Report - urlsand.esvalabs.com/?u=https%3A%2F%2Fclt1772844.benchurl.com%2Fc%2Fl%3Fu%3D12B3E2E2%26e%3D1A11898%26c%3D1B0D2C%26%26t%3D0%26l%3D131E8FDBD%26email%3DCqbQ%252BCXhFKxX%252BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%253D%26seq%3D1&e=28d2d64f&h=5b143966&f=y&p=y

Report Overview

Visited public
2025-07-07 20:20:41
Tags
suspicious phishing mamba
Submit Tags
URL
urlsand.esvalabs.com/?u=https%3A%2F%2Fclt1772844.benchurl.com%2Fc%2Fl%3Fu%3D12B3E2E2%26e%3D1A11898%26c%3D1B0D2C%26%26t%3D0%26l%3D131E8FDBD%26email%3DCqbQ%252BCXhFKxX%252BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%253D%26seq%3D1&e=28d2d64f&h=5b143966&f=y&p=y
Finishing URL
x.com/
IP / ASN
194.39.109.114
#202053 UpCloud Ltd
Title
x.com/
Suspicious - Anti-debugging code
Phishing - Mamba Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
skansal.sch.id	unknown	2022-09-15	2025-07-07	2025-07-07	2.6 kB	315 kB	203.175.9.168
urlsand.esvalabs.com	162933	2016-06-30	2016-07-27	2025-07-01	713 B	3.6 kB	194.39.109.114
linkprotect.cudasvc.com	10064	2010-05-17	2017-02-01	2025-07-01	673 B	4.5 kB	52.29.77.178
x.com	521161	1993-04-02	2012-08-16	2025-07-02	508 B	263 kB	162.159.140.229
clt1772844.benchurl.com	unknown	2014-04-11	2025-07-07	2025-07-07	605 B	4.0 kB	52.24.10.182
us.content.exclaimer.net	unknown	2002-03-24	2022-06-06	2025-07-07	1.3 kB	3.7 kB	172.64.152.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	x.com/	ScriptElement	86 B	2025-07-07	2025-07-07
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-07 20:20 Last Seen2025-07-07 20:20 Times Seen1 Hash 07962ba8bf8be3383eb2aebc368cfb26 db86fc2eda823cebd61e7b774f036ff4ffcb3f1d 5cbe472ac20a41bc234152bf869f54ffaee0a12501e3cfe6d3a0dfb10fbc899f Loading...

	x.com/	ScriptElement	143 kB	2025-07-07	2025-07-07
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-07 20:20 Last Seen2025-07-07 20:20 Times Seen1 Hash 5a2515a19e7e775cd2f26fb3c1d157b3 a2c44bbae684ceb9789062c5e7e8e57ecdb8890a 736fcb52b321ec9966f2a59e93efd5c7bc79f278a1c002058feac38ce00d4d70 Loading...

	x.com/	ScriptElement	81 kB	2025-07-06	2025-07-08
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-06 06:49 Last Seen2025-07-08 09:11 Times Seen6 Hash af4d4c9da6d27f08e9110beb017f9faa 2bcfd3498c2717a395a9646bb330b7ca1e77d34a 23159a3cd8f6bb13c6125baef08ebbe75aafeb514826f259e03422b4fab47706 Loading...

	x.com/	ScriptElement	77 B	2023-03-08	2025-07-16
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:36 Last Seen2025-07-16 05:25 Times Seen2504 Hash 9131aa2762759852e273e004ee87bc34 c69d37bb0fb387d07bea8ab4d7e50e8b695bc1ed 11228e42ecf5d4e964750b65bb7828a7809130a054a23d04a0c5766cb9ce7dd3 Loading...

	x.com/	ScriptElement	103 B	2023-03-08	2025-07-16
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:19 Last Seen2025-07-16 05:25 Times Seen2501 Hash 15a3f40dde8f6c27c05cce205a4ea0b4 2835605998abace30d742b3b054c88d446c3acc5 a6c6c8c0218a3fc7f363f06d5e089bf5be86e1f604e54c61dff0b1e08b10b5a5 Loading...

	skansal.sch.id/wp-admin/ftg/	EventHandler	44 B	2024-12-02	2025-07-16
Pretty URL skansal.sch.id/wp-admin/ftg/ IP 203.175.9.168 ASN #58487 CV. Rumahweb Indonesia Introduced by eventHandler Embedded in HTML false Observations First Seen2024-12-02 18:53 Last Seen2025-07-16 09:24 Times Seen12215 Hash d08bb5fc22b2baf3f06088ecf723391b 2db84f3f9c6baef7865e190174fcad05f8e73c07 74625831136e57e198c7763bb81f656f3e3aa6685c3cc693fe064582f2d108f9 Loading...

	skansal.sch.id/wp-admin/ftg/	Function	1.9 kB	2025-05-07	2025-07-16
Pretty URL skansal.sch.id/wp-admin/ftg/ IP 203.175.9.168 ASN #58487 CV. Rumahweb Indonesia Introduced by Function Embedded in HTML false Observations First Seen2025-05-07 20:25 Last Seen2025-07-16 02:07 Times Seen709 Hash 1878cc1b9617523b3e1ceed41dd9e2ba 9f9c7b5ee7719b9b1e7a353d011ea000c05f8a5b 59878523262c3ff3fc8e071b0ec34fb395b8a728ebfabc2488e2e6cb4042dcca Loading...

	x.com/	ScriptElement	452 B	2023-03-09	2025-07-16
Pretty URL x.com/ IP 162.159.140.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 11:57 Last Seen2025-07-16 05:25 Times Seen719 Hash e1519af201f27f3a8a86c9b121d27802 6ebe98bafb45d893d23495ac7d28beb028f1d5db ea6c23dc51e433e7188a1f63e54360e4f78b48e88f34391c1a4289feb7c23308 Loading...

HTTP Transactions (10)

URL IP Response Size

GET skansal.sch.id/files/img/logo.png

203.175.9.168

404 Not Found

44 kB

URL GET
skansal.sch.id/files/img/logo.png
IP
203.175.9.168:443
ASN
#58487 CV. Rumahweb Indonesia

Requested by
https://skansal.sch.id/wp-admin/ftg/
Certificate
IssuerLet's Encrypt
Subjectcpcontacts.skansal.sch.id
Fingerprint2A:C2:34:CD:06:9A:95:99:76:07:F3:67:A1:B4:B8:08:B7:4E:4C:4B
ValidityTue, 10 Jun 2025 15:09:18 GMT - Mon, 08 Sep 2025 15:09:17 GMT

File type
HTML document, ASCII text, with very long lines (8856), with CRLF, LF line terminators
Size
44 kB (44355 bytes)
Hash
1c18a3bb528fa92dd8141b62ae95dcbf
b63da7ae0b0367301fac54771314fba67a0d666b
3471e7605ca3efd8a51c384d37bb90441fd50e6a9e3ccafb7145713535fe21db

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Mamba Phishing Kit

HTTP Headers

GET /files/img/logo.png HTTP/1.1
Host: skansal.sch.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://skansal.sch.id/wp-admin/ftg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
link: <https://skansal.sch.id/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: br
content-length: 8781
content-type: text/html; charset=UTF-8
date: Mon, 07 Jul 2025 20:20:23 GMT
server: Apache
X-Firefox-Spdy: h2

GET skansal.sch.id/wp-admin/ftg

203.175.9.168

301 Moved Permanently

2.9 kB

URL User Request GET
skansal.sch.id/wp-admin/ftg
IP
203.175.9.168:443
ASN
#58487 CV. Rumahweb Indonesia

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.skansal.sch.id
Fingerprint2A:C2:34:CD:06:9A:95:99:76:07:F3:67:A1:B4:B8:08:B7:4E:4C:4B
ValidityTue, 10 Jun 2025 15:09:18 GMT - Mon, 08 Sep 2025 15:09:17 GMT

File type

Size
2.9 kB (2944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Mamba Phishing Kit

HTTP Headers

GET /wp-admin/ftg HTTP/1.1
Host: skansal.sch.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://skansal.sch.id/wp-admin/ftg/
content-length: 244
content-type: text/html; charset=iso-8859-1
date: Mon, 07 Jul 2025 20:20:22 GMT
server: Apache
X-Firefox-Spdy: h2

POST skansal.sch.id/wp-admin/ftg/

203.175.9.168

302 Found

263 kB

URL User Request POST
skansal.sch.id/wp-admin/ftg/
IP
203.175.9.168:443
ASN
#58487 CV. Rumahweb Indonesia

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.skansal.sch.id
Fingerprint2A:C2:34:CD:06:9A:95:99:76:07:F3:67:A1:B4:B8:08:B7:4E:4C:4B
ValidityTue, 10 Jun 2025 15:09:18 GMT - Mon, 08 Sep 2025 15:09:17 GMT

File type

Size
263 kB (263338 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Mamba Phishing Kit

HTTP Headers

POST /wp-admin/ftg/ HTTP/1.1
Host: skansal.sch.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 111071
Origin: https://skansal.sch.id
DNT: 1
Connection: keep-alive
Referer: https://skansal.sch.id/wp-admin/ftg/
Cookie: _cid=cdb8812750c5f26dd07ba27306648386
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store
location: https://x.com
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 07 Jul 2025 20:20:24 GMT
server: Apache
X-Firefox-Spdy: h2

GET urlsand.esvalabs.com/?u=https%3A%2F%2Fclt1772844.benchurl.com%2Fc%2Fl%3Fu%3D12B3E2E2%26e%3D1A11898%26c%3D1B0D2C%26%26t%3D0%26l%3D131E8FDBD%26email%3DCqbQ%252BCXhFKxX%252BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%253D%26seq%3D1&e=28d2d64f&h=5b143966&f=y&p=y

194.39.109.114

302 Found

2.9 kB

URL User Request GET
urlsand.esvalabs.com/?u=https%3A%2F%2Fclt1772844.benchurl.com%2Fc%2Fl%3Fu%3D12B3E2E2%26e%3D1A11898%26c%3D1B0D2C%26%26t%3D0%26l%3D131E8FDBD%26email%3DCqbQ%252BCXhFKxX%252BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%253D%26seq%3D1&e=28d2d64f&h=5b143966&f=y&p=y
IP
194.39.109.114:443
ASN
#202053 UpCloud Ltd

Certificate
IssuerLet's Encrypt
Subjectesvalabs.com
FingerprintF6:1D:8B:48:36:02:9B:88:0A:53:F7:6D:47:FC:BA:6C:A3:06:6F:D3
ValiditySun, 29 Jun 2025 00:05:48 GMT - Sat, 27 Sep 2025 00:05:47 GMT

File type

Size
2.9 kB (2944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?u=https%3A%2F%2Fclt1772844.benchurl.com%2Fc%2Fl%3Fu%3D12B3E2E2%26e%3D1A11898%26c%3D1B0D2C%26%26t%3D0%26l%3D131E8FDBD%26email%3DCqbQ%252BCXhFKxX%252BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%253D%26seq%3D1&e=28d2d64f&h=5b143966&f=y&p=y HTTP/1.1
Host: urlsand.esvalabs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://clt1772844.benchurl.com/c/l?u=12B3E2E2&e=1A11898&c=1B0D2C&&t=0&l=131E8FDBD&email=CqbQ%2BCXhFKxX%2BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%3D&seq=1
cache-control: no-cache, private
date: Mon, 07 Jul 2025 20:20:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload;
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: 'unsafe-inline';
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin
feature-policy: fullscreen 'self'
X-Firefox-Spdy: h2

GET skansal.sch.id/wp-admin/ftg/

203.175.9.168

200 OK

2.9 kB

URL User Request GET
skansal.sch.id/wp-admin/ftg/
IP
203.175.9.168:443
ASN
#58487 CV. Rumahweb Indonesia

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.skansal.sch.id
Fingerprint2A:C2:34:CD:06:9A:95:99:76:07:F3:67:A1:B4:B8:08:B7:4E:4C:4B
ValidityTue, 10 Jun 2025 15:09:18 GMT - Mon, 08 Sep 2025 15:09:17 GMT

File type
HTML document, ASCII text, with very long lines (2675)
Size
2.9 kB (2944 bytes)
Hash
07a031f7bbfd85cbfd1e26aee11cab4d
f6ff1f8f0014316eecef296301e9ff4d72cae7ba
da2fa8c9b8d324d1ac9794956619f02985ab1dd01feac70d2fb329d7f3c17aef

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code
urlquery	phishing	Phishing - Mamba Phishing Kit

HTTP Headers

GET /wp-admin/ftg/ HTTP/1.1
Host: skansal.sch.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-store
set-cookie: _cid=cdb8812750c5f26dd07ba27306648386; expires=Mon, 07-Jul-2025 20:21:23 GMT; Max-Age=60
vary: Accept-Encoding
content-encoding: br
content-length: 1618
content-type: text/html; charset=UTF-8
date: Mon, 07 Jul 2025 20:20:22 GMT
server: Apache
X-Firefox-Spdy: h2

GET linkprotect.cudasvc.com/url?a=https%3a%2f%2fskansal.sch.id%2fwp-admin%2fftg&c=E,1,81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg,,&typo=1

52.29.77.178

302 Moved Temporarily

2.9 kB

URL User Request GET
linkprotect.cudasvc.com/url?a=https%3a%2f%2fskansal.sch.id%2fwp-admin%2fftg&c=E,1,81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg,,&typo=1
IP
52.29.77.178:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.linkprotect.cudasvc.com
Fingerprint63:F1:CC:0D:42:5E:A3:9F:FC:2D:A3:F0:FB:15:01:4C:95:FC:54:1A
ValidityMon, 20 Jan 2025 00:00:00 GMT - Wed, 18 Feb 2026 23:59:59 GMT

File type

Size
2.9 kB (2944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /url?a=https%3a%2f%2fskansal.sch.id%2fwp-admin%2fftg&c=E,1,81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg,,&typo=1 HTTP/1.1
Host: linkprotect.cudasvc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Mon, 07 Jul 2025 20:20:21 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Server: nginx
Location: https://skansal.sch.id/wp-admin/ftg
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block    script-src 'self' 'unsafe-inline' npmcdn.com cdnjs.cloudflare.com unpkg.com unpkg.com cdn.jsdelivr.net;:     style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net;:     font-src * data: 'self' 'unsafe-inline' fonts.gstatic.com;    frame-src 'self';:     worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:;    media-src 'self' d2rmfex73stak2.cloudfront.net;:     img-src 'self' d2rmfex73stak2.cloudfront.net;:     frame-ancestors 'none':
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Security-Policy: default-src 'self' 'unsafe-inline' npmcdn.com unpkg.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' npmcdn.com cdnjs.cloudflare.com unpkg.com unpkg.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net; font-src * data: 'self' 'unsafe-inline' fonts.gstatic.com; frame-src 'self'; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; media-src 'self' d2rmfex73stak2.cloudfront.net; img-src 'self' d2rmfex73stak2.cloudfront.net; frame-ancestors 'none'

GET x.com/

162.159.140.229

200 OK

263 kB

URL User Request GET
x.com/
IP
162.159.140.229:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectx.com
Fingerprint4D:FF:7C:A8:16:89:E2:B7:68:EA:2F:04:2B:AF:8D:88:B9:39:7B:3F
ValidityWed, 25 Jun 2025 17:57:10 GMT - Tue, 23 Sep 2025 17:57:09 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (42037)
Size
263 kB (263338 bytes)
Hash
0a0668f61b3d29d08a9256f029874fa2
ec10234b6a2bd7296cb71eb4c6f2c0b9825e3090
a57cc0cba61f30518244ca902f561a66a4bce4687e3f5aa13ad6919defb9fb4a

HTTP Headers

GET / HTTP/1.1
Host: x.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://skansal.sch.id/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET skansal.sch.id/favicon.ico

203.175.9.168

302 Found

0 B

URL GET
skansal.sch.id/favicon.ico
IP
203.175.9.168:443
ASN
#58487 CV. Rumahweb Indonesia

Requested by
https://skansal.sch.id/wp-admin/ftg/
Certificate
IssuerLet's Encrypt
Subjectcpcontacts.skansal.sch.id
Fingerprint2A:C2:34:CD:06:9A:95:99:76:07:F3:67:A1:B4:B8:08:B7:4E:4C:4B
ValidityTue, 10 Jun 2025 15:09:18 GMT - Mon, 08 Sep 2025 15:09:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Mamba Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: skansal.sch.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://skansal.sch.id/wp-admin/ftg/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
link: <https://skansal.sch.id/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: https://skansal.sch.id/wp-content/uploads/2025/07/cropped-smkn1leuwiliang-32x32.png
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 07 Jul 2025 20:20:23 GMT
server: Apache
X-Firefox-Spdy: h2

GET clt1772844.benchurl.com/c/l?u=12B3E2E2&e=1A11898&c=1B0D2C&&t=0&l=131E8FDBD&email=CqbQ%2BCXhFKxX%2BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%3D&seq=1

52.24.10.182

302 Found

2.9 kB

URL User Request GET
clt1772844.benchurl.com/c/l?u=12B3E2E2&e=1A11898&c=1B0D2C&&t=0&l=131E8FDBD&email=CqbQ%2BCXhFKxX%2BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%3D&seq=1
IP
52.24.10.182:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint1E:0E:8C:1A:71:20:37:B5:27:3E:3E:C3:8B:87:9C:D6:36:91:CB:2C
ValidityThu, 15 Aug 2024 00:00:00 GMT - Fri, 12 Sep 2025 23:59:59 GMT

File type

Size
2.9 kB (2944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/l?u=12B3E2E2&e=1A11898&c=1B0D2C&&t=0&l=131E8FDBD&email=CqbQ%2BCXhFKxX%2BSwvIDY2l0uk9JVzLXOZBJcAT8xErqg%3D&seq=1 HTTP/1.1
Host: clt1772844.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: awselb/2.0
date: Mon, 07 Jul 2025 20:20:21 GMT
content-type: application/octet-stream
content-length: 0
location: https://us.content.exclaimer.net/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fskansal.sch.id%252fwp-admin%252fftg%26c%3DE%2C1%2C81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg%2C%2C%26typo%3D1&tenantid=GpczTlfuEfCPfAAiSCLDkg&templateid=43f2db460b58f0118f7c00224822c392&excomponenttype=SocialMediaIcon&signature=LiWnW4ZZzHHSz_F15NkMqx-9fpm6CINbQOsq2zvIX1MPQx8Z6T6Y4XN8QXB2PdSP2-PmxYTegiw70hxFeG59wk4ynZ3Ul5a_BLnVr1UjmP-TZ1d2AuldMBuxFT4BMixhLUX-XkYB2KwTlgaDraojUWrLbgRvFGyREl_r5vFS4LCwBOajujnSo2dFvtNejM9KCGHO1HTGD7hiud9ykOfKaSKZ-xrs4Mcm001AB-EdkfXHupvUqE5Sk8bSwqR4TanY5LeYeXjGutvAMXHQdA-B7WziIVo1J3mL5zcMZFK3fhqlp0CDwcSIqErz_wDxq4i1C2zZ3f7u7i8qdlCO1l5_Vg&v=1&imprintMessageId=7227a989-1b04-4371-b007-72bf005ea9ea&utm_source=BenchmarkEmail&utm_campaign=Jul_07_2025_Email_3&utm_medium=email
X-Firefox-Spdy: h2

GET us.content.exclaimer.net/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fskansal.sch.id%252fwp-admin%252fftg%26c%3DE%2C1%2C81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg%2C%2C%26typo%3D1&tenantid=GpczTlfuEfCPfAAiSCLDkg&templateid=43f2db460b58f0118f7c00224822c392&excomponenttype=SocialMediaIcon&signature=LiWnW4ZZzHHSz_F15NkMqx-9fpm6CINbQOsq2zvIX1MPQx8Z6T6Y4XN8QXB2PdSP2-PmxYTegiw70hxFeG59wk4ynZ3Ul5a_BLnVr1UjmP-TZ1d2AuldMBuxFT4BMixhLUX-XkYB2KwTlgaDraojUWrLbgRvFGyREl_r5vFS4LCwBOajujnSo2dFvtNejM9KCGHO1HTGD7hiud9ykOfKaSKZ-xrs4Mcm001AB-EdkfXHupvUqE5Sk8bSwqR4TanY5LeYeXjGutvAMXHQdA-B7WziIVo1J3mL5zcMZFK3fhqlp0CDwcSIqErz_wDxq4i1C2zZ3f7u7i8qdlCO1l5_Vg&v=1&imprintMessageId=7227a989-1b04-4371-b007-72bf005ea9ea&utm_source=BenchmarkEmail&utm_campaign=Jul_07_2025_Email_3&utm_medium=email

172.64.152.78

302 Found

2.9 kB

URL User Request GET
us.content.exclaimer.net/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fskansal.sch.id%252fwp-admin%252fftg%26c%3DE%2C1%2C81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg%2C%2C%26typo%3D1&tenantid=GpczTlfuEfCPfAAiSCLDkg&templateid=43f2db460b58f0118f7c00224822c392&excomponenttype=SocialMediaIcon&signature=LiWnW4ZZzHHSz_F15NkMqx-9fpm6CINbQOsq2zvIX1MPQx8Z6T6Y4XN8QXB2PdSP2-PmxYTegiw70hxFeG59wk4ynZ3Ul5a_BLnVr1UjmP-TZ1d2AuldMBuxFT4BMixhLUX-XkYB2KwTlgaDraojUWrLbgRvFGyREl_r5vFS4LCwBOajujnSo2dFvtNejM9KCGHO1HTGD7hiud9ykOfKaSKZ-xrs4Mcm001AB-EdkfXHupvUqE5Sk8bSwqR4TanY5LeYeXjGutvAMXHQdA-B7WziIVo1J3mL5zcMZFK3fhqlp0CDwcSIqErz_wDxq4i1C2zZ3f7u7i8qdlCO1l5_Vg&v=1&imprintMessageId=7227a989-1b04-4371-b007-72bf005ea9ea&utm_source=BenchmarkEmail&utm_campaign=Jul_07_2025_Email_3&utm_medium=email
IP
172.64.152.78:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectexclaimer.net
Fingerprint4F:2A:B6:46:41:8A:D2:7A:E7:CC:8C:B1:F3:4E:F4:D7:97:3B:A5:B0
ValidityWed, 21 May 2025 19:02:25 GMT - Tue, 19 Aug 2025 20:02:23 GMT

File type

Size
2.9 kB (2944 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fskansal.sch.id%252fwp-admin%252fftg%26c%3DE%2C1%2C81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg%2C%2C%26typo%3D1&tenantid=GpczTlfuEfCPfAAiSCLDkg&templateid=43f2db460b58f0118f7c00224822c392&excomponenttype=SocialMediaIcon&signature=LiWnW4ZZzHHSz_F15NkMqx-9fpm6CINbQOsq2zvIX1MPQx8Z6T6Y4XN8QXB2PdSP2-PmxYTegiw70hxFeG59wk4ynZ3Ul5a_BLnVr1UjmP-TZ1d2AuldMBuxFT4BMixhLUX-XkYB2KwTlgaDraojUWrLbgRvFGyREl_r5vFS4LCwBOajujnSo2dFvtNejM9KCGHO1HTGD7hiud9ykOfKaSKZ-xrs4Mcm001AB-EdkfXHupvUqE5Sk8bSwqR4TanY5LeYeXjGutvAMXHQdA-B7WziIVo1J3mL5zcMZFK3fhqlp0CDwcSIqErz_wDxq4i1C2zZ3f7u7i8qdlCO1l5_Vg&v=1&imprintMessageId=7227a989-1b04-4371-b007-72bf005ea9ea&utm_source=BenchmarkEmail&utm_campaign=Jul_07_2025_Email_3&utm_medium=email HTTP/1.1
Host: us.content.exclaimer.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 07 Jul 2025 20:20:21 GMT
content-length: 0
location: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fskansal.sch.id%2fwp-admin%2fftg&c=E,1,81_7CgexFJEimlPkEmGu3BJgqPjmfxXd_u_MVvASlDsZIFVBlCaTlvumXlH4XzDDS6_5lpVS4Z4K7_vSgNmFStJeofcMmQaGpwgeY8TlX6EV0oJ7Rg,,&typo=1
cf-ray: 95ba0ac2b8700b3d-OSL
set-cookie: __cf_bm=Un8_hoDf_.yKa96irY.YIzQVLPSIh7YJyAyQCnVioKs-1751919621-1.0.1.1-LdEZJH0vTJyRa7iOIGltS1iB3ahOruKw3yRO7o8NbDV7p9ZIHzbw1oOdZs9sRtWFr2ftEMGJlUcWncDaNcenuobrFNY7P3BvF8SIGCDF_DE; path=/; expires=Mon, 07-Jul-25 20:50:21 GMT; domain=.exclaimer.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=31536000
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET