brilliant-concha-27bd2a.netlify.app Open in urlscan Pro
52.74.166.77  Malicious Activity! Public Scan

URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Submission: On July 31 via api from JP — Scanned from JP

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 52.74.166.77, located in Singapore and belongs to AMAZON-02, US. The main domain is brilliant-concha-27bd2a.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on December 21st 2022. Valid for: a year.
This is the only time brilliant-concha-27bd2a.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Naver (Online)

Domain & IP information

IP Address AS Autonomous System
1 52.74.166.77 16509 (AMAZON-02)
4 125.209.226.33 23576 (NHN-AS-KR...)
3 23.51.4.208 20940 (AKAMAI-ASN1)
1 110.93.154.77 23576 (NHN-AS-KR...)
10 5
Apex Domain
Subdomains
Transfer
5 naver.com
nid.naver.com — Cisco Umbrella Rank: 17865
lcs.naver.com — Cisco Umbrella Rank: 30852
26 KB
3 pstatic.net
ssl.pstatic.net — Cisco Umbrella Rank: 13283
111 KB
1 netlify.app
brilliant-concha-27bd2a.netlify.app
5 KB
0 Failed
function sub() { [native code] }. Failed
10 4
Domain Requested by
4 nid.naver.com brilliant-concha-27bd2a.netlify.app
3 ssl.pstatic.net nid.naver.com
1 lcs.naver.com brilliant-concha-27bd2a.netlify.app
1 brilliant-concha-27bd2a.netlify.app
0 Failed brilliant-concha-27bd2a.netlify.app
10 5

This site contains links to these domains. Also see Links.

Domain
www.naver.com
help.naver.com
nid.naver.com
www.navercorp.com
Subject Issuer Validity Valid
*.netlify.app
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-12-21 -
2024-01-21
a year crt.sh
nid.naver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-08-25 -
2023-09-13
a year crt.sh
ssl.pstatic.net
GeoTrust RSA CA 2018
2023-05-24 -
2023-09-07
4 months crt.sh
*.naver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-03-02 -
2024-03-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://brilliant-concha-27bd2a.netlify.app/?naps
Frame ID: 9B87A3B56D12B2FE93F1FCFA57B4A6C5
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Naver Sign in

Detected technologies

Overall confidence: 100%
Detected patterns
  • ^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

142 kB
Transfer

241 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
brilliant-concha-27bd2a.netlify.app/
18 KB
5 KB
Document
General
Full URL
https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.74.166.77 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-166-77.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
a7ed8c0336c4c9a04946fb910d1dc602509151ac4034017a5d6f05f71b7c6231
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
jp-jp,jp;q=0.9

Response headers

accept-ranges
bytes
age
30278
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-length
4900
content-type
text/html; charset=UTF-8
date
Mon, 31 Jul 2023 00:35:14 GMT
etag
"b00be0333df09800cf0876687dcaf57c-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-nf-request-id
01H6MNXQZEMHZ2VB4NACAME17F
w_20161104.css
nid.naver.com/login/css/global/desktop/
70 KB
13 KB
Stylesheet
General
Full URL
https://nid.naver.com/login/css/global/desktop/w_20161104.css?dt=20170718
Requested by
Host: brilliant-concha-27bd2a.netlify.app
URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
125.209.226.33 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
ca054697b26267fe3931c0d76df7a050230ca53f92bebdad727b195dd4bffc90

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://brilliant-concha-27bd2a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:18 GMT
content-encoding
gzip
last-modified
Thu, 27 Jul 2023 06:38:01 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"64c210c9-1164b"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/css
x-ua-compatible
IE=edge
e_20161104.css
nid.naver.com/login/css/global/desktop/
23 KB
5 KB
Stylesheet
General
Full URL
https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Requested by
Host: brilliant-concha-27bd2a.netlify.app
URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
125.209.226.33 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
4d80aa5bdc94b5bb4da26187c29c7818f8355c1ead175a42bb6ca3e368148472

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://brilliant-concha-27bd2a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:18 GMT
content-encoding
gzip
last-modified
Thu, 27 Jul 2023 06:38:01 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"64c210c9-5bcf"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
text/css
x-ua-compatible
IE=edge
clickcr.js
nid.naver.com/js/
10 KB
3 KB
Script
General
Full URL
https://nid.naver.com/js/clickcr.js?140717
Requested by
Host: brilliant-concha-27bd2a.netlify.app
URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
125.209.226.33 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
383b038cf3099d6eec1303bbb4dbe77dfda1a426e5d41d92802a0be3356cd332

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://brilliant-concha-27bd2a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:18 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 03:00:00 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"5e7977b0-2601"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
application/javascript
x-ua-compatible
IE=edge
lcslog.js
nid.naver.com/js/
11 KB
4 KB
Script
General
Full URL
https://nid.naver.com/js/lcslog.js
Requested by
Host: brilliant-concha-27bd2a.netlify.app
URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
125.209.226.33 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nginx /
Resource Hash
c92b022eaae1cc65a32a924071032c6efcf2b4c8f462c75ed22c2e802052c638

