lapak.probolinggokab.go.id Open in urlscan Pro
103.182.48.41 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://lapak.probolinggokab.go.id/assets/?link=mpoapi
Submission Tags: @phish_report
Submission: On January 26 via api (January 26th 2024, 10:09:49 am UTC) from FI — Scanned from FI

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 4 domains to perform 16 HTTP transactions. The main IP is 103.182.48.41, located in Indonesia and belongs to IDNIC-DISKOMINFOPROBOLINGGOKAB-AS-ID Diskominfo Pemerintah Kabupaten Probolinggo, ID. The main domain is lapak.probolinggokab.go.id.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2024. Valid for: a year.

This is the only time lapak.probolinggokab.go.id was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1	103.182.48.41 103.182.48.41		149402 (IDNIC-DIS...) (IDNIC-DISKOMINFOPROBOLINGGOKAB-AS-ID Diskominfo Pemerintah Kabupaten Probolinggo)
16	2

1 103.182.48.41 (Indonesia)

ASN149402 (IDNIC-DISKOMINFOPROBOLINGGOKAB-AS-ID Diskominfo Pemerintah Kabupaten Probolinggo, ID)

lapak.probolinggokab.go.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	probolinggokab.go.id lapak.probolinggokab.go.id	273 KB
0	jandaku.tech Failed jandaku.tech Failed
0	squarespace.com Failed assets.squarespace.com Failed static1.squarespace.com Failed
0	typekit.net Failed use.typekit.net Failed
16	4

	Domain	Requested by
1	lapak.probolinggokab.go.id
0	jandaku.tech Failed	lapak.probolinggokab.go.id
0	static1.squarespace.com Failed	lapak.probolinggokab.go.id
0	assets.squarespace.com Failed	lapak.probolinggokab.go.id
0	use.typekit.net Failed	lapak.probolinggokab.go.id
16	5

This site contains links to these domains. Also see Links.

Domain
nagahoki.store

Subject Issuer	Validity	Valid
*.probolinggokab.go.id Sectigo RSA Domain Validation Secure Server CA	`2024-01-05` - `2025-01-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lapak.probolinggokab.go.id/assets/?link=mpoapi
Frame ID: 5532817DF4281DF2DD35888976DF94EB
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

mpoapi🦧SITUS SLOT GACOR ONLINE TERBAIK DAN TERPERCAYA 2023-2024 — mpoapi🦧SITUS SLOT GACOR ONLINE TERBAIK DAN TERPERCAYA 2023-2024

Detected technologies

Squarespace (CMS) Expand

Overall confidence: 100%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Page Statistics

16
Requests

6 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

2
IPs

1
Countries

273 kB
Transfer

272 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://nagahoki.store/satu.php

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
lapak.probolinggokab.go.id/assets/ 272 KB
273 KB 5558ms
291ms Document
text/html 103.182.48.41
IDNIC-DISKOMINFOP...

General

Check archive.org

Show headers Download Go to

Full URL

https://lapak.probolinggokab.go.id/assets/?link=mpoapi

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

103.182.48.41 , Indonesia, ASN149402 (IDNIC-DISKOMINFOPROBOLINGGOKAB-AS-ID Diskominfo Pemerintah Kabupaten Probolinggo, ID),

Reverse DNS

Software

Apache /

Resource Hash

3b3172d82e66e28e9e0b8347f3401c30c49fb15ba94cde1f8adfbc7f6d5dced0

Security Headers

Name	Value
Content-Security-Policy	manifest-src 'self';base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Connection: Keep-Alive
Content-Security-Policy: manifest-src 'self';base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com;
Content-Type: text/html; charset=UTF-8
Date: Fri, 26 Jan 2024 10:09:42 GMT
Feature-Policy: geolocation 'self'; payment 'none'; sync-xhr 'self';
Keep-Alive: timeout=5, max=100
Referrer-Policy: same-origin
Server: Apache
Strict-Transport-Security: max-age=31536000;includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

GET iQSvu81wl0LWbSOeFMZUJtpTpqf-dvtiWVplcNMW2Awfe0S2fFHN4UJLFRbh52jhWDjujA9XwAIowRZ8FD9UwRyqjQZ8ZRJaZsnaMKG0jAFu-WsoShFGZAsude80ZkoRdhXCHKoyjamTiY8Djhy8ZYmC-Ao1Oco8if37OcBDOcu8OfG0SeNzZeU8OAikdam0ZeyzZ...
use.typekit.net/ik/ 0
0

GET modern.js
assets.squarespace.com/@sqs/polyfiller/1.6/ 0
0

GET extract-css-runtime-c3d4344c7950704dd601-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET extract-css-moment-js-vendor-f36b6dc9867ad0b8d0a8-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET cldr-resource-pack-a682f7ad337741eb05d6-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET common-vendors-stable-f9df4447a2af25df5875-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET common-vendors-3d0896f3bf52a6ab42d9-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET common-98836eb7030a3b55bba1-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET commerce-ab8bd252c29490362659-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET commerce-af8809f2481c48376f6a-min.en-US.css
assets.squarespace.com/universal/styles-compressed/ 0
0

GET performance-5c471d9ec4c3660675d5-min.en-US.js
assets.squarespace.com/universal/scripts-compressed/ 0
0

GET site.css
static1.squarespace.com/static/versioned-site-css/65ae41a926e75128da6ef27e/0/5c5a519771c10ba3470d8101/65ae41aa26e75128da6ef286/1480/ 0
0

GET static.css
static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/versioned-assets/1705599815226-5PWUZHFA2TX8RK4OVV4D/ 0
0

GET Daftar.gif
jandaku.tech/assets/images/ 0
0

GET site-bundle.461357a181df7ddcd970264c877fd49f.js
static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/scripts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: use.typekit.net
URL: https://use.typekit.net/ik/iQSvu81wl0LWbSOeFMZUJtpTpqf-dvtiWVplcNMW2Awfe0S2fFHN4UJLFRbh52jhWDjujA9XwAIowRZ8FD9UwRyqjQZ8ZRJaZsnaMKG0jAFu-WsoShFGZAsude80ZkoRdhXCHKoyjamTiY8Djhy8ZYmC-Ao1Oco8if37OcBDOcu8OfG0SeNzZeU8OAikdam0ZeyzZkuCdQ8XO1FUiABkZWF3jAF8OcFzdP37O1FUiABkZWF3jAF8ShFGZAsude80ZkoRdhXCjAFu-WsoShFGZAsude80ZkoRdhXCjAFu-WsoShFGZAsude80Zko0ZWbCjWw0dA9CdeNRjAUGdaFXOYgzdhsCZPu1ScNudcsGdhSldeXoifoDSWmyScmDSeBRZPoRdhXCSaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPUaiaS0jAFu-WsoShFGZAsude80ZkoRdhXCiaiaOcBRiA8XpWFR-emqiAUTdcS0dcmXOYiaikoySkolZPUaiaS0SeNzZeU8OAikdam0ZeyzZkuCdQ8XO1FUiABkZWF3jAF8OcFzdPUaiaS0SaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPJV-eBCpABkZfuq-WF3deBoH6GJojtfIMMjMkMfH6GJ_jtfIMMjgkMfH6GJoGtfIMMj2PMfH6GJ_GtfIMMjIPMfqMen6_clg6.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/@sqs/polyfiller/1.6/modern.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/extract-css-runtime-c3d4344c7950704dd601-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/extract-css-moment-js-vendor-f36b6dc9867ad0b8d0a8-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/cldr-resource-pack-a682f7ad337741eb05d6-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-stable-f9df4447a2af25df5875-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-vendors-3d0896f3bf52a6ab42d9-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/common-98836eb7030a3b55bba1-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/commerce-ab8bd252c29490362659-min.en-US.js

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/styles-compressed/commerce-af8809f2481c48376f6a-min.en-US.css

Domain: assets.squarespace.com
URL: https://assets.squarespace.com/universal/scripts-compressed/performance-5c471d9ec4c3660675d5-min.en-US.js

Domain: static1.squarespace.com
URL: https://static1.squarespace.com/static/versioned-site-css/65ae41a926e75128da6ef27e/0/5c5a519771c10ba3470d8101/65ae41aa26e75128da6ef286/1480/site.css

Domain: static1.squarespace.com
URL: https://static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/versioned-assets/1705599815226-5PWUZHFA2TX8RK4OVV4D/static.css

Domain: jandaku.tech
URL: https://jandaku.tech/assets/images/Daftar.gif

Domain: static1.squarespace.com
URL: https://static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/scripts/site-bundle.461357a181df7ddcd970264c877fd49f.js

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| SQUARESPACE_ROLLUPS object| Static object| __INITIAL_SQUARESPACE_7_1_WEBSITE_COLORS__ object| __COLOR_MAPPINGS_WITH_SEPARATE_ALPHA__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi(Line 13) Message: Refused to load the image 'https://assets.squarespace.com/universal/default-favicon.ico' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://use.typekit.net/ik/iQSvu81wl0LWbSOeFMZUJtpTpqf-dvtiWVplcNMW2Awfe0S2fFHN4UJLFRbh52jhWDjujA9XwAIowRZ8FD9UwRyqjQZ8ZRJaZsnaMKG0jAFu-WsoShFGZAsude80ZkoRdhXCHKoyjamTiY8Djhy8ZYmC-Ao1Oco8if37OcBDOcu8OfG0SeNzZeU8OAikdam0ZeyzZkuCdQ8XO1FUiABkZWF3jAF8OcFzdP37O1FUiABkZWF3jAF8ShFGZAsude80ZkoRdhXCjAFu-WsoShFGZAsude80ZkoRdhXCjAFu-WsoShFGZAsude80Zko0ZWbCjWw0dA9CdeNRjAUGdaFXOYgzdhsCZPu1ScNudcsGdhSldeXoifoDSWmyScmDSeBRZPoRdhXCSaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPUaiaS0jAFu-WsoShFGZAsude80ZkoRdhXCiaiaOcBRiA8XpWFR-emqiAUTdcS0dcmXOYiaikoySkolZPUaiaS0SeNzZeU8OAikdam0ZeyzZkuCdQ8XO1FUiABkZWF3jAF8OcFzdPUaiaS0SaBujW48SagyjhmDjhy8ZYmC-Ao1OcFzdPJV-eBCpABkZfuq-WF3deBoH6GJojtfIMMjMkMfH6GJ_jtfIMMjgkMfH6GJoGtfIMMj2PMfH6GJ_GtfIMMjIPMfqMen6_clg6.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/@sqs/polyfiller/1.6/modern.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/extract-css-runtime-c3d4344c7950704dd601-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/extract-css-moment-js-vendor-f36b6dc9867ad0b8d0a8-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/cldr-resource-pack-a682f7ad337741eb05d6-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/common-vendors-stable-f9df4447a2af25df5875-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/common-vendors-3d0896f3bf52a6ab42d9-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/common-98836eb7030a3b55bba1-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/commerce-ab8bd252c29490362659-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi(Line 58) Message: Refused to load the stylesheet 'https://assets.squarespace.com/universal/styles-compressed/commerce-af8809f2481c48376f6a-min.en-US.css' because it violates the following Content Security Policy directive: "style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://assets.squarespace.com/universal/scripts-compressed/performance-5c471d9ec4c3660675d5-min.en-US.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi(Line 59) Message: Refused to load the stylesheet 'https://static1.squarespace.com/static/versioned-site-css/65ae41a926e75128da6ef27e/0/5c5a519771c10ba3470d8101/65ae41aa26e75128da6ef286/1480/site.css' because it violates the following Content Security Policy directive: "style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi(Line 78) Message: Refused to load the stylesheet 'https://static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/versioned-assets/1705599815226-5PWUZHFA2TX8RK4OVV4D/static.css' because it violates the following Content Security Policy directive: "style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi(Line 1421) Message: Refused to load the image 'https://jandaku.tech/assets/images/Daftar.gif' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://lapak.probolinggokab.go.id/assets/?link=mpoapi Message: Refused to load the script 'https://static1.squarespace.com/static/vta/5c5a519771c10ba3470d8101/scripts/site-bundle.461357a181df7ddcd970264c877fd49f.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	manifest-src 'self';base-uri 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.squarespace.com
jandaku.tech
lapak.probolinggokab.go.id
static1.squarespace.com
use.typekit.net
assets.squarespace.com
jandaku.tech
static1.squarespace.com
use.typekit.net
103.182.48.41
3b3172d82e66e28e9e0b8347f3401c30c49fb15ba94cde1f8adfbc7f6d5dced0

lapak.probolinggokab.go.id Open in urlscan Pro 103.182.48.41 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

2 IPs

1 Countries

273 kBTransfer

272 kBSize

0 Cookies

1 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

16 Console Messages

Security Headers

Indicators

lapak.probolinggokab.go.id Open in urlscan Pro
103.182.48.41 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

2
IPs

1
Countries

273 kB
Transfer

272 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions