www.account.naver.shambassist.com

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 212.1.210.21, located in Asheville, United States and belongs to AS-HOSTINGER, CY. The main domain is www.account.naver.shambassist.com.
TLS certificate: Issued by R11 on October 14th 2024. Valid for: 3 months.

This is the only time www.account.naver.shambassist.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 5	212.1.210.21 212.1.210.21	47583 (AS-HOSTINGER) (AS-HOSTINGER)
2	23.212.205.62 23.212.205.62	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2

5 212.1.210.21 (Asheville, United States) 2 redirects

ASN47583 (AS-HOSTINGER, CY)
PTR: us-imm-lyn.boxsecured.com

www.account.naver.shambassist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.212.205.62 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-205-62.deploy.static.akamaitechnologies.com

ssl.pstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	shambassist.com 2 redirects www.account.naver.shambassist.com	20 KB
2	pstatic.net ssl.pstatic.net — Cisco Umbrella Rank: 10963	155 KB
5	2

	Domain	Requested by
5	www.account.naver.shambassist.com	2 redirects www.account.naver.shambassist.com
2	ssl.pstatic.net	www.account.naver.shambassist.com
5	2

This site contains no links.

Subject Issuer	Validity	Valid
www.account.naver.shambassist.com R11	`2024-10-14` - `2025-01-12`	3 months	crt.sh
ssl.pstatic.net GeoTrust RSA CA 2018	`2024-07-18` - `2025-07-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d
Frame ID: 1B0C6ACD2A85E5A7F976238AEB778BD9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

네이버 : 로그인

Page URL History Show full URLs

https://www.account.naver.shambassist.com/ HTTP 302
https://www.account.naver.shambassist.com/true?id=8346db44a721fa863ca38180638bad3d HTTP 301
https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

174 kB
Transfer

231 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.account.naver.shambassist.com/ HTTP 302
https://www.account.naver.shambassist.com/true?id=8346db44a721fa863ca38180638bad3d HTTP 301
https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.account.naver.shambassist.com/true/
Redirect Chain

https://www.account.naver.shambassist.com/
https://www.account.naver.shambassist.com/true?id=8346db44a721fa863ca38180638bad3d
https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d

12 KB
3 KB

153ms
153ms

Document
text/html

212.1.210.21
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

212.1.210.21 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

us-imm-lyn.boxsecured.com

Software

LiteSpeed / PHP/8.1.29

Resource Hash

d599d081f372f4640308adf8365a397f584e108671058729fe592db2e834553d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-length: 3227
content-type: text/html; charset=UTF-8
date: Tue, 15 Oct 2024 00:06:49 GMT
platform: hostinger
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/8.1.29
x-xss-protection: 1; mode=block

Redirect headers

content-length: 795
content-type: text/html
date: Tue, 15 Oct 2024 00:06:48 GMT
location: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d
platform: hostinger
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 w_20240611.css
www.account.naver.shambassist.com/true/file/ 59 KB
10 KB 166ms
165ms Stylesheet
text/css 212.1.210.21
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.account.naver.shambassist.com/true/file/w_20240611.css?20240801

Requested by

Host: www.account.naver.shambassist.com
URL: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

212.1.210.21 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

us-imm-lyn.boxsecured.com

Software

LiteSpeed /

Resource Hash

01889269a2c9fea66c566a4235c8531bd6f9091daa2dd484d60ebf7bc7805538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800
content-encoding: br
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:06:49 GMT
accept-ranges: bytes
content-length: 10042
date: Tue, 15 Oct 2024 00:06:49 GMT
x-xss-protection: 1; mode=block
content-type: text/css
last-modified: Tue, 15 Oct 2024 08:02:02 GMT
vary: Accept-Encoding
server: LiteSpeed
platform: hostinger

GET
H2 200 m_sp_00_common_978240a6.png
ssl.pstatic.net/static/nid/login/ 21 KB
21 KB 424ms
119ms Image
image/png 23.212.205.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssl.pstatic.net/static/nid/login/m_sp_00_common_978240a6.png
Requested by: Host: www.account.naver.shambassist.com
URL: https://www.account.naver.shambassist.com/true/file/w_20240611.css?20240801
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.212.205.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-205-62.deploy.static.akamaitechnologies.com
Software: Testa/6.2.4 /
Resource Hash: 3be89f766c6a9ac418ec1c6f33dc7a24607a6e067c0731e77b8cc01fb3355bc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.account.naver.shambassist.com/

Response headers

cache-control: max-age=255006
referrer-policy: unsafe-url
expires: Thu, 17 Oct 2024 22:56:56 GMT
accept-ranges: bytes
access-control-allow-origin: *
akamai-loopback-request: 8096267
content-length: 21505
date: Tue, 15 Oct 2024 00:06:50 GMT
last-modified: Thu, 28 Oct 2021 05:48:39 GMT
content-type: image/png
server: Testa/6.2.4

GET
H2 200 m_sp_01_login_775fb7c0.png
ssl.pstatic.net/static/nid/login/ 134 KB
134 KB 424ms
120ms Image
image/png 23.212.205.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssl.pstatic.net/static/nid/login/m_sp_01_login_775fb7c0.png
Requested by: Host: www.account.naver.shambassist.com
URL: https://www.account.naver.shambassist.com/true/file/w_20240611.css?20240801
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.212.205.62 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-205-62.deploy.static.akamaitechnologies.com
Software: Testa/6.2.4 /
Resource Hash: cdcfba14955a25ea5b46e3a322b3a2d4c4e2076dca8ccc85aebfa19fd77c2e3f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.account.naver.shambassist.com/

Response headers

cache-control: max-age=226381
referrer-policy: unsafe-url
expires: Thu, 17 Oct 2024 14:59:51 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 137032
date: Tue, 15 Oct 2024 00:06:50 GMT
last-modified: Mon, 01 Jul 2024 04:04:58 GMT
content-type: image/png
server: Testa/6.2.4

GET
H2 200 favicon.ico
www.account.naver.shambassist.com/true/file/ 5 KB
5 KB 188ms
187ms Other
image/x-icon 212.1.210.21
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.account.naver.shambassist.com/true/file/favicon.ico

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

212.1.210.21 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

us-imm-lyn.boxsecured.com

Software

LiteSpeed /

Resource Hash

4059be15d3943507390a124da698cf6f46da07582d846d30eb46e51f1000974c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800
x-content-type-options: nosniff
expires: Tue, 22 Oct 2024 00:06:49 GMT
accept-ranges: bytes
content-length: 5430
date: Tue, 15 Oct 2024 00:06:49 GMT
x-xss-protection: 1; mode=block
content-type: image/x-icon
last-modified: Tue, 15 Oct 2024 07:59:58 GMT
server: LiteSpeed
platform: hostinger

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://www.account.naver.shambassist.com/true/?id=8346db44a721fa863ca38180638bad3d Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ssl.pstatic.net
www.account.naver.shambassist.com
212.1.210.21
23.212.205.62
01889269a2c9fea66c566a4235c8531bd6f9091daa2dd484d60ebf7bc7805538
3be89f766c6a9ac418ec1c6f33dc7a24607a6e067c0731e77b8cc01fb3355bc7
4059be15d3943507390a124da698cf6f46da07582d846d30eb46e51f1000974c
cdcfba14955a25ea5b46e3a322b3a2d4c4e2076dca8ccc85aebfa19fd77c2e3f
d599d081f372f4640308adf8365a397f584e108671058729fe592db2e834553d

www.account.naver.shambassist.com Open in urlscan Pro 212.1.210.21 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

174 kBTransfer

231 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

www.account.naver.shambassist.com Open in urlscan Pro
212.1.210.21 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

174 kB
Transfer

231 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!