urlscan.io logo urlscan.io
SecurityTrails logo

deyokheart.firebaseapp.com Open in urlscan Pro
199.36.158.100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://deyokheart.firebaseapp.com/
Submission: On August 01 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 199.36.158.100, located in United States and belongs to FASTLY, US. The main domain is deyokheart.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on July 10th 2023. Valid for: 3 months.
This is the only time deyokheart.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

IP Address AS Autonomous System
1 199.36.158.100 54113 (FASTLY)
1 223.130.195.168 23576 (NHN-AS-KR...)
2 223.130.195.167 23576 (NHN-AS-KR...)
2 23.51.4.208 20940 (AKAMAI-ASN1)
6 4
Apex Domain
Subdomains		 Transfer
3 naver.com
nid.naver.com — Cisco Umbrella Rank: 17865
static.nid.naver.com — Cisco Umbrella Rank: 39264
107 KB
2 pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 13283
122 KB
1 firebaseapp.com
deyokheart.firebaseapp.com
2 KB
6 3
Domain Requested by
2 ssl.pstatic.net nid.naver.com
2 static.nid.naver.com nid.naver.com
1 nid.naver.com deyokheart.firebaseapp.com
1 deyokheart.firebaseapp.com
6 4

This site contains links to these domains. Also see Links.

Domain
www.naver.com
nid.naver.com
help.naver.com
www.navercorp.com
Subject Issuer Validity Valid
firebaseapp.com
GTS CA 1D4		 2023-07-10 -
2023-10-08		 3 months crt.sh
nid.naver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-25 -
2023-09-13		 a year crt.sh
*.nid.naver.com
Sectigo RSA Organization Validation Secure Server CA		 2022-12-01 -
2024-01-01		 a year crt.sh
ssl.pstatic.net
GeoTrust RSA CA 2018		 2023-05-24 -
2023-09-07		 4 months crt.sh

This page contains 1 frames:

Primary Page: https://deyokheart.firebaseapp.com/
Frame ID: FCDA22A885BF2438FEFDD01AC465E4D7
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

네이버 : 로그인

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

232 kB
Transfer

313 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
deyokheart.firebaseapp.com/ 		9 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://deyokheart.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
67f59457dd74a2a65be08242464778fa5b3dd982a763b311a299e4f8a72622e7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
jp-jp,jp;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
br
content-length
2179
content-type
text/html; charset=utf-8
date
Tue, 01 Aug 2023 02:03:27 GMT
etag
"63c47f325da292f5ee01d98cd4899083520fa2aac13dc88690ee85a1f887976d-br"
last-modified
Wed, 17 Mar 2021 22:10:23 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-nrt-rjtf7700029-NRT
x-timer
S1690855407.400592,VS0,VE65
w_20200707.css
nid.naver.com/login/css/global/desktop/ 		93 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nid.naver.com/login/css/global/desktop/w_20200707.css?20201006
Requested by
Host: deyokheart.firebaseapp.com
URL: https://deyokheart.firebaseapp.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
223.130.195.168 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
30179969eae564c6c95e8128343df1fab7b5d43edda9ad1cf6526c7d78a0558f

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://deyokheart.firebaseapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 02:03:27 GMT
content-encoding
gzip
last-modified
Thu, 27 Jul 2023 06:38:01 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"64c210c9-175cf"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/css
x-ua-compatible
IE=edge
sp_u_skip.png
static.nid.naver.com/images/web/user/ 		967 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.nid.naver.com/images/web/user/sp_u_skip.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/w_20200707.css?20201006
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
223.130.195.167 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 02:03:28 GMT
last-modified
Tue, 02 Nov 2021 11:50:30 GMT
server
nginx
etag
"61812606-3c7"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
967
expires
Thu, 31 Dec 2037 23:55:55 GMT
pc_sp_login_190522.png
static.nid.naver.com/images/ui/login/ 		88 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.nid.naver.com/images/ui/login/pc_sp_login_190522.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/w_20200707.css?20201006
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
223.130.195.167 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 02:03:28 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
nginx
etag
"61812601-16124"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
90404
expires
Thu, 31 Dec 2037 23:55:55 GMT
pc_qr_once.png
ssl.pstatic.net/static/nid/login/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static/nid/login/pc_qr_once.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/w_20200707.css?20201006
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.51.4.208 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-51-4-208.deploy.static.akamaitechnologies.com
Software
Testa/6.1.4 /
Resource Hash
63d35e03b6583709f1326f90939025deb7ac744a55f7dd90069744ecb9efaf0f

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 02:03:27 GMT
referrer-policy
unsafe-url
last-modified
Fri, 10 Apr 2020 09:26:36 GMT
server
Testa/6.1.4
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=406858
accept-ranges
bytes
content-length
18665
expires
Sat, 05 Aug 2023 19:04:25 GMT
m_920_294_1006.png
ssl.pstatic.net/static/nid/login/ 		103 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.pstatic.net/static/nid/login/m_920_294_1006.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/w_20200707.css?20201006
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.51.4.208 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-51-4-208.deploy.static.akamaitechnologies.com
Software
Testa/6.1.4 /
Resource Hash
424294c1a5cdbe33618f33cb6c0426032d2df241f1756eb9d36e102905029371

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Tue, 01 Aug 2023 02:03:27 GMT
referrer-policy
unsafe-url
last-modified
Tue, 06 Oct 2020 04:48:53 GMT
server
Testa/6.1.4
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=271020
accept-ranges
bytes
content-length
105553
expires
Fri, 04 Aug 2023 05:20:27 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload