prt2.uprm.edu - urlscan.io

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 136.145.30.65, located in Puerto Rico and belongs to UPRENET, PR. The main domain is prt2.uprm.edu.

This is the only time prt2.uprm.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	136.145.30.65 136.145.30.65	5786 (UPRENET) (UPRENET)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.21.235.194 65.21.235.194	24940 (HETZNER-AS) (HETZNER-AS)
4	3

1 136.145.30.65 (Puerto Rico)

ASN5786 (UPRENET, PR)
PTR: academic.uprm.edu

prt2.uprm.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

nathanprinsley-files.prinsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.21.235.194 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.194.235.21.65.clients.your-server.de

k.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	prinsh.com nathanprinsley-files.prinsh.com	48 KB
1	top4top.io k.top4top.io
1	uprm.edu prt2.uprm.edu	11 KB
4	3

	Domain	Requested by
2	nathanprinsley-files.prinsh.com	prt2.uprm.edu
1	k.top4top.io	prt2.uprm.edu
1	prt2.uprm.edu
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.prinsh.com E1	`2022-07-22` - `2022-10-20`	3 months	crt.sh
top4top.io R3	`2022-07-31` - `2022-10-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://prt2.uprm.edu/-/lol.html
Frame ID: 7068BBCC87403CE00045BAB2BEDC0BFF
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HACKED BY K4PUYU4K

Page Statistics

4
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

60 kB
Transfer

1295 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request lol.html Show response prt2.uprm.edu/-/	11 KB 11 KB	498ms 170ms	Document text/html	136.145.30.65 UPRENET
General Check archive.org Show headers Download Go to Full URL http://prt2.uprm.edu/-/lol.html Protocol HTTP/1.1 Server 136.145.30.65 , Puerto Rico, ASN5786 (UPRENET, PR), Reverse DNS academic.uprm.edu Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / Resource Hash `0b0132fc91bb81e404c31452061bd0af9382370697c64849178fbb24176821d8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 11225 Content-Type text/html; charset=UTF-8 Date Tue, 13 Sep 2022 16:05:42 GMT ETag "2bd9-5e887c2aa1740" Keep-Alive timeout=5, max=100 Last-Modified Tue, 13 Sep 2022 04:51:07 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
GET H2	200	deface(01-01).js Show response nathanprinsley-files.prinsh.com/data-1/js/	7 KB 3 KB	244ms 154ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nathanprinsley-files.prinsh.com/data-1/js/deface(01-01).js Requested by Host: prt2.uprm.edu URL: http://prt2.uprm.edu/-/lol.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8dd619bc87abfbc99352447fd58a757d4257d982406bc53f805847968e10f0a8` Request headers accept-language de-DE,de;q=0.9 Referer http://prt2.uprm.edu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers x-fastly-request-id 8ee13219cd837c39e395079357fdd5929d9e00b8 date Tue, 13 Sep 2022 16:05:42 GMT via 1.1 varnish cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache MISS x-cache-hits 0 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-mxp6951-MXP last-modified Sun, 04 Sep 2022 12:51:39 GMT server cloudflare x-github-request-id 7DA8:EC91:D7089C:DE750D:6320AA56 x-timer S1663085143.726444,VS0,VE105 etag W/"63149f5b-1c83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QG2AvklcXwwCDBkwefNf%2B6yIjNB9s3cgIcRCU8tlPiBTQgZiBxUhkLs4ehVZ57p2zr%2FDM%2ByDL4qXBbOOAMTFnmxk2xckQMiq4wyUoEsNbqJuTUcq59467Dr68jej68xyM%2BTcinGq8goO4CBmM4ioqIe1CFTPY6aKSLclDnXm"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 cf-ray 74a2203dfa5a375c-MXP x-proxy-cache MISS expires Tue, 13 Sep 2022 16:15:42 GMT
GET H2	206	m_2367rbf5o0.mp3 k.top4top.io/	1 MB 0	233ms 99ms	Media audio/mpeg	65.21.235.194 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://k.top4top.io/m_2367rbf5o0.mp3 Requested by Host: prt2.uprm.edu URL: http://prt2.uprm.edu/-/lol.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 65.21.235.194 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.194.235.21.65.clients.your-server.de Software nginx / Resource Hash Request headers Referer http://prt2.uprm.edu/ Accept-Encoding identity;q=1, ;q=0 accept-language* de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Range bytes=0- Response headers x-file-id x47485630x date Tue, 13 Sep 2022 16:05:43 GMT last-modified Sat, 25 Jun 2022 18:35:22 GMT server nginx etag "62b7556a-344ac8" content-type audio/mpeg Content-Range bytes 0-3427015/3427016 cache-control max-age=7200 content-disposition inline; filename="Lagu-intro-channel-Hack-Bae-no-copyright_lzxZWNMq57k.mp3" Content-Length 3427016 expires Tue, 13 Sep 2022 18:05:43 GMT
GET H2	200	NathanPrinsley-lightmotion-saveyourheart.png nathanprinsley-files.prinsh.com/data-1/images/	45 KB 45 KB	165ms 165ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://nathanprinsley-files.prinsh.com/data-1/images/NathanPrinsley-lightmotion-saveyourheart.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2e348efe5045751672beca4d20a352db62798d943aff8ae1bdb4405b3c41b01d` Request headers accept-language de-DE,de;q=0.9 Referer http://prt2.uprm.edu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers x-fastly-request-id 8d2ab2b7d1313f8a878e222832c65dd39019faec date Tue, 13 Sep 2022 16:05:43 GMT via 1.1 varnish cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-cache MISS x-cache-hits 0 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 45819 x-served-by cache-mxp6979-MXP last-modified Sun, 04 Sep 2022 12:51:39 GMT server cloudflare x-github-request-id BA46:A240:80BD41:85187E:6320AA57 x-timer S1663085143.231638,VS0,VE116 etag "63149f5b-b2fb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BUbrvHw%2BUgswJUvUlzAVv31FkY5TsDLln7IAgBCBRHq1ON6vnFg1SIqWqsZPGOxzl%2F3vYxu1MLWIKVCuE1Nw%2Bq747GXZBL%2Bb44XfkVjpvuyfxsEndAYU0kGaMucczHeSZox%2FoKBWZ2GsOHVX7KoPAlUxbmLVHsNFrMbZjJzR"}],"group":"cf-nel","max_age":604800} content-type image/png access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes cf-ray 74a220411f40375c-MXP x-proxy-cache MISS expires Tue, 13 Sep 2022 16:15:43 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

k.top4top.io
nathanprinsley-files.prinsh.com
prt2.uprm.edu
136.145.30.65
2a06:98c1:3121::3
65.21.235.194
0b0132fc91bb81e404c31452061bd0af9382370697c64849178fbb24176821d8
2e348efe5045751672beca4d20a352db62798d943aff8ae1bdb4405b3c41b01d
8dd619bc87abfbc99352447fd58a757d4257d982406bc53f805847968e10f0a8

prt2.uprm.edu Open in urlscan Pro 136.145.30.65 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

75 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

60 kBTransfer

1295 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

0 Cookies

Indicators

prt2.uprm.edu Open in urlscan Pro
136.145.30.65 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

60 kB
Transfer

1295 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions