urlscan.io logo urlscan.io
SecurityTrails logo

imaginative-malabi-86b732.netlify.app Open in urlscan Pro
2a05:d014:275:cb02:66df:50b:6e56:a6bf  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://imaginative-malabi-86b732.netlify.app/?naps
Effective URL: https://imaginative-malabi-86b732.netlify.app/?naps
Submission: On September 08 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2a05:d014:275:cb02:66df:50b:6e56:a6bf, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is imaginative-malabi-86b732.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on February 15th 2022. Valid for: a year.
This is the only time imaginative-malabi-86b732.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

IP Address AS Autonomous System
2 2a05:d014:275... 16509 (AMAZON-02)
2 23.202.52.227 16625 (AKAMAI-AS)
4 2
Apex Domain
Subdomains		 Transfer
2 pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 10155
105 KB
2 netlify.app
imaginative-malabi-86b732.netlify.app
16 KB
4 2
Domain Requested by
2 ssl.pstatic.net imaginative-malabi-86b732.netlify.app
2 imaginative-malabi-86b732.netlify.app imaginative-malabi-86b732.netlify.app
4 2

This site contains links to these domains. Also see Links.

Domain
www.naver.com
nid.naver.com
www.navercorp.com
Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-15 -
2023-03-02		 a year crt.sh
ssl.pstatic.net
GeoTrust RSA CA 2018		 2021-11-05 -
2022-11-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://imaginative-malabi-86b732.netlify.app/?naps
Frame ID: 14DB3537E955B0D59C3DD8A3B95DD51A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Naver Sign in

Page URL History Show full URLs

  1. http://imaginative-malabi-86b732.netlify.app/?naps HTTP 307
    https://imaginative-malabi-86b732.netlify.app/?naps Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

121 kB
Transfer

181 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://imaginative-malabi-86b732.netlify.app/?naps HTTP 307
    https://imaginative-malabi-86b732.netlify.app/?naps Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
imaginative-malabi-86b732.netlify.app/
Redirect Chain
  • http://imaginative-malabi-86b732.netlify.app/?naps
  • https://imaginative-malabi-86b732.netlify.app/?naps
38 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imaginative-malabi-86b732.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
c4b405675c080a6202b7bc08ebd9c23e85e3cf7966a75e3b6a2aebee4c91d079
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
41139
cache-control
public, max-age=0, must-revalidate
content-encoding
gzip
content-length
8053
content-type
text/html; charset=UTF-8
date
Thu, 08 Sep 2022 00:45:56 GMT
etag
"6801b6f6aff0bf9e203a967a95972cb9-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-nf-request-id
01GCEG6FYFWXRR171SDTP254R4

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://imaginative-malabi-86b732.netlify.app/?naps
Non-Authoritative-Reason
HSTS
m_sp_00_common_978240a6.png
ssl.pstatic.net/static/nid/login/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static/nid/login/m_sp_00_common_978240a6.png
Requested by
Host: imaginative-malabi-86b732.netlify.app
URL: https://imaginative-malabi-86b732.netlify.app/?naps
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.202.52.227 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-202-52-227.deploy.static.akamaitechnologies.com
Software
Testa/6.1.1 /
Resource Hash
3be89f766c6a9ac418ec1c6f33dc7a24607a6e067c0731e77b8cc01fb3355bc7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imaginative-malabi-86b732.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

unused62
8096267
date
Thu, 08 Sep 2022 12:11:35 GMT
referrer-policy
unsafe-url
last-modified
Thu, 28 Oct 2021 05:48:39 GMT
server
Testa/6.1.1
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=401215
accept-ranges
bytes
content-length
21505
expires
Tue, 13 Sep 2022 03:38:30 GMT
m_sp_01_login_008d5216.png
ssl.pstatic.net/static/nid/login/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static/nid/login/m_sp_01_login_008d5216.png
Requested by
Host: imaginative-malabi-86b732.netlify.app
URL: https://imaginative-malabi-86b732.netlify.app/?naps
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.202.52.227 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-202-52-227.deploy.static.akamaitechnologies.com
Software
Testa/6.1.1 /
Resource Hash
1bf14b8b72b6a63f58405cf21a1954a75b85b00c85fec19bc784d33f6c8e4a64

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imaginative-malabi-86b732.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

unused62
8096267
date
Thu, 08 Sep 2022 12:11:35 GMT
referrer-policy
unsafe-url
last-modified
Wed, 16 Feb 2022 12:15:27 GMT
server
Testa/6.1.1
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=408753
accept-ranges
bytes
content-length
85176
expires
Tue, 13 Sep 2022 05:44:08 GMT
/
imaginative-malabi-86b732.netlify.app/ 		38 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imaginative-malabi-86b732.netlify.app/?naps
Requested by
Host: imaginative-malabi-86b732.netlify.app
URL: https://imaginative-malabi-86b732.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
c4b405675c080a6202b7bc08ebd9c23e85e3cf7966a75e3b6a2aebee4c91d079
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imaginative-malabi-86b732.netlify.app/?naps
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-nf-request-id
01GCEG6G0VH5H7GSFRSXY9NKFX
date
Thu, 08 Sep 2022 00:45:56 GMT
content-encoding
gzip
server
Netlify
age
41139
etag
"6801b6f6aff0bf9e203a967a95972cb9-ssl-df"
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
public, max-age=0, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
8053

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload