naver.com.mailboxuser.burjmanhost.com Open in urlscan Pro
23.92.211.28  Malicious Activity! Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request nid.login.php Show response naver.com.mailboxuser.burjmanhost.com/message_recovery/	7 KB 8 KB	739ms 702ms	Document text/html	23.92.211.28 DACEN-2
General Check archive.org Show headers Download Go to Full URL http://naver.com.mailboxuser.burjmanhost.com/message_recovery/nid.login.php Protocol HTTP/1.1 Server 23.92.211.28 , United States, ASN31863 (DACEN-2, US), Reverse DNS can-vm2-mail.cliffpuff.com Software Apache / Resource Hash 580b775de70497d345ca4effaeb75a8284b5f6cf42875bac5b9edb9a658a3faa Request headers Host naver.com.mailboxuser.burjmanhost.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 13:20:13 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	w_20191231.css nid.naver.com/login/css/global/desktop/	96 KB 18 KB	597ms 56ms	Stylesheet text/css	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/css/global/desktop/w_20191231.css Requested by Host: naver.com.mailboxuser.burjmanhost.com URL: http://naver.com.mailboxuser.burjmanhost.com/message_recovery/nid.login.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash f6b3492f2cd408b2e0e49bba324148a3e7f62d4634f09ea203b4122ff9953196 Request headers Referer http://naver.com.mailboxuser.burjmanhost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 13:20:15 GMT content-encoding gzip last-modified Mon, 18 Jan 2021 07:05:59 GMT server nginx etag W/"60053357-18005" vary Accept-Encoding content-type text/css
GET H2	200	bvsd.1.3.4.min.js Show response nid.naver.com/login/js/	94 KB 28 KB	597ms 56ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/bvsd.1.3.4.min.js Requested by Host: naver.com.mailboxuser.burjmanhost.com URL: http://naver.com.mailboxuser.burjmanhost.com/message_recovery/nid.login.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca Request headers Referer http://naver.com.mailboxuser.burjmanhost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 13:20:15 GMT content-encoding gzip last-modified Mon, 18 Jan 2021 07:05:59 GMT server nginx etag W/"60053357-17748" vary Accept-Encoding content-type application/javascript
GET H2	200	common.js Show response nid.naver.com/login/js/default/	85 KB 23 KB	597ms 56ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/default/common.js Requested by Host: naver.com.mailboxuser.burjmanhost.com URL: http://naver.com.mailboxuser.burjmanhost.com/message_recovery/nid.login.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 30c6f7a0498e0ae7e9f7a46c13b18dc0220a561b5b5ef2da53b2dde92bcc2523 Request headers Referer http://naver.com.mailboxuser.burjmanhost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 13:20:15 GMT content-encoding gzip last-modified Mon, 18 Jan 2021 07:05:59 GMT server nginx etag W/"60053357-15358" vary Accept-Encoding content-type application/javascript
GET H2	200	default.js Show response nid.naver.com/login/js/default/	2 KB 1 KB	596ms 56ms	Script application/javascript	203.104.163.42 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Full URL https://nid.naver.com/login/js/default/default.js Requested by Host: naver.com.mailboxuser.burjmanhost.com URL: http://naver.com.mailboxuser.burjmanhost.com/message_recovery/nid.login.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 203.104.163.42 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 2028b7287b0a29fa946ed3c8faac1cd5db6c6bb0e6514380b9d7d61dbe3d351f Request headers Referer http://naver.com.mailboxuser.burjmanhost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 23 Mar 2021 13:20:15 GMT content-encoding gzip last-modified Mon, 18 Jan 2021 07:05:59 GMT server nginx etag W/"60053357-945" vary Accept-Encoding content-type application/javascript
GET H/1.1	200 OK	sp_u_skip.png static.nid.naver.com/images/web/user/	967 B 1 KB	2249ms 317ms	Image image/png	125.209.226.239 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/web/user/sp_u_skip.png Requested by Host: nid.naver.com URL: https://nid.naver.com/login/css/global/desktop/w_20191231.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 125.209.226.239 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46 Request headers Referer https://nid.naver.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 13:20:17 GMT Last-Modified Wed, 09 Sep 2020 07:45:05 GMT Server nginx ETag "5f588801-3c7" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 967 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	pc_sp_login_190522.png static.nid.naver.com/images/ui/login/	88 KB 89 KB	2541ms 643ms	Image image/png	125.209.226.239 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/ui/login/pc_sp_login_190522.png Requested by Host: nid.naver.com URL: https://nid.naver.com/login/css/global/desktop/w_20191231.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 125.209.226.239 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc Request headers Referer https://nid.naver.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 13:20:17 GMT Last-Modified Wed, 09 Sep 2020 07:45:02 GMT Server nginx ETag "5f5887fe-16124" Content-Type image/png Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 90404 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	sel_arr_2x.gif static.nid.naver.com/images/login/global/sns/desktop/	2 KB 2 KB	2228ms 330ms	Image image/gif	125.209.226.239 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL https://static.nid.naver.com/images/login/global/sns/desktop/sel_arr_2x.gif Requested by Host: nid.naver.com URL: https://nid.naver.com/login/css/global/desktop/w_20191231.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 125.209.226.239 , Korea, Republic Of, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash 21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66 Request headers Referer https://nid.naver.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Tue, 23 Mar 2021 13:20:17 GMT Last-Modified Wed, 09 Sep 2020 07:45:01 GMT Server nginx ETag "5f5887fd-66a" Content-Type image/gif Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Content-Length 1642 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	m lcs.naver.com/	43 B 415 B	74ms 48ms	Image image/gif	203.104.163.21 NHN-AS-KR NBP
General Check archive.org Show headers Download Go to Show image Full URL http://lcs.naver.com/m?u=http%3A%2F%2Fnaver.com.mailboxuser.burjmanhost.com%2Fmessage_recovery%2Fnid.login.php&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1616505613460&fetchStart=1616505613460&domainLookupStart=1616505613464&domainLookupEnd=1616505613479&connectStart=1616505613479&connectEnd=1616505613498&requestStart=1616505613498&responseStart=1616505614200&responseEnd=1616505614210&domLoading=1616505614635&domInteractive=1616505617465&domContentLoadedEventStart=1616505617465&domContentLoadedEventEnd=1616505617465&domComplete=1616505618389&loadEventStart=1616505618389&loadEventEnd=1616505618389&first-paint=2256.7299976944923&first-contentful-paint=2256.7299976944923&pid=92cd6caeac8a73a468fa7465baac8929&ts=1616505618424&EOU Protocol HTTP/1.1 Server 203.104.163.21 , Singapore, ASN23576 (NHN-AS-KR NBP, KR), Reverse DNS Software nginx / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers Referer http://naver.com.mailboxuser.burjmanhost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Mar 2021 13:20:18 GMT Server nginx P3P CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC" Cache-Control no-cache, no-store, must-revalidate, max-age=0 Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 01 Jan 1980 09:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

228 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| __core-js_shared__ object| __sofabfp_registry object| sofa function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| swap_social_menu function| isOldIE function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit function| ncaptchaInit function| doBUK function| goNotAdult boolean| already_submit function| loginAndDeviceAdd function| selectEvt function| useForm function| getNumberEscZero function| confirmAbroadContactSubmit function| confirmCaptchaSubmit function| confirmCaptchaSplitSubmit function| reCaptcha function| changeCaptchaMode object| playTimer function| clearAudio function| playSoundCaptcha function| goPage function| confirmNumberSubmit function| initcheck function| isNumberValidate function| onSubmitSleep function| otp_persist_usage function| savedAuto function| addKeepOTPEvent function| confirmOTPSubmit function| isOtpValidate boolean| ajaxForceStop string| clintAgent boolean| isMSIE8 boolean| isMSIE9 string| token_push_value function| addPushTokenValue function| release2nd function| notAskAgain function| no_save_case function| viewLayer function| confirmPushOTPSubmit number| currentSec number| pushCallCnt number| pollCnt number| callCnt number| initSec number| waitLimit function| makeTimer number| callgcnt function| callBackground function| checkFail function| checkLabel function| rePush function| askServerStatus function| u_skip function| help_ip_popup function| isObjExist function| addNclicksEvent function| addNormalEvent function| addNormalEventWithType function| getObjValue function| doblur function| dofocus string| g_ssc string| ccsrv object| targetElement string| cr string| id_error_msg string| pw_error_msg string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol number| soundDelay function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version boolean| isSet object| pwElement function| nolink number| smart_level string| lcs_SerName

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lcs.naver.com
naver.com.mailboxuser.burjmanhost.com
nid.naver.com
static.nid.naver.com
125.209.226.239
203.104.163.21
203.104.163.42
23.92.211.28
2028b7287b0a29fa946ed3c8faac1cd5db6c6bb0e6514380b9d7d61dbe3d351f
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
30c6f7a0498e0ae7e9f7a46c13b18dc0220a561b5b5ef2da53b2dde92bcc2523
580b775de70497d345ca4effaeb75a8284b5f6cf42875bac5b9edb9a658a3faa
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
f6b3492f2cd408b2e0e49bba324148a3e7f62d4634f09ea203b4122ff9953196