Submitted URL: http://wpsgjrgayz.ru.net/ola/infonava.php
Effective URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Submission: On May 03 via automatic , source openphish

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 9 HTTP transactions.
The main IP is 203.104.163.42, located in Korea, Republic Of and belongs to NHN-AS-KR NBP, KR. The main domain is nid.naver.com.
TLS certificate: Issued by COMODO RSA Extended Validation Secure... on August 25th 2017. Valid for: 2 years.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 10/100) Show Details

  • urlscan - Score: 0
  • openphish - Score: 10 (URL submitted from openphish) -
    phishing

Domain & IP information

IP Address AS Autonomous System
1 1 185.222.203.14 204725 (UVL2-ASN)
1 1 104.111.241.184 16625 (AKAMAI-AS)
5 203.104.163.42 23576 (NHN-AS-KR...)
3 210.89.164.55 23576 (NHN-AS-KR...)
1 203.104.163.21 23576 (NHN-AS-KR...)
9 3
Domain
Subdomains
Transfer
10 naver.com
159 KB
1 ru.net
237 B
9 2
Domain Requested by
5 nid.naver.com nid.naver.com
3 static.nid.naver.com nid.naver.com
1 lcs.naver.com
1 mail.naver.com 1 redirects
1 wpsgjrgayz.ru.net 1 redirects
9 5

This site contains links to these domains. Also see Links.

Domain
www.naver.com
help.naver.com
www.navercorp.com
Subject / Issuer Validity Valid
nid.naver.com
COMODO RSA Extended Validation Secure Server CA
2017-08-25 -
2019-08-31
2 years
static.nid.naver.com
GeoTrust RSA CA 2018
2019-01-30 -
2021-01-29
2 years
cc.naver.com
COMODO RSA Organization Validation Secure Server CA
2018-11-20 -
2020-11-27
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F

Redirect Chain
  • http://wpsgjrgayz.ru.net/ola/infonava.php
  • https://mail.naver.com/
  • https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
14 KB
5 KB
Document
General
Full URL
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.104.163.42 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
b5827dc80b9a390df2d926ddfb189a8f8a823449c2870bc40af73a334a2f19bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
nid.naver.com
:scheme
https
:path
/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
server
nginx
date
Fri, 03 May 2019 05:09:11 GMT
content-type
text/html;charset=utf-8
vary
Accept-Encoding
cache-control
no-cache no-store, no-cache, must-revalidate post-check=0, pre-check=0
expires
now -1
pragma
no-cache
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-language
ko-KR
x-nid-version
v3
content-encoding
gzip

Redirect headers

Server
nginx
Content-Length
0
Location
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
P3P
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Date
Fri, 03 May 2019 05:09:11 GMT
Connection
keep-alive
w_20181218.css?dt=20181218
/login/css/global/desktop
88 KB
17 KB
Stylesheet
General
Full URL
https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.104.163.42 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
448529c9d96881a4b1d52f60b7cbf00c375e9128915b697a820ee66f49c1293f

Request headers

Referer
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 03 May 2019 05:09:11 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 08:32:12 GMT
server
nginx
etag
W/"5cbecd8c-15fb0"
vary
Accept-Encoding
content-type
text/css
status
200
common.all.js?141216
/login/js
51 KB
14 KB
Script
General
Full URL
https://nid.naver.com/login/js/common.all.js?141216
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.104.163.42 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
97185b24b80e7c9219be55147d6aaa861ca74841b74b0685987e000fe0fbc67e

Request headers

Referer
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 03 May 2019 05:09:11 GMT
content-encoding
gzip
last-modified
Tue, 04 Dec 2018 11:12:11 GMT
server
nginx
etag
W/"5c06610b-ca55"
vary
Accept-Encoding
content-type
application/javascript
status
200
bvsd.1.3.4.min.js
/login/js
94 KB
28 KB
Script
General
Full URL
https://nid.naver.com/login/js/bvsd.1.3.4.min.js
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.104.163.42 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca

Request headers

Referer
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 03 May 2019 05:09:11 GMT
content-encoding
gzip
last-modified
Tue, 04 Dec 2018 11:12:11 GMT
server
nginx
etag
W/"5c06610b-17748"
vary
Accept-Encoding
content-type
application/javascript
status
200
lcs_nclicks.js?dt=20190122
/login/js
38 KB
11 KB
Script
General
Full URL
https://nid.naver.com/login/js/lcs_nclicks.js?dt=20190122
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.104.163.42 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
ad824de5ba76590a845a9057562723b8746d142aa212057463b509649bb09b1f

Request headers

Referer
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 03 May 2019 05:09:11 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 08:32:12 GMT
server
nginx
etag
W/"5cbecd8c-9620"
vary
Accept-Encoding
content-type
application/javascript
status
200
sp_u_skip.png
static.nid.naver.com/images/web/user
967 B
1 KB
Image
General
Full URL
https://static.nid.naver.com/images/web/user/sp_u_skip.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46

Request headers

Referer
https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 03 May 2019 05:09:12 GMT
Last-Modified
Mon, 11 Apr 2016 11:25:27 GMT
Server
nginx
ETag
"570b89a7-3c7"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
967
Expires
Thu, 31 Dec 2037 23:55:55 GMT
pc_sp_login_170424.png
static.nid.naver.com/images/ui/login
80 KB
80 KB
Image
General
Full URL
https://static.nid.naver.com/images/ui/login/pc_sp_login_170424.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc

Request headers

Referer
https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 03 May 2019 05:09:12 GMT
Last-Modified
Fri, 28 Apr 2017 06:47:59 GMT
Server
nginx
ETag
"5902e59f-13ff8"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
81912
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sel_arr_2x.gif
static.nid.naver.com/images/login/global/sns/desktop
2 KB
2 KB
Image
General
Full URL
https://static.nid.naver.com/images/login/global/sns/desktop/sel_arr_2x.gif
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
210.89.164.55 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66

Request headers

Referer
https://nid.naver.com/login/css/global/desktop/w_20181218.css?dt=20181218
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 03 May 2019 05:09:12 GMT
Last-Modified
Wed, 27 Jul 2016 07:09:12 GMT
Server
nginx
ETag
"57985e18-66a"
Content-Type
image/gif
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1642
Expires
Thu, 31 Dec 2037 23:55:55 GMT
m?u=https%3A%2F%2Fnid.naver.com%2Fnidlogin.login%3Furl%3Dhttp%253A%252F%252Fmail.naver.com%252F&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1...
lcs.naver.com
43 B
362 B
Image
General
Full URL
https://lcs.naver.com/m?u=https%3A%2F%2Fnid.naver.com%2Fnidlogin.login%3Furl%3Dhttp%253A%252F%252Fmail.naver.com%252F&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1556860150363&fetchStart=1556860151166&domainLookupStart=1556860151167&domainLookupEnd=1556860151257&connectStart=1556860151257&connectEnd=1556860151340&secureConnectionStart=1556860151270&requestStart=1556860151340&responseStart=1556860151637&responseEnd=1556860151638&domLoading=1556860151640&domInteractive=1556860151988&domContentLoadedEventStart=1556860151988&domContentLoadedEventEnd=1556860151988&domComplete=1556860153754&loadEventStart=1556860153754&loadEventEnd=1556860153754&first-paint=1618.1249991059303&first-contentful-paint=1618.1299984455109&pid=812d9a0500f4d8561d5644d5ba37ecb2&ts=1556860153786&EOU
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
203.104.163.21 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 May 2019 05:09:13 GMT
server
nginx
p3p
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
status
200
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-type
image/gif
content-length
43
expires
Tue, 01 Jan 1980 09:00:00 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://wpsgjrgayz.ru.net/ola/infonava.php
  • https://mail.naver.com/
  • https://nid.naver.com/nidlogin.login?url=http%3A%2F%2Fmail.naver.com%2F

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect function| nclk function| nclk_clsnm function| nclk_chk function| nclk_if string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z string| b64map string| b64pad boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt object| keys object| keystr string| keyname string| evalue string| nvalue number| initEnc string| is_ipcheck undefined| enctp boolean| is_sid boolean| is_spw boolean| is_mid boolean| is_mpw undefined| browser number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol object| login_chk function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue string| id_error_msg string| pw_error_msg boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit number| smart_level boolean| isSet object| __core-js_shared__ object| __sofabfp_registry object| sofa object| porperties undefined| nid_buk undefined| today undefined| expire undefined| curCookie object| bvsd function| nclk_proxy function| nclk_v2 function| nclks_select function| lcs_get_lpid function| lcs_update_lpid string| lcs_version string| g_ssc string| lcs_SerName

1 Cookies

Domain/Path Name / Value
.nid.naver.com/ Name: nid_slevel
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block