usweasemailuser.com
Open in
urlscan Pro
23.92.211.2
Malicious Activity!
Public Scan
Effective URL: http://usweasemailuser.com/nid.naver.com/user.account_restore.message/nid.login.htm
Submission: On October 22 via automatic, source openphish
Summary
This is the only time usweasemailuser.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Naver (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 23.92.211.2 23.92.211.2 | 31863 (DACEN-2) (DACEN-2) | |
4 | 203.104.163.42 203.104.163.42 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
3 | 210.89.164.55 210.89.164.55 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
1 | 203.104.163.21 203.104.163.21 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
10 | 4 |
ASN31863 (DACEN-2, US)
domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com | |
usweasemailuser.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
naver.com
nid.naver.com static.nid.naver.com lcs.naver.com |
163 KB |
2 |
usweasemailuser.com
domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com usweasemailuser.com |
8 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
4 | nid.naver.com |
usweasemailuser.com
|
3 | static.nid.naver.com |
nid.naver.com
|
1 | lcs.naver.com | |
1 | usweasemailuser.com |
domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com
|
1 | domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com | |
10 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.naver.com |
help.naver.com |
nid.naver.com |
www.navercorp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
nid.naver.com DigiCert ECC Extended Validation Server CA |
2019-08-19 - 2021-08-23 |
2 years | crt.sh |
static.nid.naver.com GeoTrust RSA CA 2018 |
2019-01-30 - 2021-01-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://usweasemailuser.com/nid.naver.com/user.account_restore.message/nid.login.htm
Frame ID: B26DFC85F99E488D1C45FBDAA6E76676
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com/PleaseWait.Redir.php Page URL
- http://usweasemailuser.com/nid.naver.com/user.account_restore.message/nid.login.htm Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: NAVER
Search URL Search Domain Scan URL
Title: View help
Search URL Search Domain Scan URL
Title: Username
Search URL Search Domain Scan URL
Title: Password?
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Line
Search URL Search Domain Scan URL
Title: naver
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com/PleaseWait.Redir.php Page URL
- http://usweasemailuser.com/nid.naver.com/user.account_restore.message/nid.login.htm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
PleaseWait.Redir.php
domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com/ |
153 B 360 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
nid.login.htm
usweasemailuser.com/nid.naver.com/user.account_restore.message/ |
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w_20191231.css
nid.naver.com/login/css/global/desktop/ |
96 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bvsd.1.3.4.min.js
nid.naver.com/login/js/ |
94 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
nid.naver.com/login/js/default/ |
85 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.js
nid.naver.com/login/js/default/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sp_u_skip.png
static.nid.naver.com/images/web/user/ |
967 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pc_sp_login_190522.png
static.nid.naver.com/images/ui/login/ |
88 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sel_arr_2x.gif
static.nid.naver.com/images/login/global/sns/desktop/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m
lcs.naver.com/ |
43 B 415 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Naver (Online)224 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| __core-js_shared__ object| __sofabfp_registry object| sofa function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| hex2b64 function| b64tohex function| b64toBA boolean| isIE boolean| isWin boolean| isOpera number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr number| t undefined| z function| $ function| resizePopup function| viewKeyboard function| switchkeyboard function| switchlocale function| normal function| onetime function| show function| hide function| _addEvent function| _addInputEvent function| addInputEvent function| addDeleteButtonEvent function| msieblur function| borderOn function| borderOff function| confirmSubmit function| encryptIdPw function| getKeyByRuntimeInclude function| clearErrorLayers function| keySplit function| getLenChar function| respSelect string| getkeyurl number| curtimecheck function| getKeysv2 function| getAjaxResult function| getXmlHttp function| getCookie function| savedLong function| ipCheckOff function| ipCheckOn function| setSmartLevel function| initSmartLevel function| ipCheck boolean| isshift boolean| userStrokes function| checkShiftUp function| checkShiftDown boolean| is_capslockon function| checkEnt function| capslockevt function| swap_social_menu function| isOldIE function| persist_usage boolean| view_onetimeusage function| viewOnetime function| selectItemByValue boolean| inSubmitProgress function| confirmSplitSubmit function| encryptIdPwSplit function| getKeyByRuntimeIncludeSplit function| ncaptchaInit function| doBUK function| goNotAdult boolean| already_submit function| loginAndDeviceAdd function| selectEvt function| useForm function| getNumberEscZero function| confirmAbroadContactSubmit function| confirmCaptchaSubmit function| confirmCaptchaSplitSubmit function| reCaptcha function| changeCaptchaMode object| playTimer function| clearAudio function| playSoundCaptcha function| goPage function| confirmNumberSubmit function| initcheck function| isNumberValidate function| onSubmitSleep function| otp_persist_usage function| savedAuto function| addKeepOTPEvent function| confirmOTPSubmit function| isOtpValidate boolean| ajaxForceStop string| clintAgent boolean| isMSIE8 boolean| isMSIE9 string| token_push_value function| addPushTokenValue function| release2nd function| notAskAgain function| no_save_case function| viewLayer function| confirmPushOTPSubmit number| currentSec number| pushCallCnt number| pollCnt number| callCnt number| initSec number| waitLimit function| makeTimer number| callgcnt function| callBackground function| checkFail function| checkLabel function| rePush function| askServerStatus function| u_skip function| help_ip_popup function| isObjExist function| addNclicksEvent function| addNormalEvent function| addNormalEventWithType function| getObjValue function| doblur function| dofocus string| g_ssc string| ccsrv object| targetElement string| cr string| id_error_msg string| pw_error_msg string| session_keys string| pc_keyboard_close string| pc_keyboard_open string| view_char string| view_symbol number| soundDelay function| nclk_proxy function| nclk function| nclk_v2 function| nclks_select function| nclks_clsnm function| nclks_chk function| nclks function| lcs_do function| lcs_do_gdid function| lcs_get_lpid function| lcs_update_lpid string| lcs_version boolean| isSet object| pwElement function| nolink number| smart_level string| lcs_SerName0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
domainslogin.nidnavers.com.mail.cssleurlsnaver.com-end.users.com.usweasemailuser.com
lcs.naver.com
nid.naver.com
static.nid.naver.com
usweasemailuser.com
203.104.163.21
203.104.163.42
210.89.164.55
23.92.211.2
2028b7287b0a29fa946ed3c8faac1cd5db6c6bb0e6514380b9d7d61dbe3d351f
21be6129d47f2ef87a6e867141936861e3dd063ae59903c668d360747b804d66
30c6f7a0498e0ae7e9f7a46c13b18dc0220a561b5b5ef2da53b2dde92bcc2523
580b775de70497d345ca4effaeb75a8284b5f6cf42875bac5b9edb9a658a3faa
67bef5d26af42c5a7842ecd98bf3df205cf8de0270802b34a2380de4eb517d46
b273657638e8b7e43fd5d9b06ac27a4ef8a8ad9150ef6a3d1fb26afaa67167ca
b283bd73dfa96ff9bbae95734e91f369d1f825b83c37860a993eabb75ea99ebc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dca689f4898cb1f2304a6c99a2de502d6fdd86154c38feec8c7db49bb62ec1d3
f6b3492f2cd408b2e0e49bba324148a3e7f62d4634f09ea203b4122ff9953196