garisbiru.xyz Open in urlscan Pro
2606:4700:3030::6815:5059 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://garisbiru.xyz/
Effective URL:
https://garisbiru.xyz/
Submission: On March 16 via manual (March 16th 2022, 10:56:31 am UTC) from IT — Scanned from IT

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3030::6815:5059, located in United States and belongs to CLOUDFLARENET, US. The main domain is garisbiru.xyz.
TLS certificate: Issued by E1 on February 26th 2022. Valid for: 3 months.

This is the only time garisbiru.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Emiliano (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 16	2606:4700:303... 2606:4700:3030::6815:5059		13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	1

16 2606:4700:3030::6815:5059 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

garisbiru.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	garisbiru.xyz 1 redirects garisbiru.xyz	292 KB
15	1

	Domain	Requested by
16	garisbiru.xyz	1 redirects garisbiru.xyz
15	1

This site contains links to these domains. Also see Links.

Domain
m.credem.it

Subject Issuer	Validity	Valid
*.garisbiru.xyz E1	`2022-02-26` - `2022-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://garisbiru.xyz/
Frame ID: 60A2C73C2690BCEDA50E66BD3525A574
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mobile Banking - Accesso

Page URL History Show full URLs

http://garisbiru.xyz/ HTTP 301
https://garisbiru.xyz/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

291 kB
Transfer

741 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#myOverlayLastDisposeStep

