garisbiru.xyz Open in urlscan Pro
2606:4700:3037::ac43:b0a1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://garisbiru.xyz/
Submission: On March 16 via api (March 16th 2022, 11:02:09 am UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3037::ac43:b0a1, located in United States and belongs to CLOUDFLARENET, US. The main domain is garisbiru.xyz.
TLS certificate: Issued by E1 on February 26th 2022. Valid for: 3 months.

This is the only time garisbiru.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Emiliano (Banking)

Domain & IP information

	IP Address		AS Autonomous System
15	2606:4700:303... 2606:4700:3037::ac43:b0a1		13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	1

15 2606:4700:3037::ac43:b0a1 (United States)

ASN13335 (CLOUDFLARENET, US)

garisbiru.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	garisbiru.xyz garisbiru.xyz	291 KB
15	1

	Domain	Requested by
15	garisbiru.xyz	garisbiru.xyz
15	1

This site contains links to these domains. Also see Links.

Domain
m.credem.it

Subject Issuer	Validity	Valid
*.garisbiru.xyz E1	`2022-02-26` - `2022-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://garisbiru.xyz/
Frame ID: C7409C31F729F8610CEFC1E715894E94
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mobile Banking - Accesso

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

291 kB
Transfer

741 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#myOverlayLastDisposeStep

