urlscan.io logo urlscan.io
SecurityTrails logo

puertanaranja.com Open in urlscan Pro
198.54.114.140  Public Scan

Go To Rescan Add Verdict Report
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Submission: On May 26 via manual from EE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 8 domains to perform 8 HTTP transactions. The main IP is 198.54.114.140, located in United States and belongs to NAMECHEAP-NET, US. The main domain is puertanaranja.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 27th 2022. Valid for: 3 months.
This is the only time puertanaranja.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 198.54.114.140 22612 (NAMECHEAP...)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 67.199.248.10 396982 (GOOGLE-CL...)
1 103.29.196.156 58375 (UNUD-AS-I...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 96.43.128.66 19969 (JOESDATAC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 65.21.235.194 24940 (HETZNER-AS)
8 8
1    198.54.114.140 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: shopmodernwave.com
puertanaranja.com
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    67.199.248.10 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
1    103.29.196.156 (Indonesia)

ASN58375 (UNUD-AS-ID Universitas Udayana, ID)
www.unud.ac.id
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
4.bp.blogspot.com
1    96.43.128.66 (United States)

ASN19969 (JOESDATACENTER, US)
cur.cursors-4u.net
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    65.21.235.194 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.194.235.21.65.clients.your-server.de
k.top4top.io
Apex Domain
Subdomains		 Transfer
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 277
fonts.googleapis.com — Cisco Umbrella Rank: 42
35 KB
1 top4top.io
k.top4top.io
1 gstatic.com
fonts.gstatic.com
12 KB
1 cursors-4u.net
cur.cursors-4u.net — Cisco Umbrella Rank: 547236
4 KB
1 blogspot.com
4.bp.blogspot.com — Cisco Umbrella Rank: 11213
68 KB
1 unud.ac.id
www.unud.ac.id
2 KB
1 bit.ly
bit.ly — Cisco Umbrella Rank: 4394
314 B
1 puertanaranja.com
puertanaranja.com
1 KB
8 8
Domain Requested by
1 k.top4top.io puertanaranja.com
1 fonts.gstatic.com fonts.googleapis.com
1 cur.cursors-4u.net puertanaranja.com
1 4.bp.blogspot.com puertanaranja.com
1 fonts.googleapis.com puertanaranja.com
1 www.unud.ac.id puertanaranja.com
1 bit.ly 1 redirects
1 ajax.googleapis.com puertanaranja.com
1 puertanaranja.com
8 9

This site contains no links.

Subject Issuer Validity Valid
puertanaranja.com
ZeroSSL RSA Domain Secure Site CA		 2022-04-27 -
2022-07-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
ani.cursors-4u.net
R3		 2022-04-18 -
2022-07-17		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
top4top.io
R3		 2022-04-14 -
2022-07-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://puertanaranja.com/uplink.in.gov/readme.html
Frame ID: 791261F7C3C190F1D70416E006CD0743
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hacked by Tn.Rezza403

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

88 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

8
IPs

4
Countries

122 kB
Transfer

249 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://bit.ly/2UGCIC5 HTTP 301
  • https://www.unud.ac.id/ac-admin/js/plugins/ckeditor/samples/sample.css

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request readme.html
puertanaranja.com/uplink.in.gov/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.114.140 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
shopmodernwave.com
Software
Apache /
Resource Hash
2c36f7a7994f23d542012aad3e789b23e3c0d96757966d3ca549043955f6591a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
1296
content-type
text/html
date
Thu, 26 May 2022 10:47:59 GMT
last-modified
Tue, 03 May 2022 00:22:46 GMT
server
Apache
vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.0/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://puertanaranja.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 08:57:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6619
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34044
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 May 2023 08:57:40 GMT
sample.css
www.unud.ac.id/ac-admin/js/plugins/ckeditor/samples/
Redirect Chain
  • https://bit.ly/2UGCIC5
  • https://www.unud.ac.id/ac-admin/js/plugins/ckeditor/samples/sample.css
4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.unud.ac.id/ac-admin/js/plugins/ckeditor/samples/sample.css
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
HTTP/1.1
Server
103.29.196.156 , Indonesia, ASN58375 (UNUD-AS-ID Universitas Udayana, ID),
Reverse DNS
Software
S-P-N /
Resource Hash
6426da7af505a3379fa9de0af3ffe24bcb7cc98be35e73d63b68f8e7c4cfc967
Security Headers
Name Value
Content-Security-Policy frame-src 'self' *.google.de google.de *.google.com google.com youtube.com *.youtube.com;
Public-Key-Pins pin-sha256="OqzYW2MKz7rJ/fJi2iKTPZmIIOEx1gT7q+qeT29PlA8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; max-age=5184000; includeSubDomains
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://puertanaranja.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
1004
X-Xss-Protection
1; mode=block, 1; mode=block
Public-Key-Pins
pin-sha256="OqzYW2MKz7rJ/fJi2iKTPZmIIOEx1gT7q+qeT29PlA8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; max-age=5184000; includeSubDomains
Last-Modified
Thu, 19 Nov 2020 16:57:17 GMT
Server
S-P-N
X-Frame-Options
sameorigin
Date
Thu, 26 May 2022 10:48:01 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=31540000, public
ETag
"1136-5b4789ed2520c-gzip"
Content-Security-Policy
frame-src 'self' *.google.de google.de *.google.com google.com youtube.com *.youtube.com;
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100

Redirect headers

content-security-policy
referrer always;
via
1.1 google
referrer-policy
unsafe-url
server
nginx
date
Thu, 26 May 2022 10:47:59 GMT
content-type
text/html; charset=utf-8
location
https://www.unud.ac.id/ac-admin/js/plugins/ckeditor/samples/sample.css
cache-control
private, max-age=90
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
157
css
fonts.googleapis.com/ 		366 B
797 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Iceland
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a7be09651a2ca7ec8d7e81547c22dec6e295281c25eac4bb1b1ab05a3d889ca3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://puertanaranja.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 26 May 2022 10:39:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 26 May 2022 10:47:59 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 26 May 2022 10:47:59 GMT
animasi++bergoyang.gif
4.bp.blogspot.com/-XjeacQ8GulY/UNnUkZbKy9I/AAAAAAAAFrg/4QEKO2LI5k8/s1600/ 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-XjeacQ8GulY/UNnUkZbKy9I/AAAAAAAAFrg/4QEKO2LI5k8/s1600/animasi++bergoyang.gif
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
92fdf5b3cf46a7438d97ce42a89eb21762058e0d3e87cebb962954acbe5a8624
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://puertanaranja.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 10:48:00 GMT
x-content-type-options
nosniff
server
fife
etag
"v1d6d"
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="animasi bergoyang.gif"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68837
x-xss-protection
0
expires
Fri, 27 May 2022 10:48:00 GMT
sym46.cur
cur.cursors-4u.net/symbols/sym-1/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cur.cursors-4u.net/symbols/sym-1/sym46.cur
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
96.43.128.66 , United States, ASN19969 (JOESDATACENTER, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
cc451aa50cb9f48a52bcf89ae2f2ad26f4f75ab5cad6de73174e9016b79079f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://puertanaranja.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Thu, 26 May 2022 10:48:01 GMT
Last-Modified
Wed, 27 Feb 2013 18:46:54 GMT
Server
nginx/1.16.1
ETag
"512e549e-10be"
Content-Type
application/octet-stream
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4286
rax9HiuFsdMNOnWPaKtMAQ.woff2
fonts.gstatic.com/s/iceland/v16/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/iceland/v16/rax9HiuFsdMNOnWPaKtMAQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Iceland
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d07a894337a83ac4df03d593c8fe94197a4e73f8b27c10229fd00d816d58e1c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://puertanaranja.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 18:10:36 GMT
x-content-type-options
nosniff
age
146245
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11576
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:47:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 May 2023 18:10:36 GMT
m_1877viepx4.mp3
k.top4top.io/ 		64 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://k.top4top.io/m_1877viepx4.mp3
Requested by
Host: puertanaranja.com
URL: https://puertanaranja.com/uplink.in.gov/readme.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
65.21.235.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.194.235.21.65.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Referer
https://puertanaranja.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Range
bytes=0-

Response headers

x-file-id
x37004494x
date
Thu, 26 May 2022 10:48:02 GMT
last-modified
Sat, 20 Feb 2021 05:25:41 GMT
server
nginx
etag
"60309d55-3694c7"
content-type
audio/mpeg
Content-Range
bytes 0-3577030/3577031
cache-control
max-age=7200
content-disposition
inline; filename="AUD-20210220-WA0139.mp3"
Content-Length
3577031
expires
Thu, 26 May 2022 12:48:02 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| play function| pause

0 Cookies

1 Console Messages

Source Level URL
Text
security warning URL: https://puertanaranja.com/uplink.in.gov/readme.html(Line 2)
Message:
Mixed Content: The page at 'https://puertanaranja.com/uplink.in.gov/readme.html' was loaded over HTTPS, but requested an insecure element 'http://cur.cursors-4u.net/symbols/sym-1/sym46.cur'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html