Search URL Search Domain Scan URL

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#helpOverlay

Search URL Search Domain Scan URL

URL: https://m.credem.it/CredemMobile/apps/services/www/CredemMobile/mobilewebapp/default/index.html#/landingPage
Title: Il servizio richiesto non è al momento attivo. Ci scusiamo per l'inconveniente.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://garisbiru.xyz/ HTTP 301
https://garisbiru.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response garisbiru.xyz/ Redirect Chain http://garisbiru.xyz/ https://garisbiru.xyz/	22 KB 6 KB	479ms 427ms	Document text/html	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5b3322d7475f45b7d05056bdb2763f6595d596fc0ff78f7654a9489834a446a6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-type text/html; charset=UTF-8 cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2B4QxnaZpKxRZW0WZI999xHDOVbXQa3ocA8XH6%2FRS88QDvF4PoTY8fbBzgN%2FFHVMm7TripJGJUen04xUYOGZhzzU5vhoPLwnnOB5Wf4j6lwE4bqsR3znibrd4CcZgy35sBBSXxSQAqAZCBaw"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6eccf64a39f883b8-MXP content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Date Wed, 16 Mar 2022 10:56:24 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Wed, 16 Mar 2022 11:56:24 GMT Location https://garisbiru.xyz/ Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3rz3z%2FZ2F2g9rVtiGKEfAXxBy0sHnCHdJFy8s%2Bkp%2FU5llQxSRjTSKSxmyURJ8OKZcUMEe7QnbOAk8jPvB59a7jvLDfcdlFo%2BdYiocP9uGPrzpKPJ%2Bmk%2BE1X5DEVb0cfhv%2FzVEszQ3NnGKtf"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary Accept-Encoding Server cloudflare CF-RAY 6eccf6499e0f59e3-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	worklight.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	4 KB 2 KB	395ms 394ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/worklight.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11db581c7a2efa5271fd38426fb14ad8552e7d6b36f56cda387105e11e1f096d` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJmud97KC7ZZ6H79kSgFObpfWR7Lu3aAUoaHk9s9SQRLdc7P9keBIf8XEpdNjySX0Vazk7e7ab%2BjneN1aMzoMjsEi8t35920QDv6RrB3X3EMsk5%2BeEur%2BkZ0U75ggcKw0LNL9uCAfYqt3pBz"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d090083b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	mobile-angular-ui.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	601 KB 240 KB	416ms 415ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7d520d0447115ba095990b4d35372416c36ec8be0c35e82a005d5dc383efb41d` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZm%2FCYpG%2BmC5LDrsKwqNgDUUUCu8MFPi%2FrjpOKH%2BH25OXVZcWdDphJCpQdcE1bfAumOR5ZS6r2txnTBDE7VAdqiFczYe2r%2BSNNZo9tJ2WBhUGoEscbDFPDzH9ycaiXVyVZT25wvg4LD156k%2F"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d090883b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	platform.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	853 B 685 B	395ms 394ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/platform.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a1045e39d7436375d3bc19b031a2e5a1c40efa7dc08878962ddc4f8d941613bf` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5Kg79yVEPESKy09EuWFhJZ4zLEyfyMSX0tbD4tnvQP28siL5q%2BTdGzlQCFC5xTaIgJQk6eadbRU4mjUHkk5BpUso19zhnPjJHTYRtHR8TZL2xGQdB5MJbBkwy6kDInkjr%2BAQCiTH0SZkYmP"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d090b83b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	storelocator.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	2 KB 792 B	384ms 383ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/storelocator.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `38812c71770782bde27bf3b16c0de4065b35c6a822e3d261266a1bf1c8e6945c` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDp2M84iA2mqkUfnC8VgEgIIZ7ZKhpWkGVrAbnD6UtqSxto0Hz0Gio9Ol7V2kCcxXnYaa4JMIMYc2ooJl6W4Od2qVz0zC%2F7GrEL%2BEd0B4VjzNz95Y%2BXswUweHSD6VxY0CSRVNg2TxpefoJgz"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d090f83b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-ui.structure.min.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	5 KB 2 KB	397ms 396ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/jquery-ui.structure.min.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `513fc2f35116559767bf35bee0aaef67be0655e0086982c358d201f8fae9c87c` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNMIMi3GA4%2BBJRwliuKshv9WuMAfinK7%2FR00u7X383GsJgQRdOd9JK8%2BPKGcma9M6ENxyZUNmKWyId2tA1Ew233Q79PpsqawRXRhm0q4oTbd2Rz%2FPh0l9%2FGbcKw%2B4UC52nxLsG%2FVY9QWH%2Bav"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d091183b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	demo.css garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	1 KB 821 B	397ms 396ms	Stylesheet text/css	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/demo.css Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6de4e585cc5cef8e5842aa5c65d6e91ad8d39d1aa51d2cd3d1b8b3067983ff15` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LzyjRcmFAHnX0GI1KkOPtwYsnieEkYysEgKw%2F7ZhN8fXFfl6bWmKSZ8O4v%2FI7VgZ9C1N21gjPS%2FJ%2B%2FG%2FTZGZ4bWz3rDu4Ptk1kgwzMaHFN4MWhExy%2BUkDxyEhRYTlr9H10KWOqewHyMatBRy"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d091783b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-3.5.1.min.js Show response garisbiru.xyz/	87 KB 32 KB	380ms 379ms	Script application/javascript	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/jquery-3.5.1.min.js Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Mon, 09 Nov 2020 20:33:52 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQ579Vu2wNwgR4YR9wp3fWoDBqDBsGQOKXcXUaws%2BzGIEWijAsUS0Grq5p2R5s9tWhSZJ%2FUpFqPSWKaAX%2FRYw3A04mohTQ4HNHxEP96b4fhSZCvG0ZGHav3oQV8DFRQzGtCQY1wNLrSTnJgy"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf64d091983b8-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	jquery.payform.min.js Show response garisbiru.xyz/	16 KB 5 KB	362ms 362ms	Script application/javascript	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/jquery.payform.min.js Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:25 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 24 Jan 2019 00:57:24 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRX7yE3F0iqMEXuv0Fo8KtNnnWEmxTq14A3fW%2BtSZH5nMkgLy6YU7MmBJ2GKSrTqv%2FE92gYC%2FwP5%2BY2rl6e5e8vENRuudqp3WGc6pUs0mWwD4cYYlYhUiTOXyQnFtfecyypM3FU9dbE56P01"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eccf6501b6e41f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	trasp.gif garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/	49 B 580 B	395ms 395ms	Image image/gif	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/trasp.gif Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `239e0713e261a5384abb283a2b07831856667c51041bf33eb0602797412f6770` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:26 GMT cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:05:38 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWeULtf35IJoIEXmb%2FY%2BApCFFiRsRn%2F51hfx3fE2fA%2Bfqp2IbrmvfL4aE6T8f9EYhQqRwr5lLXNRB7YqqEhMHIPhxtOIZsiMesIc3Oy7eNAX5RDeltF0yaociHkzIUCMgLx00rdN2XSNyS00"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6eccf6526f4041f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 49
GET H3	200	credem-logo-x2.png garisbiru.xyz/images/	2 KB 3 KB	728ms 728ms	Image image/png	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://garisbiru.xyz/images/credem-logo-x2.png Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `178817e5d27d343db06f19b77a6f4b0e1feef1deac4a9dbcba5512eac6d06d46` Request headers Accept-Language it-IT,it;q=0.9 Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:26 GMT cf-cache-status REVALIDATED last-modified Mon, 29 Mar 2021 21:09:00 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qut21AYtGNa3pzxIuXu05FT7tHupYVw2Io0sS2rjIfNvmXm%2F%2BR0qrzCGo1kZR3uNmO%2FMJF08K6PVHWmuNXkc2otW6EPucAi4Jmlz5edDpYaO2Lrb6AedkCU3hWrBdsPlOKYNPNsc1zqWXiFq"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6eccf6527f4c41f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 2189
GET H3	404	Oxygen-Regular.woff garisbiru.xyz/lib/fonts/	0 0	1764ms 1764ms	Font text/html	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Regular.woff Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:27 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTKmOOgPb0WfdaEs8YFyXNJrdPuv2o4tlG7lK3kohUPgzERVo7yrmksUN9pOg98e33R9%2Fa1n4N%2Bw7hEqQIicc4qzq3%2FYiq83Db1kp63w3EjsFedV2cR%2Fe2a%2FSTo8iiXyCHaY2LSvdIR8dy0%2F"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccf6527f5341f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Bold.woff garisbiru.xyz/lib/fonts/	0 0	726ms 726ms	Font text/html	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Bold.woff Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:26 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UeRjC4ExT8DGuwAM4c5W79E4mK%2FU%2Bk7m3T53wlKpAUp%2F%2BvSMADHIhDj288PdTFWMnkPXtw1dfg%2BezRfIAyU75P%2Bro7jicO92289ycPFH3OCHLRwH7AAmREsxW7z4zQwXohdTZ%2BghQBm3OP5T"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccf6527f5441f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Bold.ttf garisbiru.xyz/lib/fonts/	0 0	1049ms 1049ms	Font text/html	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Bold.ttf Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:27 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZWR%2BfA65HyV%2FtPuH7Z6%2Brf8%2B9Poyu4aUzBJRMbdVVHDGzZwaludcAQGAmaVV63%2B1fm4A7i1gEl24dLulXqGZqPjHGnUJDBrqESXypTtQFsFOLpp3bw5ZwOgpV%2BLicprz8HFjvGXZaBp2jsB"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccf6570ce541f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Oxygen-Regular.ttf garisbiru.xyz/lib/fonts/	0 0	387ms 387ms	Font text/html	2606:4700:3030::6815:5059 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://garisbiru.xyz/lib/fonts/Oxygen-Regular.ttf Requested by Host: garisbiru.xyz URL: https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:5059 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://garisbiru.xyz/Mobile%20Banking%20-%20Accesso_files/mobile-angular-ui.css Origin https://garisbiru.xyz Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 16 Mar 2022 10:56:28 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GuyUamHdZWBx3qpydcZeYdSd5VwDxXFSWOBFRXvMCv12vxPEpD%2BpYZ%2FXky3lLYQKDb4j%2FIDWoTBd5dzlDcf1LZZGrAyhmZTtOeyrf%2BptkDbUvEISYXnz1SDAUXmn%2B3Z9%2FllT6y6xjCGB6cO8"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6eccf65d7e1241f7-MRS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Emiliano (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			garisbiru.xyz/	1970-01-23 17:13:08	Name: COOKIE_KEY Value: 164742818570

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://garisbiru.xyz/lib/fonts/Oxygen-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

garisbiru.xyz
2606:4700:3030::6815:5059
11db581c7a2efa5271fd38426fb14ad8552e7d6b36f56cda387105e11e1f096d
178817e5d27d343db06f19b77a6f4b0e1feef1deac4a9dbcba5512eac6d06d46
239e0713e261a5384abb283a2b07831856667c51041bf33eb0602797412f6770
38812c71770782bde27bf3b16c0de4065b35c6a822e3d261266a1bf1c8e6945c
513fc2f35116559767bf35bee0aaef67be0655e0086982c358d201f8fae9c87c
5b3322d7475f45b7d05056bdb2763f6595d596fc0ff78f7654a9489834a446a6
6de4e585cc5cef8e5842aa5c65d6e91ad8d39d1aa51d2cd3d1b8b3067983ff15
7d520d0447115ba095990b4d35372416c36ec8be0c35e82a005d5dc383efb41d
a1045e39d7436375d3bc19b031a2e5a1c40efa7dc08878962ddc4f8d941613bf
ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

garisbiru.xyz Open in urlscan Pro 2606:4700:3030::6815:5059 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

291 kBTransfer

741 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

garisbiru.xyz Open in urlscan Pro
2606:4700:3030::6815:5059 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

291 kB
Transfer

741 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!