urlscan.io logo urlscan.io
SecurityTrails logo

we2blog.com Open in urlscan Pro
104.37.175.156  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://we2blog.com/pi/index.php
Submission: On November 24 via api from KR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 104.37.175.156, located in Dallas, United States and belongs to MAJESTIC-HOSTING-01, US. The main domain is we2blog.com.
TLS certificate: Issued by R3 on October 26th 2021. Valid for: 3 months.
This is the only time we2blog.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Daum (Online)

Domain & IP information

IP Address AS Autonomous System
1 104.37.175.156 396073 (MAJESTIC-...)
3 211.231.99.19 38099 (KAKAO-AS-...)
9 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 211.249.221.246 9457 (DREAMX-AS...)
1 113.29.190.176 9764 (DAUM-NET ...)
1 211.249.201.89 38099 (KAKAO-AS-...)
1 4 121.53.104.76 9457 (DREAMX-AS...)
2 121.53.105.147 9457 (DREAMX-AS...)
2 121.53.203.94 9457 (DREAMX-AS...)
23 9
1    104.37.175.156 (Dallas, United States)

ASN396073 (MAJESTIC-HOSTING-01, US)
PTR: server.resellerhostingfor39.com
we2blog.com
3    211.231.99.19 (Korea, Republic Of)

ASN38099 (KAKAO-AS-KR Kakao Corp, KR)
logins.daum.net
9    2a02:26f0:6c00::210:ba18 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
t1.daumcdn.net
1    211.249.221.246 (Korea, Republic Of)

ASN9457 (DREAMX-AS DREAMLINE CO., KR)
developers.kakao.com
1    113.29.190.176 (Korea, Republic Of)

ASN9764 (DAUM-NET Kakao Corp, KR)
m1.daumcdn.net
1    211.249.201.89 (Korea, Republic Of)

ASN38099 (KAKAO-AS-KR Kakao Corp, KR)
display.ad.daum.net
4    121.53.104.76 (Korea, Republic Of)

ASN9457 (DREAMX-AS DREAMLINE CO., KR)
track.tiara.daum.net
webid.ad.daum.net
webid.kakao.com
2    121.53.105.147 (Korea, Republic Of)

ASN9457 (DREAMX-AS DREAMLINE CO., KR)
ka.ad.daum.net
2    121.53.203.94 (Korea, Republic Of)

ASN9457 (DREAMX-AS DREAMLINE CO., KR)
kyson.ad.daum.net
Domain Requested by
9 t1.daumcdn.net we2blog.com
logins.daum.net
t1.daumcdn.net
3 logins.daum.net we2blog.com
2 kyson.ad.daum.net t1.daumcdn.net
2 ka.ad.daum.net t1.daumcdn.net
2 track.tiara.daum.net we2blog.com
1 webid.kakao.com we2blog.com
1 webid.ad.daum.net 1 redirects
1 display.ad.daum.net t1.daumcdn.net
1 m1.daumcdn.net we2blog.com
1 developers.kakao.com we2blog.com
1 we2blog.com
23 11

This site contains links to these domains. Also see Links.

Domain
www.daum.net
member.daum.net
www.kakaocorp.com
cs.daum.net
Subject Issuer Validity Valid
*.we2blog.com
R3		 2021-10-26 -
2022-01-24		 3 months crt.sh
logins.daum.net
DigiCert SHA2 Extended Validation Server CA		 2020-04-23 -
2022-06-24		 2 years crt.sh
*.daumcdn.net
DigiCert SHA2 Secure Server CA		 2021-09-29 -
2022-09-29		 a year crt.sh
*.kakao.com
Thawte TLS RSA CA G1		 2021-09-17 -
2022-09-30		 a year crt.sh
ad.daum.net
Thawte TLS RSA CA G1		 2021-01-07 -
2022-02-07		 a year crt.sh
www.tiara.kakao.com
Thawte TLS RSA CA G1		 2021-09-17 -
2022-08-06		 a year crt.sh

This page contains 2 frames:

Primary Page: https://we2blog.com/pi/index.php
Frame ID: DD979706DF39EA6EE9C820AA9F4E1AB2
Requests: 16 HTTP requests in this frame

Frame: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Frame ID: 37CD41620787FC9B75179154CD2E38F4
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Daum 로그인

Page Statistics

23
Requests

96 %
HTTPS

11 %
IPv6

4
Domains

11
Subdomains

9
IPs

3
Countries

203 kB
Transfer

602 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://webid.ad.daum.net/sync?v=0.0.1 HTTP 302
  • https://webid.kakao.com/sync?data=FN0MNyo1uZYrM2dGkDPricvGGG1SBxP%2BBnUNNMnLThG55zvRbSM5DFAPLpaMSgGw3yVzK%2Bsq9pX1XGqVwkycmntewx0t1VrkE57Cc%2Bg3kEH73E52wYOIv5iW3MDIQE%2F%2B

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
we2blog.com/pi/ 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://we2blog.com/pi/index.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.37.175.156 Dallas, United States, ASN396073 (MAJESTIC-HOSTING-01, US),
Reverse DNS
server.resellerhostingfor39.com
Software
Apache /
Resource Hash
538e28938da9665ced9802f2d9e1e17d6545463883fdb9542b9ba6232cfeabe7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 24 Nov 2021 14:08:54 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Length
3723
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
pc.css
logins.daum.net/contents/min/css/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logins.daum.net/contents/min/css/pc.css
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
211.231.99.19 , Korea, Republic Of, ASN38099 (KAKAO-AS-KR Kakao Corp, KR),
Reverse DNS
Software
Apache Tomcat /
Resource Hash
3e70b4792cec8323f565abd7afe03f39ee6516a8cb4a44fbdd8a26057f3efa77

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 24 Nov 2021 14:08:56 GMT
Content-Encoding
gzip
Last-Modified
Tue, 02 Nov 2021 02:39:54 GMT
Server
Apache Tomcat
ETag
W/"17063-1635820794000"
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Accept-Ranges
bytes
font_pc.css
logins.daum.net/contents/min/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://logins.daum.net/contents/min/css/font_pc.css
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
211.231.99.19 , Korea, Republic Of, ASN38099 (KAKAO-AS-KR Kakao Corp, KR),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
jquery-1.12.1.min.js
t1.daumcdn.net/id/statics/common/js-lib/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/id/statics/common/js-lib/jquery-1.12.1.min.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:55 GMT
content-encoding
gzip
last-modified
Tue, 05 Dec 2017 04:26:37 GMT
server
openresty
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=291808880
x-wcss
dC1jb21tb24wMS1id2NhY2hlNDE6MDpjaHR0cDoxNw==
accept-ranges
bytes
content-length
33894
expires
Sun, 23 Feb 2031 00:10:15 GMT
jquery.cookie-1.3.1.min.js
t1.daumcdn.net/id/statics/common/js-lib/ 		1000 B
777 B 		Script
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/id/statics/common/js-lib/jquery.cookie-1.3.1.min.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
e59bba1708d06698afe08ebc4c9ce3c9a14e1fca0d7826e824bd6ed04a153b54

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:55 GMT
content-encoding
gzip
last-modified
Tue, 12 Dec 2017 07:29:04 GMT
server
openresty
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=291798144
x-wcss
dC1jb21tb24wMS1id2NhY2hlMjY6MDpjaHR0cDoyMw==
accept-ranges
bytes
content-length
556
expires
Sat, 22 Feb 2031 21:11:19 GMT
kakao.min.js
developers.kakao.com/sdk/js/ 		109 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://developers.kakao.com/sdk/js/kakao.min.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
211.249.221.246 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
f283e13ad86fdb377cd3a36a1de7c6f9b96d1a348d0800a97faadf18e10426f5
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:55 GMT
content-encoding
gzip
last-modified
Tue, 26 Oct 2021 07:01:25 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=3600
strict-transport-security
max-age=15724800; includeSubDomains
expires
Wed, 24 Nov 2021 15:08:55 GMT
login-default.js
logins.daum.net/contents/min/js/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logins.daum.net/contents/min/js/login-default.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
211.231.99.19 , Korea, Republic Of, ASN38099 (KAKAO-AS-KR Kakao Corp, KR),
Reverse DNS
Software
Apache Tomcat /
Resource Hash
da547e7e12687f15c5fbc3b7c4dd7a7aa94a54fb8191742e48faaa78aa36ffb5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 24 Nov 2021 14:08:56 GMT
Content-Encoding
gzip
Last-Modified
Tue, 02 Nov 2021 02:39:54 GMT
Server
Apache Tomcat
ETag
W/"36902-1635820794000"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Accept-Ranges
bytes
ad.min.js
t1.daumcdn.net/adfit/static/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/adfit/static/ad.min.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
10397020b18155c46f267362d8c811c2a787ccf57dc2b5412b509f0a8d8ec7fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:56 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 10:51:01 GMT
server
openresty
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=18
x-wcss
dC1jb21tb24wMS1id2NhY2hlMjQ6MDpjaHR0cDoxOA==
accept-ranges
bytes
content-length
1059
expires
Wed, 24 Nov 2021 14:09:14 GMT
logo_daum.png
t1.daumcdn.net/id/logins/2020/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t1.daumcdn.net/id/logins/2020/logo_daum.png
Requested by
Host: logins.daum.net
URL: https://logins.daum.net/contents/min/css/pc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
50d4a8f26b0c851839a82ee89ac4cdbe92a520049d2cc005c45d04b872e6defe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://logins.daum.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:56 GMT
last-modified
Thu, 14 May 2020 07:46:09 GMT
server
openresty
content-type
image/png
cache-control
max-age=3223
x-wcss
dC1jb21tb24wMS1id2NhY2hlMzU6MDpjaHR0cDowOQ==
accept-ranges
bytes
content-length
1306
expires
Wed, 24 Nov 2021 15:02:39 GMT
ico_login_201224.png
t1.daumcdn.net/id/logins/2020/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t1.daumcdn.net/id/logins/2020/ico_login_201224.png
Requested by
Host: logins.daum.net
URL: https://logins.daum.net/contents/min/css/pc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
6845a3538e9237f310d087c193a3626926bd22dd49041836614673b1fa553813

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://logins.daum.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:56 GMT
last-modified
Thu, 24 Dec 2020 00:08:34 GMT
server
openresty
content-type
image/png
cache-control
max-age=1236
x-wcss
dC1jb21tb24wMS1id2NhY2hlNTE6MDpjaHR0cDowNQ==
accept-ranges
bytes
content-length
5333
expires
Wed, 24 Nov 2021 14:29:32 GMT
td.min.js
m1.daumcdn.net/tiara/js/ 		38 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m1.daumcdn.net/tiara/js/td.min.js
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
113.29.190.176 , Korea, Republic Of, ASN9764 (DAUM-NET Kakao Corp, KR),
Reverse DNS
Software
nginx /
Resource Hash
5ab4f05cbe1a5cf7b22b8609cefc5e0f09f8b8577fe9d9b2e775279045a027b4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:57 GMT
content-encoding
gzip
last-modified
Mon, 11 Nov 2019 06:50:37 GMT
server
nginx
age
4456
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=7200
x-wcss
dC1jb21tb24wMS1id2NhY2hlNTM6MDpjaHR0cDozMQ==
accept-ranges
bytes
content-length
10260
expires
Wed, 24 Nov 2021 14:54:41 GMT
ba.min.js
t1.daumcdn.net/kas/static/ 		168 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/kas/static/ba.min.js
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/static/ad.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
4b8d202bc7f2185eb59c207db9cd63aa360c483136e24d0db4ab987ce310f150

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:56 GMT
content-encoding
gzip
last-modified
Mon, 22 Nov 2021 08:01:02 GMT
server
openresty
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=3087
x-wcss
dC1jb21tb24wMS1id2NhY2hlMTowOmNodHRwOjI2
accept-ranges
bytes
content-length
50866
expires
Wed, 24 Nov 2021 15:00:23 GMT
banner
display.ad.daum.net/sdk/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://display.ad.daum.net/sdk/banner?id=00Y28&sdktype=web&sdkver=4.1.2&secretmode=N&pxratio=1&pwidth=1600&pheight=1200&network=6&surl=https%3A%2F%2Fwe2blog.com%2Fpi%2Findex.php&containerid=kakao_ad_K7iGqr&cookiedisabled=N&ppi=96&lmt=N&test=N&ctag=%7B%7D&rfseq=1&sdkid=5ad4a339-7fc9-4209-9982-82791cd01cd9
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/kas/static/ba.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
211.249.201.89 , Korea, Republic Of, ASN38099 (KAKAO-AS-KR Kakao Corp, KR),
Reverse DNS
Software
Apache /
Resource Hash
bb562b94d8ce3d51b1068b39132572a44b3161c14e31a9fc29e67a26fde0b464

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 24 Nov 2021 14:08:57 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin, strict-origin-when-cross-origin
Server
Apache
Vary
Origin,Accept-Encoding
P3P
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Access-Control-Allow-Origin
https://we2blog.com
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
close
Content-Type
application/json
Content-Length
1760
footsteps
track.tiara.daum.net/queen/ 		13 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.tiara.daum.net/queen/footsteps?dummy=1639551440609&ishome=U&referer=&title=Daum%20%EB%A1%9C%EA%B7%B8%EC%9D%B8&version=2.8.7&dpr=1&cke=Y&tz=0&rand_id=1637762937962&pck=Y&puid=1637762937962&url=https%3A%2F%2Fwe2blog.com%2Fpi%2Findex.php
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
121.53.104.76 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:58 GMT
content-length
13
strict-transport-security
max-age=15724800; includeSubDomains
content-type
text/plain; charset=utf-8
af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
t1.daumcdn.net/adfit/adunit_style/ Frame 37CD 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/kas/static/ba.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
689a7453e7a3e8084333e9d6d76cd01c33c5bb929517ec35cf58209a2be33a48

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/

Response headers

last-modified
Thu, 04 Nov 2021 05:10:09 GMT
server
openresty
content-type
text/html
accept-ranges
bytes
x-wcss
dC1jb21tb24wMS1id2NhY2hlNzA6MDpjaHR0cDoxMA==
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=13419
expires
Wed, 24 Nov 2021 17:52:37 GMT
date
Wed, 24 Nov 2021 14:08:58 GMT
content-length
3785
na.min.js
t1.daumcdn.net/kas/static/ Frame 37CD 		97 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t1.daumcdn.net/kas/static/na.min.js
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
2579d7e2b7c8d828d537e82072a0063d05fe29afa8a4fc5d3b80ddf1a28a4f9a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:58 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 10:22:30 GMT
server
openresty
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2660
x-wcss
dC1jb21tb24wMS1id2NhY2hlMzI6MDpjaHR0cDoyMw==
accept-ranges
bytes
content-length
30249
expires
Wed, 24 Nov 2021 14:53:18 GMT
ico_adlogo2.png
t1.daumcdn.net/biz/ui/ad/ Frame 37CD 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t1.daumcdn.net/biz/ui/ad/ico_adlogo2.png
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
750c0c8f5484e0b7ca7c69f0f4ef3eb382dd96a133f24592a9bb23586290c08f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:58 GMT
last-modified
Wed, 17 Mar 2021 02:58:49 GMT
server
openresty
content-type
image/png
cache-control
max-age=8785
x-wcss
dC1jb21tb24wMS1id2NhY2hlMTA6MDpjaHR0cDoyNw==
accept-ranges
bytes
content-length
4637
expires
Wed, 24 Nov 2021 16:35:23 GMT
Tpn9jrMaHHPsWmxn2b6D508W3UptDqPqxiujD9bKMwwz3IUrIF9mugq3AdkKE77QgNDD1XTVdeKf2dZdOgs3Prt4wTzs_OQEpUC8vKLdyROvO5rgs55KcVBm0LFKDDO8m9Y3CjaHEJLgxsWeM2VVzNnUUDzP_Pe-aIUQYn2IZ3pcmIPyEoQC
ka.ad.daum.net/rimp/ Frame 37CD 		43 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ka.ad.daum.net/rimp/Tpn9jrMaHHPsWmxn2b6D508W3UptDqPqxiujD9bKMwwz3IUrIF9mugq3AdkKE77QgNDD1XTVdeKf2dZdOgs3Prt4wTzs_OQEpUC8vKLdyROvO5rgs55KcVBm0LFKDDO8m9Y3CjaHEJLgxsWeM2VVzNnUUDzP_Pe-aIUQYn2IZ3pcmIPyEoQC?p=33anEzkaoKfcwK44qfu5gQ
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
121.53.105.147 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:59 GMT
content-length
43
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
rendered
kyson.ad.daum.net/ad/ Frame 37CD 		43 B
271 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kyson.ad.daum.net/ad/rendered?request_id=1b12a26d-6fb8-45ea-9623-a5b4300fe1a3&adunit_id=00Y28&bid_id=742ae717-ce68-4136-820a-4173b01c021e1&dsp_id=KEYWORDAD&med_dsp_id=KAAS_CM&network_type=DAUM&sdk_type=web&sdk_version=4.1.2&ad_type=Banner&w=250&h=250&template_seq=25
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
121.53.203.94 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 24 Nov 2021 14:08:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
webid.kakao.com/
Redirect Chain
  • https://webid.ad.daum.net/sync?v=0.0.1
  • https://webid.kakao.com/sync?data=FN0MNyo1uZYrM2dGkDPricvGGG1SBxP%2BBnUNNMnLThG55zvRbSM5DFAPLpaMSgGw3yVzK%2Bsq9pX1XGqVwkycmntewx0t1VrkE57Cc%2Bg3kEH73E52wYOIv5iW3MDIQE%2F%2B
35 B
711 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webid.kakao.com/sync?data=FN0MNyo1uZYrM2dGkDPricvGGG1SBxP%2BBnUNNMnLThG55zvRbSM5DFAPLpaMSgGw3yVzK%2Bsq9pX1XGqVwkycmntewx0t1VrkE57Cc%2Bg3kEH73E52wYOIv5iW3MDIQE%2F%2B
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Server
121.53.104.76 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Nov 2021 14:08:59 GMT
x-frame-options
DENY
access-control-allow-methods
GET
p3p
CP="ALL DSP COR MON LAW IVDi HIS IVAi DELi SAMi OUR LEG PHY UNI ONL DEM STA INT NAV PUR FIN OTC GOV"
access-control-allow-origin
*
access-control-max-age
120
cache-control
no-cache, no-store
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
content-length
35
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Nov 2021 14:08:59 GMT
location
https://webid.kakao.com/sync?data=FN0MNyo1uZYrM2dGkDPricvGGG1SBxP%2BBnUNNMnLThG55zvRbSM5DFAPLpaMSgGw3yVzK%2Bsq9pX1XGqVwkycmntewx0t1VrkE57Cc%2Bg3kEH73E52wYOIv5iW3MDIQE%2F%2B
x-frame-options
DENY
access-control-allow-methods
GET
p3p
CP="ALL DSP COR MON LAW IVDi HIS IVAi DELi SAMi OUR LEG PHY UNI ONL DEM STA INT NAV PUR FIN OTC GOV"
access-control-allow-origin
*
access-control-max-age
120
cache-control
no-cache, no-store
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
content-length
35
expires
Thu, 01 Jan 1970 00:00:00 GMT
footsteps
track.tiara.daum.net/queen/ 		13 B
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.tiara.daum.net/queen/footsteps?dummy=1639551440609&ishome=U&referer=&title=Daum%20%EB%A1%9C%EA%B7%B8%EC%9D%B8&version=2.8.7&dpr=1&cke=Y&tz=0&rand_id=1637762937962&pck=Y&puid=1637762937962&url=https%3A%2F%2Fwe2blog.com%2Fpi%2Findex.php
Requested by
Host: we2blog.com
URL: https://we2blog.com/pi/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
121.53.104.76 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://we2blog.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:58 GMT
content-length
13
strict-transport-security
max-age=15724800; includeSubDomains
content-type
text/plain; charset=utf-8
Tpn9jrMaHHPsWmxn2b6D508W3UptDqPqxiujD9bKMwwz3IUrIF9mugq3AdkKE77QgNDD1XTVdeKf2dZdOgs3Prt4wTzs_OQEpUC8vKLdyROvO5rgs55KcVBm0LFKDDO8m9Y3CjaHEJLgxsWeM2VVzNnUUDzP_Pe-aIUQYn2IZ3pcmIPyEoQC
ka.ad.daum.net/vimp/ Frame 37CD 		43 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ka.ad.daum.net/vimp/Tpn9jrMaHHPsWmxn2b6D508W3UptDqPqxiujD9bKMwwz3IUrIF9mugq3AdkKE77QgNDD1XTVdeKf2dZdOgs3Prt4wTzs_OQEpUC8vKLdyROvO5rgs55KcVBm0LFKDDO8m9Y3CjaHEJLgxsWeM2VVzNnUUDzP_Pe-aIUQYn2IZ3pcmIPyEoQC?p=33anEzkaoKfcwK44qfu5gQ
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
121.53.105.147 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:08:59 GMT
content-length
43
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
viewable
kyson.ad.daum.net/ad/ Frame 37CD 		43 B
271 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kyson.ad.daum.net/ad/viewable?request_id=1b12a26d-6fb8-45ea-9623-a5b4300fe1a3&adunit_id=00Y28&bid_id=742ae717-ce68-4136-820a-4173b01c021e1&dsp_id=KEYWORDAD&med_dsp_id=KAAS_CM&network_type=DAUM&sdk_type=web&sdk_version=4.1.2&ad_type=Banner&w=250&h=250&template_seq=25
Requested by
Host: t1.daumcdn.net
URL: https://t1.daumcdn.net/adfit/adunit_style/af285d678bda9ab9ef3d5bd0f338fe3aab7f54a7
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
121.53.203.94 , Korea, Republic Of, ASN9457 (DREAMX-AS DREAMLINE CO., KR),
Reverse DNS
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t1.daumcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 24 Nov 2021 14:08:59 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Daum (Online)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| Kakao undefined| easyXDM object| daumlogin function| requestUpdateToken function| LoginTextField function| VirtualKeyView function| LoginForm function| toggleBodyClass function| rng_seed_int function| rng_seed_time function| pool_init object| _tiq object| __adfit__ object| regeneratorRuntime function| adfit function| Jackdaw object| __Tiara object| __cm

8 Cookies

Domain/Path Name / Value
we2blog.com/ Name: adfit_sdk_id
Value: 5ad4a339-7fc9-4209-9982-82791cd01cd9
.ad.daum.net/ Name: aid
Value: 5696af13cfb64345823c4aea558ed44f
.ad.daum.net/ Name: aid_ts
Value: 1637762937740
.daum.net/ Name: webid
Value: 5696af13cfb64345823c4aea558ed44f
.daum.net/ Name: webid_sync
Value: 1637762939149
.daum.net/ Name: webid_ts
Value: 1637762937740
.kakao.com/ Name: webid
Value: 5696af13cfb64345823c4aea558ed44f
.kakao.com/ Name: webid_ts
Value: 1637762937740

3 Console Messages

Source Level URL
Text
network error URL: https://logins.daum.net/contents/min/css/font_pc.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://track.tiara.daum.net/queen/footsteps?dummy=1639551440609&ishome=U&referer=&title=Daum%20%EB%A1%9C%EA%B7%B8%EC%9D%B8&version=2.8.7&dpr=1&cke=Y&tz=0&rand_id=1637762937962&pck=Y&puid=1637762937962&url=https%3A%2F%2Fwe2blog.com%2Fpi%2Findex.php
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://track.tiara.daum.net/queen/footsteps?dummy=1639551440609&ishome=U&referer=&title=Daum%20%EB%A1%9C%EA%B7%B8%EC%9D%B8&version=2.8.7&dpr=1&cke=Y&tz=0&rand_id=1637762937962&pck=Y&puid=1637762937962&url=https%3A%2F%2Fwe2blog.com%2Fpi%2Findex.php
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

developers.kakao.com
display.ad.daum.net
ka.ad.daum.net
kyson.ad.daum.net
logins.daum.net
m1.daumcdn.net
t1.daumcdn.net
track.tiara.daum.net
we2blog.com
webid.ad.daum.net
webid.kakao.com
104.37.175.156
113.29.190.176
121.53.104.76
121.53.105.147
121.53.203.94
211.231.99.19
211.249.201.89
211.249.221.246
2a02:26f0:6c00::210:ba18
10397020b18155c46f267362d8c811c2a787ccf57dc2b5412b509f0a8d8ec7fd
2359d383bf2d4ab65ebf7923bdf74ce40e4093f6e58251b395a64034b3c39772
2579d7e2b7c8d828d537e82072a0063d05fe29afa8a4fc5d3b80ddf1a28a4f9a
3e70b4792cec8323f565abd7afe03f39ee6516a8cb4a44fbdd8a26057f3efa77
4b8d202bc7f2185eb59c207db9cd63aa360c483136e24d0db4ab987ce310f150
50d4a8f26b0c851839a82ee89ac4cdbe92a520049d2cc005c45d04b872e6defe
538e28938da9665ced9802f2d9e1e17d6545463883fdb9542b9ba6232cfeabe7
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5ab4f05cbe1a5cf7b22b8609cefc5e0f09f8b8577fe9d9b2e775279045a027b4
6845a3538e9237f310d087c193a3626926bd22dd49041836614673b1fa553813
689a7453e7a3e8084333e9d6d76cd01c33c5bb929517ec35cf58209a2be33a48
750c0c8f5484e0b7ca7c69f0f4ef3eb382dd96a133f24592a9bb23586290c08f
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bb562b94d8ce3d51b1068b39132572a44b3161c14e31a9fc29e67a26fde0b464
da547e7e12687f15c5fbc3b7c4dd7a7aa94a54fb8191742e48faaa78aa36ffb5
e59bba1708d06698afe08ebc4c9ce3c9a14e1fca0d7826e824bd6ed04a153b54
f283e13ad86fdb377cd3a36a1de7c6f9b96d1a348d0800a97faadf18e10426f5