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://brilliant-concha-27bd2a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:18 GMT
content-encoding
gzip
last-modified
Tue, 24 Mar 2020 03:00:00 GMT
server
nginx
accept-ch
dpr,device-memory,viewport-width,rtt,downlink,ect,lang, ua-arch,ua-platform,ua-platform-version,ua-model,ua-full-version,ua,ua-mobile, sec-ch-ua-arch,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-mobile
etag
W/"5e7977b0-2a92"
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
application/javascript
x-ua-compatible
IE=edge
pc_sp_login_170424.png
ssl.pstatic.net/static.gn/images/ui/login/
80 KB
80 KB
Image
General
Full URL
https://ssl.pstatic.net/static.gn/images/ui/login/pc_sp_login_170424.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.51.4.208 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-51-4-208.deploy.static.akamaitechnologies.com
Software
Testa/6.1.4 /
Resource Hash
7939c9cc4b5f045ee3dc78aeb268878e778b6d89debe138abc30c6f1a86c98fc

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:28 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.4
etag
"61812601-13ff8"
content-type
image/png
cache-control
max-age=10642
accept-ranges
bytes
content-length
81912
expires
Mon, 31 Jul 2023 03:32:50 GMT
sel_arr.gif
ssl.pstatic.net/static.gn/images/login/global/sns/desktop/
1 KB
1 KB
Image
General
Full URL
https://ssl.pstatic.net/static.gn/images/login/global/sns/desktop/sel_arr.gif
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.51.4.208 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-51-4-208.deploy.static.akamaitechnologies.com
Software
Testa/6.1.4 /
Resource Hash
1708a58918cd4c3921e571726c848bad200fbcb8dc03adc374a1e35adf6c2b05

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:28 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.4
etag
"61812601-527"
content-type
image/gif
cache-control
max-age=86375
accept-ranges
bytes
content-length
1319
expires
Tue, 01 Aug 2023 00:35:03 GMT
pc_sp_btn_170530.png
ssl.pstatic.net/static.gn/images/ui/login/
29 KB
29 KB
Image
General
Full URL
https://ssl.pstatic.net/static.gn/images/ui/login/pc_sp_btn_170530.png
Requested by
Host: nid.naver.com
URL: https://nid.naver.com/login/css/global/desktop/e_20161104.css?dt=20161214
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.51.4.208 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-51-4-208.deploy.static.akamaitechnologies.com
Software
Testa/6.1.4 /
Resource Hash
1d0c1b522fe3664b90b13d4cf5716d54a87084625ba2b2674b8cf4e5cae97107

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://nid.naver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Mon, 31 Jul 2023 00:35:28 GMT
last-modified
Tue, 02 Nov 2021 11:50:25 GMT
server
Testa/6.1.4
etag
"61812601-7492"
content-type
image/png
cache-control
max-age=86383
accept-ranges
bytes
content-length
29842
expires
Tue, 01 Aug 2023 00:35:11 GMT
common.all.js
/H%7C/secktor7/secktor7/pages/login/js/
0
0

m
lcs.naver.com/
43 B
459 B
Image
General
Full URL
https://lcs.naver.com/m?u=https%3A%2F%2Fbrilliant-concha-27bd2a.netlify.app%2F%3Fnaps&e=&i=&os=Win32&ln=en-US&sr=1600x1200&bw=1600&bh=1200&c=24&j=N&jv=1.8&k=Y&fv=&sl=&ct=&p=Chrome%20PDF%20Plugin%3BChrome%20PDF%20Viewer%3BNative%20Client&EOU
Requested by
Host: brilliant-concha-27bd2a.netlify.app
URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
110.93.154.77 , Korea, Republic Of, ASN23576 (NHN-AS-KR NAVER Cloud Corp., KR),
Reverse DNS
Software
nfront /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://brilliant-concha-27bd2a.netlify.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Jul 2023 00:35:37 GMT
referrer-policy
unsafe-url
server
nfront
p3p
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
43
expires
Tue, 01 Jan 1980 09:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
URL
file:///H%7C/secktor7/secktor7/pages/login/js/common.all.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| swap_social_menu string| disp_stat string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol undefined| login_chk function| persist_usage undefined| view_onetimeusage function| viewOnetime number| nclkMaxDepth string| ccsrv string| nclkModule string| nsc string| g_pid string| g_sid object| nclkImg function| clickcr function| nclks function| nclks_clsnm function| nclks_chk function| nclks_if function| nclks_select object| nclk boolean| lcs_isie boolean| lcs_isns boolean| lcs_isopera boolean| lcs_ismac object| lcs_add object| lcs_bc string| lcs_ver number| lcs_cnt function| lcs_do function| lcs_do_gdid function| lcs_getBrowserCapa function| lcs_getOS function| lcs_getlanguage function| lcs_getScreen function| lcs_getWindowSize function| lcs_getColorDepth function| lcs_getJavaEnabled function| lcs_getCookieEnabled function| lcs_getConnectType function| lcs_getJavascriptVer function| lcs_getSwfVer function| lcs_getSLVersion function| lcs_getPlugIn function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale2 function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers

1 Cookies

Domain/Path Name / Value
.naver.com/ Name: NNB
Value: LV2HSR6ZAHDWI

1 Console Messages

Source Level URL
Text
javascript error URL: https://brilliant-concha-27bd2a.netlify.app/?naps
Message:
Not allowed to load local resource: file:///H%7C/secktor7/secktor7/pages/login/js/common.all.js

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload