nidlogin.nidcorp.n-e.kr
Open in
urlscan Pro
27.102.107.63
Malicious Activity!
Public Scan
Effective URL: https://nidlogin.nidcorp.n-e.kr/index.php?page=ZnJvZ2dpMTk3MA==&p=dmlwLzEwMDAvMTAwMQ==&u=https%3A%2F%2Fnid.naver.com%2Fnidlogin....
Submission: On January 15 via manual from KR
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 19th 2020. Valid for: 3 months.
This is the only time nidlogin.nidcorp.n-e.kr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 6 | 27.102.107.63 27.102.107.63 | 45996 (GNJ-AS-KR...) (GNJ-AS-KR DAOU TECHNOLOGY) | |
2 | 210.89.164.55 210.89.164.55 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
1 | 104.76.200.185 104.76.200.185 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 203.104.163.21 203.104.163.21 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
9 | 4 |
ASN45996 (GNJ-AS-KR DAOU TECHNOLOGY, KR)
nidlogin.nidcorp.n-e.kr |
ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-185.deploy.static.akamaitechnologies.com
ssl.pstatic.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
n-e.kr
1 redirects
nidlogin.nidcorp.n-e.kr |
302 KB |
3 |
naver.com
static.nid.naver.com lcs.naver.com |
90 KB |
1 |
pstatic.net
ssl.pstatic.net |
18 KB |
1 |
bit.ly
1 redirects
bit.ly |
352 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
6 | nidlogin.nidcorp.n-e.kr |
1 redirects
nidlogin.nidcorp.n-e.kr
|
2 | static.nid.naver.com |
nidlogin.nidcorp.n-e.kr
|
1 | lcs.naver.com | |
1 | ssl.pstatic.net |
nidlogin.nidcorp.n-e.kr
|
1 | bit.ly | 1 redirects |
9 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nidlogin.nidcorp.n-e.kr ZeroSSL RSA Domain Secure Site CA |
2020-12-19 - 2021-03-19 |
3 months | crt.sh |
static.nid.naver.com GeoTrust RSA CA 2018 |
2019-01-30 - 2021-01-29 |
2 years | crt.sh |
ssl.pstatic.net GeoTrust RSA CA 2018 |
2020-11-18 - 2021-05-30 |
6 months | crt.sh |
cc.naver.com GeoTrust RSA CA 2018 |
2020-06-02 - 2022-06-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://nidlogin.nidcorp.n-e.kr/index.php?page=ZnJvZ2dpMTk3MA==&p=dmlwLzEwMDAvMTAwMQ==&u=https%3A%2F%2Fnid.naver.com%2Fnidlogin.login%3Fmode%3Dform%26url%3Dhttps%253A%252F%252Fnid.naver.com%252Fuser2%252Fhelp%252FmyInfo.nhn%253Fm%253DviewChangePasswd%2526lang%253Dko_KR%2526s%253DUFFVIYNjqZkX0H9odzNA8yZPfKh6xgxh089W5oYvmfCJimx1VxwFCuvy7FXyGMS0%2526nhn%253D1
Frame ID: B3FABAFC58669B737BB36E305B8508D4
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/3sj9aKx
HTTP 301
https://nidlogin.nidcorp.n-e.kr/?s=UFFVIYNjqZkX0H9odzNA8yZPfKh6xgxh089W5oYvmfCJimx1VxwFCuvy7FXyGMS0&page=ZnJ... HTTP 302
https://nidlogin.nidcorp.n-e.kr/index.php?page=ZnJvZ2dpMTk3MA==&p=dmlwLzEwMDAvMTAwMQ==&u=https%3A%2F%2Fnid.n... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /Win32|Win64/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3sj9aKx
HTTP 301
https://nidlogin.nidcorp.n-e.kr/?s=UFFVIYNjqZkX0H9odzNA8yZPfKh6xgxh089W5oYvmfCJimx1VxwFCuvy7FXyGMS0&page=ZnJvZ2dpMTk3MA==&p=dmlwLzEwMDAvMTAwMQ==&nhn=1 HTTP 302
https://nidlogin.nidcorp.n-e.kr/index.php?page=ZnJvZ2dpMTk3MA==&p=dmlwLzEwMDAvMTAwMQ==&u=https%3A%2F%2Fnid.naver.com%2Fnidlogin.login%3Fmode%3Dform%26url%3Dhttps%253A%252F%252Fnid.naver.com%252Fuser2%252Fhelp%252FmyInfo.nhn%253Fm%253DviewChangePasswd%2526lang%253Dko_KR%2526s%253DUFFVIYNjqZkX0H9odzNA8yZPfKh6xgxh089W5oYvmfCJimx1VxwFCuvy7FXyGMS0%2526nhn%253D1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
nidlogin.nidcorp.n-e.kr/ Redirect Chain
|
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
nidlogin.nidcorp.n-e.kr/ |
93 KB 94 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
nidlogin.nidcorp.n-e.kr/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
