grouh.vercel.app
Open in
urlscan Pro
76.76.21.142
Malicious Activity!
Public Scan
Effective URL: https://grouh.vercel.app/
Submission: On August 16 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R11 on August 14th 2024. Valid for: 3 months.
This is the only time grouh.vercel.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: State Bank of India (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 2606:4700:303... 2606:4700:3032::6815:168f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 76.76.21.142 76.76.21.142 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2606:4700:303... 2606:4700:3034::ac43:8b83 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
vercel.app
grouh.vercel.app |
226 KB |
4 |
ko.fm
1 redirects
ko.fm |
10 KB |
1 |
sanik.info
api.sanik.info |
511 B |
26 | 3 |
Domain | Requested by | |
---|---|---|
22 | grouh.vercel.app |
ko.fm
grouh.vercel.app |
4 | ko.fm |
1 redirects
ko.fm
|
1 | api.sanik.info |
grouh.vercel.app
|
26 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ko.fm WE1 |
2024-07-02 - 2024-09-30 |
3 months | crt.sh |
*.vercel.app R11 |
2024-08-14 - 2024-11-12 |
3 months | crt.sh |
sanik.info WE1 |
2024-08-08 - 2024-11-06 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://grouh.vercel.app/
Frame ID: D07EA8A8C2B3EE88DD5694B1D2EA4AAD
Requests: 25 HTTP requests in this frame
Frame:
https://ko.fm/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js
Frame ID: 63321618E9EDC16D5D2956B8ED8BAC5A
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
WellcomePage URL History Show full URLs
- https://ko.fm/69l Page URL
- https://grouh.vercel.app/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ko.fm/69l Page URL
- https://grouh.vercel.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://ko.fm/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://ko.fm/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/main.js
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
69l
ko.fm/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
ko.fm/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
ko.fm/cdn-cgi/challenge-platform/h/g/scripts/jsd/ba7376691753/ Frame 6332 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
grouh.vercel.app/ |
2 KB 995 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d165f53bfe0746bf.css
grouh.vercel.app/_next/static/css/ |
341 B 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b7901d2a9f52bece.css
grouh.vercel.app/_next/static/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack-59c5c889f52620d6.js
grouh.vercel.app/_next/static/chunks/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework-ecc4130bc7a58a64.js
grouh.vercel.app/_next/static/chunks/ |
138 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-b050d8ac31ca2699.js
grouh.vercel.app/_next/static/chunks/ |
107 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_app-c5d62e69229318b8.js
grouh.vercel.app/_next/static/chunks/pages/ |
471 B 607 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
345-9925433eba0d4a61.js
grouh.vercel.app/_next/static/chunks/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-e6d506357999c428.js
grouh.vercel.app/_next/static/chunks/pages/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_buildManifest.js
grouh.vercel.app/_next/static/_XbrLwFUmZXNotrsQlEWl/ |
1 KB 658 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_ssgManifest.js
grouh.vercel.app/_next/static/_XbrLwFUmZXNotrsQlEWl/ |
77 B 210 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jdss.gif
grouh.vercel.app/ |
84 KB 84 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
354-d29461bb4c044697.js
grouh.vercel.app/_next/static/chunks/ |
65 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
664-fe029c8b38e64ec1.js
grouh.vercel.app/_next/static/chunks/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zxo-7beac466d9727d7a.js
grouh.vercel.app/_next/static/chunks/pages/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b7901d2a9f52bece.css
grouh.vercel.app/_next/static/css/ |
3 KB 62 B |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
grouh.vercel.app/ |
2 KB 991 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
im-conf.json
grouh.vercel.app/ |
3 KB 976 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
site-token
api.sanik.info/ |
18 B 511 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
grouh.vercel.app/ |
2 KB 53 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rvdc.png
grouh.vercel.app/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsig.png
grouh.vercel.app/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pctd.png
grouh.vercel.app/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: State Bank of India (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ko.fm/ | Name: cf_clearance Value: 84_uEYkXxYAQsICOrk7QOzBfw9hqQPWrvFWJ_s_rwCU-1723818836-1.0.1.1-dYix9jBayh6FgqbspmocP_qmW4IMeBuOaom6aJ1w..ogO6JCFVqpTB2HrB7m3yXDAOMzBUmAXLUncYAIsaIT9g |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.sanik.info
grouh.vercel.app
ko.fm
2606:4700:3032::6815:168f
2606:4700:3034::ac43:8b83
76.76.21.142
09daa129cf6a67d8a0950eb99e86dd5d44f14c050d757da46c4fff61b3218998
1f41b53c6226cca51e4917f819d6bfa3313496b0491d39a06564e4a5780c2a83
262cef1ab2c7b265591af3ca18b1fd9b3b320776dcd820fc05a49f9ee7d72bd2
2b039946d781576c4bc290acbfba18446c113fdf5a8c10cc4fb3aaa1f9a31ee9
3c20c943b8076edcb558d970c24899326d14d78512998c4c6e643839003ff1c3
3ddb67d0c6746604146a08bc3716f803cbd4a1110f8dda886e13cbf5f98f3a08
3f3b932ceca95ad49a46feadc9656032a2e0d9d87e5ce9c7aae756ddb6aa54fa
5fe57999d07d74a2482009f9ea56d1bf6621d1e6cbcc1ac275ec43f315c4f06d
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
757e9df14335e26db4b40cc9eeff46344f6e501ef61f19178c6c86ce03230e4b
761e9329d5dc491a063f81ea1dedaec335826413f3d7a7724d6b9f2ecc5e46f3
80acf86064d3d27e8f3714d727106c071defa437c012fb1ccd9c15800f1efc88
811fdd913c55131af95bf0a4453ec6f2f426a29bbf92e2eabc38765532016509
887cd93c7000e296b9a5bd4da6d0ab305b56e034ed6320a00453dd0409e39bac
9178624f4191815eee0a79b351a67287957bdd20817634e19de8462d69596ba4
931e6be28a7fcfad35b419194152edac1f95b2176ce1c20d140267b44d0f12ee
a119bdbe8df5f3e2ea0b5329aa99cad5b8aded77aff4245553325eae9720b78d
a7eb2e3d55740e3a4fb346e78163977d79bfc1c65863e269c100c131817ef0f9
c89c89b99376e2eed88ed1495764a0aa03d166864ab2e59f2fb50730d04f3a45
ccb0342bf7ad0c3792998fcc1f2a07b65aed415542ab6d4071830b20e8dd4817
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
e698f834123009662e2b79b1068f6837373c8e085a8cb0101716122506719d94