nid.naver-accounts.com Open in urlscan Pro
23.254.161.144  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200	Primary Request / Show response nid.naver-accounts.com/	14 KB 14 KB	3089ms 2679ms	Document text/html	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash 87d0d09860e8fa7225358121284bc7f094a227bc580d91db1221ed44a66e38bd Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Content-Type text/html;charset=utf-8 Content-Language de-DE Transfer-Encoding chunked Date Tue, 08 Feb 2022 16:42:27 GMT Keep-Alive timeout=60 Connection keep-alive
GET H/1.1	200	w_202105.css nid.naver-accounts.com/login/css/global/desktop/	30 KB 30 KB	152ms 152ms	Stylesheet text/css	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/login/css/global/desktop/w_202105.css?20210812 Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash 27798ccc6385e82909ced357198a608139ae9e442b6c95bb4a311956c1fb89c8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:27 GMT Last-Modified Wed, 06 Oct 2021 03:43:08 GMT ETag W/"30462-1633491788000" Content-Type text/css Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 30462
GET H2	200	m_banner_2step_924x294.png ssl.pstatic.net/static/nid/login/banner/	54 KB 55 KB	402ms 11ms	Image image/png	2.18.233.157 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pstatic.net/static/nid/login/banner/m_banner_2step_924x294.png Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2.18.233.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-157.deploy.static.akamaitechnologies.com Software Testa/5.1.1 / Resource Hash dbec0a6f4f63ad346cc2e20fd1c52dd79a019978ee031ba0f76dbcb9d3fac6df Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 08 Feb 2022 16:42:28 GMT referrer-policy unsafe-url last-modified Mon, 12 Apr 2021 07:18:08 GMT server Testa/5.1.1 content-type image/png access-control-allow-origin * cache-control max-age=345580 accept-ranges bytes content-length 55608 expires Sat, 12 Feb 2022 16:42:08 GMT
GET H/1.1	200	bvsd.1.3.4.min.js Show response nid.naver-accounts.com/login/js/	187 KB 188 KB	136ms 135ms	Script application/javascript	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/login/js/bvsd.1.3.4.min.js Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash c42ad204a38db49be99ad063cae29da831ba778da0753de73ed228269d4c76a0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:27 GMT Last-Modified Wed, 06 Oct 2021 03:44:12 GMT ETag W/"191764-1633491852000" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 191764
GET H/1.1	200	common_202105.js Show response nid.naver-accounts.com/login/js/v2/default/	95 KB 95 KB	282ms 130ms	Script application/javascript	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/login/js/v2/default/common_202105.js?v=20210813 Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash eefcb014c21266f4a8cc6e1dfdb5d6e9e0f02d07bb25cca0a64e98c633b28343 Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:27 GMT Last-Modified Tue, 08 Feb 2022 07:38:56 GMT ETag W/"97333-1644305936000" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 97333
GET H/1.1	200	default_202105.js Show response nid.naver-accounts.com/login/js/v2/default/	3 KB 4 KB	377ms 129ms	Script application/javascript	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/login/js/v2/default/default_202105.js?v=20210910 Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash 3f881de4a84966097a34e7398354b3c07866bae0cc4e315a1b5b70d1dd37443c Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:27 GMT Last-Modified Wed, 06 Oct 2021 03:45:30 GMT ETag W/"3504-1633491930000" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 3504
GET H2	200	m_sp_00_common_c860f0da.png ssl.pstatic.net/static/nid/login/	13 KB 13 KB	256ms 19ms	Image image/png	2.18.233.157 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pstatic.net/static/nid/login/m_sp_00_common_c860f0da.png Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/login/css/global/desktop/w_202105.css?20210812 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2.18.233.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-157.deploy.static.akamaitechnologies.com Software Testa/5.1.1 / Resource Hash 8a92d63d31496759a0f4938e99d55e01f1d12893572e0953167faa3481b91cfb Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 08 Feb 2022 16:42:28 GMT referrer-policy unsafe-url last-modified Wed, 28 Apr 2021 07:07:13 GMT server Testa/5.1.1 content-type image/png access-control-allow-origin * cache-control max-age=525238 accept-ranges bytes content-length 13241 expires Mon, 14 Feb 2022 18:36:26 GMT
GET H2	200	m_sp_01_login_2d02c3e8.png ssl.pstatic.net/static/nid/login/	75 KB 75 KB	260ms 24ms	Image image/png	2.18.233.157 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.pstatic.net/static/nid/login/m_sp_01_login_2d02c3e8.png Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/login/css/global/desktop/w_202105.css?20210812 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2.18.233.157 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-233-157.deploy.static.akamaitechnologies.com Software Testa/5.1.1 / Resource Hash f58f114b9d173c25cc4bb0139fbc52a62a6b868cbb0fbb9b456fc346696a807f Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 08 Feb 2022 16:42:28 GMT referrer-policy unsafe-url last-modified Tue, 24 Aug 2021 03:11:09 GMT server Testa/5.1.1 content-type image/png access-control-allow-origin * cache-control max-age=354842 accept-ranges bytes content-length 76379 expires Sat, 12 Feb 2022 19:16:30 GMT
GET H/1.1	200	p9-S6QgWr6-cJoL7P3Si28qiiBPhUR4FHrIQbjkjOBc7gXpjuA4udXheY5JJc9m2p5IvF4tmVWzu8hfz9xJXT0uSBlSfzyoqkzJrsomtkCs Show response nid.naver-accounts.com/dynamicKey/	307 B 561 B	320ms 320ms	XHR text/html	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Full URL https://nid.naver-accounts.com/dynamicKey/p9-S6QgWr6-cJoL7P3Si28qiiBPhUR4FHrIQbjkjOBc7gXpjuA4udXheY5JJc9m2p5IvF4tmVWzu8hfz9xJXT0uSBlSfzyoqkzJrsomtkCs Requested by Host: nid.naver-accounts.com URL: https://nid.naver-accounts.com/login/js/v2/default/common_202105.js?v=20210813 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash a0835ec252f43ce6c19d88e470f8218bd69feb5a6902e03b98e87598113f00b8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:27 GMT Connection keep-alive Keep-Alive timeout=60 Content-Length 307 Content-Language de-DE Content-Type text/html;charset=utf-8
GET H/1.1	200	m nid.naver-accounts.com/	54 B 414 B	1064ms 1064ms	Image text/html	23.254.161.144 HOSTWINDS
General Check archive.org Show headers Download Go to Show image Full URL https://nid.naver-accounts.com/m?u=https%3A%2F%2Fnid.naver-accounts.com%2F&e=&os=Linux%20x86_64&ln=en-US&sr=1600x1200&pr=1&bw=1600&bh=1200&c=24&j=N&k=Y&i=&ct=&navigationStart=1644338544492&fetchStart=1644338544492&domainLookupStart=1644338544492&domainLookupEnd=1644338544642&connectStart=1644338544642&connectEnd=1644338544902&secureConnectionStart=1644338544769&requestStart=1644338544902&responseStart=1644338547581&responseEnd=1644338547582&domLoading=1644338547584&domInteractive=1644338548186&domContentLoadedEventStart=1644338548186&domContentLoadedEventEnd=1644338548186&domComplete=1644338548186&loadEventStart=1644338548186&loadEventEnd=1644338548186&first-paint=3327&first-contentful-paint=3327&pid=45b3fa37fa21cc5af8658c57573c9a73&ts=1644338548251&EOU Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.254.161.144 , United States, ASN54290 (HOSTWINDS, US), Reverse DNS hwsrv-940651.hostwindsdns.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://nid.naver-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 08 Feb 2022 16:42:29 GMT Connection keep-alive Keep-Alive timeout=60 Content-Length 54 Content-Language de-DE Content-Type text/html;charset=utf-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Naver (Online)

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __core-js_shared__ object| __sofabfp_registry object| sofa function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale function| normal function| show function| hide function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| swap_social_menu function| isOldIE function| selectItemByValue boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit function| ncaptchaInit function| doBUK function| goNotAdult boolean| already_submit function| loginAndDeviceAdd function| selectEvt function| useForm function| getNumberEscZero function| confirmAbroadContactSubmit function| confirmCaptchaSubmit function| confirmCaptchaSplitSubmit function| reCaptcha function| changeCaptchaMode object| playTimer function| clearAudio function| playSoundCaptcha function| goPage function| confirmNumberSubmit function| isNumberValidate function| initcheck function| u_skip function| help_ip_popup function| isObjExist function| addNclicksEvent function| addNormalEvent function| addNormalEventWithType function| getObjValue function| makeScroll function| isPrivateMode function| privateModeCheck function| idLogin function| onetimeLogin function| qrlogin function| checkProxy string| g_ssc string| ccsrv object| targetElement string| pageDirective string| id_error_msg string| pw_error_msg string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol number| soundDelay function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version function| ES6Promise boolean| isSet boolean| focusPw object| idElement object| id_line object| pwElement object| pw_line function| nolink string| smart_level object| nid_nnb string| ncaptchaType object| bvsd string| lcs_SerName

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nid.naver-accounts.com/	1969-12-31 23:59:59	Name: nid_slevel Value: 1
			nid.naver-accounts.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: EDCFCF308E70F8176377A973DEA938BA
			.naver-accounts.com/	1970-01-30 05:17:20	Name: NNB Value: RVEXIALVTUBGE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nid.naver-accounts.com
ssl.pstatic.net
2.18.233.157
23.254.161.144
27798ccc6385e82909ced357198a608139ae9e442b6c95bb4a311956c1fb89c8
3f881de4a84966097a34e7398354b3c07866bae0cc4e315a1b5b70d1dd37443c
87d0d09860e8fa7225358121284bc7f094a227bc580d91db1221ed44a66e38bd
8a92d63d31496759a0f4938e99d55e01f1d12893572e0953167faa3481b91cfb
a0835ec252f43ce6c19d88e470f8218bd69feb5a6902e03b98e87598113f00b8
c42ad204a38db49be99ad063cae29da831ba778da0753de73ed228269d4c76a0
dbec0a6f4f63ad346cc2e20fd1c52dd79a019978ee031ba0f76dbcb9d3fac6df
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eefcb014c21266f4a8cc6e1dfdb5d6e9e0f02d07bb25cca0a64e98c633b28343
f58f114b9d173c25cc4bb0139fbc52a62a6b868cbb0fbb9b456fc346696a807f