urlscan.io logo urlscan.io
SecurityTrails logo

serang.unpam.ac.id Open in urlscan Pro
202.137.16.93  Public Scan

Go To Rescan Add Verdict Report
URL: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
Submission Tags: @phish_report
Submission: On November 26 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 202.137.16.93, located in Karangmekar, Indonesia and belongs to LINKNET-ID-AP Linknet ASN, ID. The main domain is serang.unpam.ac.id.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 6th 2024. Valid for: a year.
This is the only time serang.unpam.ac.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 202.137.16.93 9905 (LINKNET-I...)
4 1
Apex Domain
Subdomains		 Transfer
4 unpam.ac.id
serang.unpam.ac.id
12 KB
4 1
Domain Requested by
4 serang.unpam.ac.id serang.unpam.ac.id
4 1

This site contains no links.

Subject Issuer Validity Valid
*.unpam.ac.id
Sectigo RSA Domain Validation Secure Server CA		 2024-11-06 -
2025-11-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
Frame ID: 90B180B8D58E417247FC872CE0121130
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

12 kB
Transfer

33 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request %3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
serang.unpam.ac.id/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.137.16.93 Karangmekar, Indonesia, ASN9905 (LINKNET-ID-AP Linknet ASN, ID),
Reverse DNS
ln-static-202-137-16-93.link.net.id
Software
Apache / centminmod
Resource Hash
9c673ed6f5146338ec4ba48685437876ef0b9f3621c562352cdb6f6a37cc0a2e
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self';
Content-Type
text/html; charset=utf-8
Date
Tue, 26 Nov 2024 21:41:23 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Keep-Alive
timeout=15, max=100
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Powered-By
centminmod
X-Xss-Protection
1; mode=block
vddosw3data.js
serang.unpam.ac.id/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://serang.unpam.ac.id/vddosw3data.js
Requested by
Host: serang.unpam.ac.id
URL: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.137.16.93 Karangmekar, Indonesia, ASN9905 (LINKNET-ID-AP Linknet ASN, ID),
Reverse DNS
ln-static-202-137-16-93.link.net.id
Software
Apache / centminmod
Resource Hash
a3a4153e613bc3a4d57cefb23689a253047dc3c7149449ab9a7076309fa705af
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi

Response headers

Content-Encoding
gzip
ETag
"65f5652c-16f5-gzip"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=15, max=99
Date
Tue, 26 Nov 2024 21:41:23 GMT
Content-Type
application/javascript; charset=utf-8
Vary
Accept-Encoding
Last-Modified
Sat, 16 Mar 2024 09:23:56 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
X-Xss-Protection
1; mode=block
X-Powered-By
centminmod
Server
Apache
aes.min.js
serang.unpam.ac.id/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://serang.unpam.ac.id/aes.min.js
Requested by
Host: serang.unpam.ac.id
URL: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.137.16.93 Karangmekar, Indonesia, ASN9905 (LINKNET-ID-AP Linknet ASN, ID),
Reverse DNS
ln-static-202-137-16-93.link.net.id
Software
Apache / centminmod
Resource Hash
991fa3ac0febff65dd238aa07315e6ccb792fb207828b371de8cb353bd4dd121
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi

Response headers

Content-Encoding
gzip
ETag
"65f5652a-6426-gzip"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=15, max=98
Date
Tue, 26 Nov 2024 21:41:24 GMT
Content-Type
application/javascript; charset=utf-8
Vary
Accept-Encoding
Last-Modified
Sat, 16 Mar 2024 09:23:54 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
X-Xss-Protection
1; mode=block
X-Powered-By
centminmod
Server
Apache
favicon.ico
serang.unpam.ac.id/ 		992 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://serang.unpam.ac.id/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.137.16.93 Karangmekar, Indonesia, ASN9905 (LINKNET-ID-AP Linknet ASN, ID),
Reverse DNS
ln-static-202-137-16-93.link.net.id
Software
Apache / centminmod
Resource Hash
9dc2af9768696d027245c88f55e0edce883df4cfdb3caa91f967b441459536d8
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Keep-Alive
timeout=15, max=97
Date
Tue, 26 Nov 2024 21:41:24 GMT
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self';
Cache-Control
no-cache
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
X-Xss-Protection
1; mode=block
X-Powered-By
centminmod
Server
Apache

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| w3DataObject function| w3DisplayData function| w3IncludeHTML function| w3Http object| _0x2465 object| slowAES

0 Cookies

2 Console Messages

Source Level URL
Text
security error URL: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi(Line 7)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-QEXAbxrSXWuDsv0c/EkuLVNCbXJXV21pU7Nm1e1wECc='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://serang.unpam.ac.id/%3Fgas%3D259&ved=2ahUKEwim66-Q4vqJAxV1yjgGHcBgO38QFnoECDMQAQ&usg=AOvVaw3KK751cwQaD0M70sNaZTvi(Line 10)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-RP2dP0/mQM2WRzMXfLTZZTf9yNTuUVeMIbEGQyLtgb4='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block