8219cf587c06e69e5e54b34e53cda2cab244c159eddebab42d43c3f5a0a95f32` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ssl.pstatic.net
www.ksmrm.org
121.254.129.93
23.196.243.249
02278b5570e9832428191c258f41e647f341e35504f6f102b57a3fb851db4b13
1e9e66fa79a4035f11e4e19fff92e0a236635933f6001f3c0952b9071c001753
42581ff473a48daa78aeeaf3c6510c3b627f8100759d2a44b66db9a60faaa012
43b5012a59f2bb2fb2615a13d495381570b09b9f4b61bfd288fed0f037557352
6f40771c72d27080836c36a80f0f6ced10cff5c37452d73ccb88ede84cfe6810
8219cf587c06e69e5e54b34e53cda2cab244c159eddebab42d43c3f5a0a95f32
85898ff4ec3e92c895887842ac06e533dc16e9379b15623c9c7e3602e24b408a
8ae9f780f05d3d47a9a386c4fc1a3ba830fef899048ef7ec42b591882f2b8e30
a666663709be469e0d2ff52b483aa8588b2d1103fe165a9104c68f074cc46408
b30a556bdb622f6a92dd0eacf17ff80c48d43e8ce41f5e7a436d9b46411af25e
d9e8bb6edada840a04fab1e17e14596fb9fcdea4019297a8596e887183829efc
df94db865fd38c7d71ad3babc154fed8b0d316aeb7eef11386171ef4a82a8617
edd259ea582ac8ec202059ed850160f3980a30341fb8d66886e883431394e450

www.ksmrm.org Open in urlscan Pro 121.254.129.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

215 kBTransfer

234 kBSize

0 Cookies

10 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

www.ksmrm.org Open in urlscan Pro
121.254.129.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

215 kB
Transfer

234 kB
Size

0
Cookies

2 HTTP transactions
11 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!