Search URL Search Domain Scan URL

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#helpOverlay

Search URL Search Domain Scan URL

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#/landingPage
Title: Il servizio richiesto non è al momento attivo. Ci scusiamo per l'inconveniente.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response garisbiru.xyz/	22 KB 6 KB	477ms 451ms	Document text/html	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5b3322d7475f45b7d05056bdb2763f6595d596fc0ff78f7654a9489834a446a6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-type text/html; charset=UTF-8 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhWN9EJShNZM7%2F4VYXTu5m%2ForAKuzr%2B4F4x1FHKwNVtGO3TMBYTC9GJlOXSuRyxerpEjdz5FTTSwi%2Fnu6zwuq2pRmYv1I6G4O%2BtebGYCHnFOMOUCCnCqvDaq%2FTXYuli2MnN8PUyFq2DXt4VM"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6eccfe90ef519235-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	worklight.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	4 KB 2 KB	378ms 376ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/worklight.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11db581c7a2efa5271fd38426fb14ad8552e7d6b36f56cda387105e11e1f096d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4JmmMrecAedm7iuWaP4aD8hDfEIOsnbp0Tsv14kTF6Zmou7fPjGtaW6t12Mg%2FObjpgIHIQqzo1bdBkY7Qfc62QKXEP5C2bfbbSNC9NdanVZxOo%2F2LTAgHb%2BxXU40gUWCunu3GJWQt%2Bm7b3vc"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93eba69235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	mobile-angular-ui.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	601 KB 240 KB	385ms 384ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7d520d0447115ba095990b4d35372416c36ec8be0c35e82a005d5dc383efb41d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jaWPqxjy49iOZqlNczaXQ9oFgFxcTZeuSldYyyVkK9XUfI01iElhBsVQqv3YxzgIOYqjpK7zD0YgBVcDzmWBzKDaJpyB%2FbRBw%2FccmAQWurBdz%2BQGasCNDoL%2FnFJBBdheWqzHQGlT5luht%2Fp4"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93eba89235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	platform.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	853 B 687 B	377ms 376ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/platform.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a1045e39d7436375d3bc19b031a2e5a1c40efa7dc08878962ddc4f8d941613bf` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ntrOlwQL%2Foj77Crbg4Jva4t%2BrrVvi2WS1Xlv7G%2F7lllCbgVehpvPuXYmpTaE3j5yTK7sKNBc7tvnxzpw%2FX9ETqITgTdHpwhYYpHKEL5QgPO5l4GyUgL6OqBvDuBZdZELx3TeHd8HHP2BC6a"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93eba99235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	storelocator.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	2 KB 767 B	372ms 370ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/storelocator.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `38812c71770782bde27bf3b16c0de4065b35c6a822e3d261266a1bf1c8e6945c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k31NTytn0B8GbPqGJqITfQRKRRRk4rQ9ORJPA2t63YfB3PagpbsVGwhBb%2Bo4FQGg5QAGLFGH2p%2F%2FZDJ4klsfrtZC8N83Eb26mxVv%2FKiAEwopE%2FnkWQGpd%2FQUljvt4zv7SCdgVrU7OBfCGcoV"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93ebaa9235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-ui.structure.min.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	5 KB 2 KB	370ms 369ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/jquery-ui.structure.min.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `513fc2f35116559767bf35bee0aaef67be0655e0086982c358d201f8fae9c87c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BpycADDyhUFnZGB0rY1odT%2FR8QSo7JG2DancBnErMQwlb9VNPCiSAv9Zh%2B65uAHHdcFpA3n1jwSii4RJlfjjY%2B7a%2BQ7F8kTgO2wJlxq3%2FZjP1Pjtss%2FLTmoxqJiQN3MlM%2BT3%2FNlH5uCXixE"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93ebab9235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	demo.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	1 KB 816 B	382ms 381ms	Stylesheet text/css	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/demo.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6de4e585cc5cef8e5842aa5c65d6e91ad8d39d1aa51d2cd3d1b8b3067983ff15` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtMrIdI5OTHF%2FryBCwonziWygCHJdfiPlycmXi69E0jnOmqC4BOoaLKak9v%2FVNI6iWAEfsYB%2Fssc3Ooxd%2BGzjcD3UEICVD6sjPDxkZ8Ku1Eyfap3D30iEZaB5EI3FBtZICfrIZgXfl88LMIy"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93ebac9235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-3.5.1.min.js Show response garisbiru.xyz/	87 KB 32 KB	373ms 372ms	Script application/javascript	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/jquery-3.5.1.min.js Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 09 Nov 2020 20:33:52 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOgsqS42pfyOKe1C283FKbs1v3JNzSPTE%2FyvPmUHFWD09pQU48h%2Fj9JreKd1XxgkPQ2CqmF%2FLPh5rQFX%2FhJ0Bf53DYRq7H6xUZvhYfjr4zdENreUSLLkt2%2BeaFVZWd4DbwnUePf5l5ynFWRq"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe93ebae9235-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	jquery.payform.min.js Show response garisbiru.xyz/	16 KB 5 KB	19ms 19ms	Script application/javascript	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/jquery.payform.min.js Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT content-encoding br cf-cache-status HIT last-modified Thu, 24 Jan 2019 00:57:24 GMT server cloudflare age 7009 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dYxndv8VK9G%2BiemSfy1sZTi2UNtiw9ZWyTQwwMBAMzdyjH0ARjvDerXsW6eTlbxe4KyGSbHfJqq%2FthZSm9m03mr5353bDhQ1V46QZu4GhYlFvtV704ZyE1ld5MlNEhaBs2gbNTERK5VzNk9"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccfe96a825916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	trasp.gif garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	49 B 574 B	21ms 21ms	Image image/gif	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/trasp.gif Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `239e0713e261a5384abb283a2b07831856667c51041bf33eb0602797412f6770` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT cf-cache-status HIT last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare age 7008 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2oe4dapbT%2BYutH9gb1pZPT1yCL5DA2TOTBDnchxF6Zvxl9wBl4YVXzNbaY5yIS6F9J2l0KzBZ2gDE9jNnuruPKN5zsOgQy7ya3FGI8ZecHcWgbRS95oPVpRy982utJUTgAqODJHYicIldlc"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6eccfe97fb0c916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 49
GET H3	200	credem-logo-x2.png garisbiru.xyz/images/	2 KB 3 KB	19ms 19ms	Image image/png	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://garisbiru.xyz/images/credem-logo-x2.png Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `178817e5d27d343db06f19b77a6f4b0e1feef1deac4a9dbcba5512eac6d06d46` Request headers Accept-Language de-DE,de;q=0.9 Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:04 GMT cf-cache-status HIT last-modified Mon, 29 Mar 2021 21:09:00 GMT server cloudflare age 7008 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcvEo8czfbsZiY32RDg0lLlhjclkaC2kq6yXQuUOVRphJ4Y1W%2BY%2BTMP4RFxqok8stnvg2iEZaj6MJRTmSjsxK0aGL3DOBXBUILTg4ha0fR3VFxr2qvdr%2FSq42E2jW2Ln6%2FMM1wBch%2BUODuDM"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6eccfe97fb23916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 2189
GET H3	404	Oxygen-Regular.woff garisbiru.xyz/lib/fonts/	0 0	357ms 356ms	Font text/html	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Regular.woff Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:05 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8mM%2Fbdwe%2Fj9pctqv5fH%2FJmmLcCxZqgWHUBKqGEPkNLyyptFNl657UXfCN97LxI%2BfkRf02Ltsy1rYNpgvUkUsGRi3TPInp2Hob9635ZXHVyYPNRUzBRdsFlUZqF5AZoCWgqjqKYeWPZS9ScN"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccfe980b37916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Bold.woff garisbiru.xyz/lib/fonts/	0 0	355ms 354ms	Font text/html	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Bold.woff Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:05 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46hg7qOlsRwx3SO%2BAssLjralNw3RMNjbmMkPson8s9ag4M5zmib%2FyRxT9FlLdlzFOUtym4LkTfQioda32005nh8%2BBhF01RZds%2B8N5OBywjFgOBe6JBeyIktykrkf%2BW9d7TlqgEmP%2F4v%2FMM06"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccfe980b39916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Bold.ttf garisbiru.xyz/lib/fonts/	0 0	1017ms 1016ms	Font text/html	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Bold.ttf Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:06 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsAQdFiDpBKM0pXKu6R8VWgukUxhjsSeJFyu9yZjfzzgjv9dYDeUGO8u6iegAHOFaE2hIzwNviFRvh8JByBOxvRwsHwfgGcLA0csVv%2FJHDrh%2F6ppFRdPK1nBBRvZhivtf5B4l3FOVm4MpeO%2F"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccfe9a384b916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Regular.ttf garisbiru.xyz/lib/fonts/	0 0	1013ms 1012ms	Font text/html	2606:4700:3037::ac43:b0a1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Regular.ttf Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:b0a1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 11:02:06 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2BusZanK5UMRS3Yv4FuonZ4Dpd56%2FBlZJVTolkHHdAVd%2F8Zn4WaL8mDDyqMtB9A38AOFDWTaYSokkOldvyw8cV9RT3Hmvvsp71trEt2lvdeK7utoRe3j2iQRss6pjTq0t6GdHze4vlhbTi1O"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccfe9a385b916b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Emiliano (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			garisbiru.xyz/	1970-01-23 17:13:08	Name: COOKIE_KEY Value: 164742852366

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

garisbiru.xyz
2606:4700:3037::ac43:b0a1
11db581c7a2efa5271fd38426fb14ad8552e7d6b36f56cda387105e11e1f096d
178817e5d27d343db06f19b77a6f4b0e1feef1deac4a9dbcba5512eac6d06d46
239e0713e261a5384abb283a2b07831856667c51041bf33eb0602797412f6770
38812c71770782bde27bf3b16c0de4065b35c6a822e3d261266a1bf1c8e6945c
513fc2f35116559767bf35bee0aaef67be0655e0086982c358d201f8fae9c87c
5b3322d7475f45b7d05056bdb2763f6595d596fc0ff78f7654a9489834a446a6
6de4e585cc5cef8e5842aa5c65d6e91ad8d39d1aa51d2cd3d1b8b3067983ff15
7d520d0447115ba095990b4d35372416c36ec8be0c35e82a005d5dc383efb41d
a1045e39d7436375d3bc19b031a2e5a1c40efa7dc08878962ddc4f8d941613bf
ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

garisbiru.xyz Open in urlscan Pro 2606:4700:3037::ac43:b0a1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

291 kBTransfer

741 kBSize

1 Cookies

3 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

garisbiru.xyz Open in urlscan Pro
2606:4700:3037::ac43:b0a1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

291 kB
Transfer

741 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!