urlscan.io logo urlscan.io
SecurityTrails logo

script.theprimead.co.kr Open in urlscan Pro
117.52.89.137  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://post-blog.com/
Effective URL: http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D1003331009531...
Submission: On December 15 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 8 HTTP transactions. The main IP is 117.52.89.137, located in Korea, Republic Of and belongs to LGDACOM LG DACOM Corporation, KR. The main domain is script.theprimead.co.kr.
This is the only time script.theprimead.co.kr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.124.228.27 16509 (AMAZON-02)
1 4 117.52.89.137 3786 (LGDACOM L...)
1 2a00:1450:400... 15169 (GOOGLE)
1 184.51.8.54 16625 (AKAMAI-AS)
1 103.105.156.218 9639 (WIDERPLAN...)
1 103.105.156.200 9639 (WIDERPLAN...)
8 6
1    13.124.228.27 (Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-124-228-27.ap-northeast-2.compute.amazonaws.com
post-blog.com
4    117.52.89.137 (Korea, Republic Of)

ASN3786 (LGDACOM LG DACOM Corporation, KR)
script.theprimead.co.kr
1    2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    184.51.8.54 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-8-54.deploy.static.akamaitechnologies.com
cdn-aitg.widerplanet.com
1    103.105.156.218 (Korea, Republic Of)

ASN9639 (WIDERPLANET-AS-KR Wider Planet, KR)
astg.widerplanet.com
1    103.105.156.200 (Korea, Republic Of)

ASN9639 (WIDERPLANET-AS-KR Wider Planet, KR)
adtg.widerplanet.com
Apex Domain
Subdomains		 Transfer
4 theprimead.co.kr
script.theprimead.co.kr
10 KB
3 widerplanet.com
cdn-aitg.widerplanet.com — Cisco Umbrella Rank: 30126
astg.widerplanet.com — Cisco Umbrella Rank: 28984
adtg.widerplanet.com — Cisco Umbrella Rank: 160119
7 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 304
34 KB
1 post-blog.com
post-blog.com
418 B
0 hearina.com Failed
blackhole.hearina.com Failed
8 5
Domain Requested by
4 script.theprimead.co.kr 1 redirects script.theprimead.co.kr
ajax.googleapis.com
1 adtg.widerplanet.com ajax.googleapis.com
1 astg.widerplanet.com cdn-aitg.widerplanet.com
1 cdn-aitg.widerplanet.com script.theprimead.co.kr
1 ajax.googleapis.com script.theprimead.co.kr
1 post-blog.com 1 redirects
0 blackhole.hearina.com Failed ajax.googleapis.com
8 7

This site contains no links.

Subject Issuer Validity Valid
*.widerplanet.com
Go Daddy Secure Certificate Authority - G2		 2022-08-07 -
2023-09-08		 a year crt.sh

This page contains 2 frames:

Primary Page: http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
Frame ID: 00594BEDD9F8E09C3B1C8D3AD70E0C34
Requests: 7 HTTP requests in this frame

Frame: https://astg.widerplanet.com/delivery/storage
Frame ID: 0019C501652FDDB593657B77416C8883
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Document

Page URL History Show full URLs

  1. http://post-blog.com/ HTTP 302
    http://script.theprimead.co.kr/getSiteMatch_script_mobile.php?jsoncallback=aaa&_NMNP_=557&pb_url=http://cli... HTTP 302
    http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

25 %
HTTPS

17 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

51 kB
Transfer

117 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://post-blog.com/ HTTP 302
    http://script.theprimead.co.kr/getSiteMatch_script_mobile.php?jsoncallback=aaa&_NMNP_=557&pb_url=http://click.dotmap.co.kr/?pf_code=100333100953100696 HTTP 302
    http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request passback_url_5.php
script.theprimead.co.kr/
Redirect Chain
  • http://post-blog.com/
  • http://script.theprimead.co.kr/getSiteMatch_script_mobile.php?jsoncallback=aaa&_NMNP_=557&pb_url=http://click.dotmap.co.kr/?pf_code=100333100953100696
  • http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
995 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
Protocol
HTTP/1.1
Server
117.52.89.137 , Korea, Republic Of, ASN3786 (LGDACOM LG DACOM Corporation, KR),
Reverse DNS
Software
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29 / PHP/5.3.29
Resource Hash
14399216476779658f2a9b10b052751f378f3837cb4394487b98923907f778ee

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Content-Length
995
Content-Type
text/html; charset=utf-8
Date
Thu, 15 Dec 2022 19:54:49 GMT
Server
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29
X-Powered-By
PHP/5.3.29

Redirect headers

Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Thu, 15 Dec 2022 19:54:49 GMT
Location
//script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
P3P
CP="NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE"
Server
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29
X-Powered-By
PHP/5.3.29
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: script.theprimead.co.kr
URL: http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
Protocol
HTTP/1.1
Server
2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://script.theprimead.co.kr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 15 Dec 2022 08:11:55 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
42175
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy
cross-origin
Content-Length
33951
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="hosted-libraries-pushers"
Vary
Accept-Encoding
Report-To
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Fri, 15 Dec 2023 08:11:55 GMT
adr.js
cdn-aitg.widerplanet.com/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn-aitg.widerplanet.com/js/adr.js
Requested by
Host: script.theprimead.co.kr
URL: http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
Protocol
HTTP/1.1
Server
184.51.8.54 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-54.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
90db70e496ef140375f9fabdf16ef7e78b59707d9e41d181c2687583a31a52f7

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://script.theprimead.co.kr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 15 Dec 2022 19:54:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Nov 2022 01:30:24 GMT
Server
nginx
ETag
W/"637d77b0-2f97"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
5119
primeBridge1.js
script.theprimead.co.kr/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://script.theprimead.co.kr/js/primeBridge1.js?var=2
Requested by
Host: script.theprimead.co.kr
URL: http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
Protocol
HTTP/1.1
Server
117.52.89.137 , Korea, Republic Of, ASN3786 (LGDACOM LG DACOM Corporation, KR),
Reverse DNS
Software
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29 /
Resource Hash
acbe643af24e24d11be2578ff8f9f1d442bd5ffd92093ac21f27c22f6e41b4ea

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Thu, 15 Dec 2022 19:54:49 GMT
Last-Modified
Mon, 08 Jun 2020 10:13:23 GMT
Server
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29
Accept-Ranges
bytes
ETag
"13f867-1eac-5a78fdc6016c0"
Content-Length
7852
Content-Type
application/javascript
storage
astg.widerplanet.com/delivery/ Frame 0019 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://astg.widerplanet.com/delivery/storage
Requested by
Host: cdn-aitg.widerplanet.com
URL: http://cdn-aitg.widerplanet.com/js/adr.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.105.156.218 , Korea, Republic Of, ASN9639 (WIDERPLANET-AS-KR Wider Planet, KR),
Reverse DNS
Software
nginx /
Resource Hash
e270f53080812a5da2b2e937ce48dbc794f3442b872f1f2003e3bdd2d2d901dc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://script.theprimead.co.kr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ch
device-memory, dpr, width, viewport-width, rtt, downlink, ect, ua, platform, model, mobile
accept-ch-lifetime
86400
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-language
it-IT
content-type
text/html;charset=UTF-8
date
Thu, 15 Dec 2022 19:54:51 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-xss-protection
0
adw.php
adtg.widerplanet.com/delivery/ 		2 B
947 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adtg.widerplanet.com/delivery/adw.php?zoneid=28910&category=www.eposting.co.kr_557&passback=www.eposting.co.kr&loc=http%3A%2F%2Fscript.theprimead.co.kr%2Fpassback_url_5.php%3FmCode%3D557%26pb_url%3Dhttp%253A%252F%252Fclick.dotmap.co.kr%252F%253Fpf_code%253D100333100953100696&src=adr&cb=65933917540&t=1671134091&origin=http%3A%2F%2Fscript.theprimead.co.kr
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.105.156.200 , Korea, Republic Of, ASN9639 (WIDERPLANET-AS-KR Wider Planet, KR),
Reverse DNS
Software
nginx /
Resource Hash
12ae32cb1ec02d01eda3581b127c1fee3b0dc53572ed6baf239721a03d82e126
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept
*/*
Referer
http://script.theprimead.co.kr/
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Dec 2022 19:54:51 GMT
content-encoding
gzip
server
nginx
accept-ch
device-memory, dpr, width, viewport-width, rtt, downlink, ect, ua, platform, model, mobile
vary
Accept-Encoding
accept-ch-lifetime
86400
content-type
application/json; charset=UTF-8
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
http://script.theprimead.co.kr
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
pbc
2580
x-xss-protection
0
expires
Mon, 26 Jul 1997 05:00:00 GMT
getSiteMatch_script_mobile2.php
script.theprimead.co.kr/ 		301 B
610 B 		Script
General
Check archive.org
Download Go to
Full URL
http://script.theprimead.co.kr/getSiteMatch_script_mobile2.php?jsoncallback=jQuery112409004357026323324_1671134090375&scode=0&_NMNP_=557&passback=y&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696&_=1671134090376
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
HTTP/1.1
Server
117.52.89.137 , Korea, Republic Of, ASN3786 (LGDACOM LG DACOM Corporation, KR),
Reverse DNS
Software
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29 / PHP/5.3.29
Resource Hash
57e4c08a645e474a5cc2d46a6bf94127ff65595024b7b595d44828216fb2cbd3

Request headers

accept-language
it-IT,it;q=0.9
Referer
http://script.theprimead.co.kr/passback_url_5.php?mCode=557&pb_url=http%3A%2F%2Fclick.dotmap.co.kr%2F%3Fpf_code%3D100333100953100696
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P
CP="NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE"
Date
Thu, 15 Dec 2022 19:54:51 GMT
Server
Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips DAV/2 PHP/5.3.29
X-Powered-By
PHP/5.3.29
Content-Length
301
Content-Type
text/html; charset=utf-8
/
blackhole.hearina.com/returnattack/gid/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blackhole.hearina.com
URL
http://blackhole.hearina.com/returnattack/gid/?midx=557&rnd=687103

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery object| WiderPlanetAdRenderer object| initPrimeAd function| _pppClose boolean| isSetPrimeAd string| w_passback string| w_category string| w_page_location object| WiderPlanetAdRendererVar

5 Cookies

Domain/Path Name / Value
script.theprimead.co.kr/ Name: 1:3b1_0
Value: 1:3b1_0_to_10:8077
.widerplanet.com/ Name: OAID_S
Value: s1671134091.1829
.widerplanet.com/ Name: OAID
Value: 30d35e61ae634fce5f8c712c3c6662c3
.widerplanet.com/ Name: OAIDT
Value: S
.widerplanet.com/ Name: TGSID
Value: rmy7bf#539335ecb6b7bd1961f9c99617ebc1cc