nidlogin.nidcorp.n-e.kr/ |
99 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.php
nidlogin.nidcorp.n-e.kr/ |
2 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sp_u_skip.png
static.nid.naver.com/images/web/user/ |
967 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pc_sp_login_190522.png
static.nid.naver.com/images/ui/login/ |
88 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pc_qr_once.png
ssl.pstatic.net/static/nid/login/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
lcs.naver.com/ |
43 B 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)241 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| __core-js_shared__ object| __sofabfp_registry object| sofa function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale function| normal function| onetime function| qrlogin function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| swap_social_menu function| isOldIE function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue boolean| inSubmitProgress function| confirmSplitSubmit function| getPostVars function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit function| ncaptchaInit function| doBUK function| goNotAdult boolean| already_submit function| loginAndDeviceAdd function| selectEvt function| useForm function| getNumberEscZero function| confirmAbroadContactSubmit function| confirmCaptchaSubmit function| confirmCaptchaSplitSubmit function| reCaptcha function| changeCaptchaMode object| playTimer function| clearAudio function| playSoundCaptcha function| goPage function| confirmNumberSubmit function| initcheck function| isNumberValidate function| onSubmitSleep function| otp_persist_usage function| savedAuto function| addKeepOTPEvent function| confirmOTPSubmit function| isOtpValidate boolean| ajaxForceStop string| clintAgent boolean| isMSIE8 boolean| isMSIE9 string| token_push_value function| addPushTokenValue function| release2nd function| notAskAgain function| no_save_case function| viewLayer function| confirmPushOTPSubmit number| currentSec number| pushCallCnt number| pollCnt number| callCnt number| initSec number| waitLimit function| makeTimer number| callgcnt function| callBackground function| checkFail function| checkLabel function| rePush function| askServerStatus function| u_skip function| help_ip_popup function| isObjExist function| addNclicksEvent function| addNormalEvent function| addNormalEventWithType function| getObjValue function| doblur function| dofocus function| checkProxy function| isPrivateMode function| privateModeCheck string| g_ssc string| ccsrv object| targetElement string| pageDirective string| id_error_msg string| pw_error_msg string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol number| soundDelay function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version function| ES6Promise boolean| isSet object| pwElement function| nolink number| smart_level object| nid_nnb string| ncaptchaType object| bvsd string| lcs_SerName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
lcs.naver.com
nidlogin.nidcorp.n-e.kr
ssl.pstatic.net
static.nid.naver.com
104.76.200.185
203.104.163.21
210.89.164.55
27.102.107.63
67.199.248.11
30179969eae564c6c95e8128343df1fab7b5d43edda9ad1cf6526c7d78a0558f
4838c3214ba00afeac29942198e11ed37abae617cbc73a48bda31081d02c8908
63d35e03b6583709f1326f90939025deb7ac744a55f7dd90069744ecb9efaf0f
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
75af0a14518de041a83846dfc487ed315017620cc7add91bf479efdcc5f41820
8a071a70196749dfd8f829c4a46441fb3bfe376e014d7e17db8f6afd01845aa2
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda