ghjkkjvsrdcx.vercel.app Open in urlscan Pro
76.76.21.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ghjkkjvsrdcx.vercel.app/
Submission: On September 25 via manual (September 25th 2024, 12:36:42 pm UTC) from DE — Scanned from CA

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 76.76.21.123, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is ghjkkjvsrdcx.vercel.app.
TLS certificate: Issued by R11 on August 14th 2024. Valid for: 3 months.

This is the only time ghjkkjvsrdcx.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
10	76.76.21.123 76.76.21.123	16509 (AMAZON-02) (AMAZON-02)
1	62.157.140.200 62.157.140.200	3320 (DTAG Inte...) (DTAG Internet service provider operations)
1	13.32.208.48 13.32.208.48	16509 (AMAZON-02) (AMAZON-02)
12	3

10 76.76.21.123 (Walnut, United States)

ASN16509 (AMAZON-02, US)

ghjkkjvsrdcx.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.157.140.200 (Bochum, Germany)

ASN3320 (DTAG Internet service provider operations, DE)
PTR: accounts.login.idm.telekom.com

accounts.login.idm.telekom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.208.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-208-48.iad66.r.cloudfront.net

www.t-online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	vercel.app ghjkkjvsrdcx.vercel.app	164 KB
1	t-online.de www.t-online.de — Cisco Umbrella Rank: 55825	6 KB
1	telekom.com accounts.login.idm.telekom.com — Cisco Umbrella Rank: 106135	5 KB
12	3

	Domain	Requested by
10	ghjkkjvsrdcx.vercel.app	ghjkkjvsrdcx.vercel.app
1	www.t-online.de	ghjkkjvsrdcx.vercel.app
1	accounts.login.idm.telekom.com	ghjkkjvsrdcx.vercel.app
12	3

This site contains no links.

Subject Issuer	Validity	Valid
*.vercel.app R11	`2024-08-14` - `2024-11-12`	3 months	crt.sh
accounts.login.idm.telekom.com Telekom Security ServerID EV Class 3 CA	`2024-07-12` - `2025-07-16`	a year	crt.sh
www.t-online.de Amazon ECDSA 256 M03	`2024-06-09` - `2025-07-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ghjkkjvsrdcx.vercel.app/
Frame ID: D27ACBB4881C2B8EC838B89E3A535727
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telekom Login

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

176 kB
Transfer

418 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ghjkkjvsrdcx.vercel.app/ 9 KB
3 KB 600ms
57ms Document
text/html 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

323530f83b9323ae4a4cd55b5813189499eaff840e6e56ddbf5c943f47e4e8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 661119
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 25 Sep 2024 12:36:37 GMT
etag: W/"5a6b127f3fee4719277a38be4a5f3318"
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-vercel-cache: HIT
x-vercel-id: iad1::lqhrv-1727267797983-72e935867692

GET
H2 200 a34f9d1faa5f3315-s.p.woff2
ghjkkjvsrdcx.vercel.app/_next/static/media/ 47 KB
48 KB 65ms
64ms Font
font/woff2 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/media/a34f9d1faa5f3315-s.p.woff2

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://ghjkkjvsrdcx.vercel.app
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
x-vercel-cache: HIT
etag: "d4fe31e6a2aebc06b8d6e558c9141119"
age: 623105
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48556
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="a34f9d1faa5f3315-s.p.woff2"
content-type: font/woff2
server: Vercel
x-vercel-id: iad1::dhwwb-1727267798050-35341e2339a5

GET
H2 200 29aabe831ebbe9bc.css
ghjkkjvsrdcx.vercel.app/_next/static/css/ 11 KB
3 KB 50ms
49ms Stylesheet
text/css 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/css/29aabe831ebbe9bc.css

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7f3369901c2f786441fde72bdd56f18655be575f157f8b95ac5c9ec3527697dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"6459a5343e63c4f27e6a52cc3b60fff5"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="29aabe831ebbe9bc.css"
content-type: text/css; charset=utf-8
server: Vercel
x-vercel-id: iad1::5v2kt-1727267798050-2d5930f83f88

GET
H2 200 telekom-logo-claim.svg
accounts.login.idm.telekom.com/static/factorx/images/ 5 KB
5 KB 2216ms
137ms Image
image/svg+xml 62.157.140.200
DTAG Internet ser...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://accounts.login.idm.telekom.com/static/factorx/images/telekom-logo-claim.svg

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

62.157.140.200 Bochum, Germany, ASN3320 (DTAG Internet service provider operations, DE),

Reverse DNS

accounts.login.idm.telekom.com

Software

Apache /

Resource Hash

5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public
expires: Wed, 25 Sep 2024 13:36:40 GMT
accept-ranges: bytes
sh: 21ab42450f1ffff128f95f820c6189a5
content-length: 5001
p3p: CP="NOI CURa TAIa OUR NOR UNI"
date: Wed, 25 Sep 2024 12:36:40 GMT
last-modified: Wed, 18 Jan 2023 06:23:52 GMT
content-type: image/svg+xml
server: Apache

GET
H2 200 t-online-logo-29112019.png
www.t-online.de/auth/ 6 KB
6 KB 158ms
44ms Image
image/png 13.32.208.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.t-online.de/auth/t-online-logo-29112019.png

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.208.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-208-48.iad66.r.cloudfront.net

Software

envoy /

Resource Hash

11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.t-online.de;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

x-request-id: a209456c-60c7-99ce-83a9-465330976793
etag: "0596f294efc4d2edc959324fdbf2b1539"
age: 591
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6ZkFdaB5qWELMgQTPbpCRacyBR2PoZWq5peXGk326VuH3gq1KoslaQ==
date: Wed, 25 Sep 2024 12:26:47 GMT
content-type: image/png
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self' https://*.t-online.de;
cache-control: max-age=86400, public
x-envoy-upstream-service-time: 6
x-amzn-trace-id: Root=1-66f40187-0d450d467206308520ccf98d
referrer-policy: strict-origin-when-cross-origin
via: 1.1 69e952c7b08727f752b5559b0b6d2108.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 5851
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD66-C1
server: envoy

GET
H2 200 webpack-a11adff0ebe57897.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/ 4 KB
2 KB 72ms
71ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/webpack-a11adff0ebe57897.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a4881e7b2d2a0ac75c2828cfa145586a5a2e5609d7d3cdad881deaa668c74d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"870355c70d3069925b28f272a002a0f2"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="webpack-a11adff0ebe57897.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::dhwwb-1727267798073-54a84946dfbe

GET
H2 200 2443530c-cb7d297fea6f8363.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/ 157 KB
51 KB 72ms
72ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/2443530c-cb7d297fea6f8363.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

bde37bd430d215e28fb644fc25c3545e22ae51646b52a961a4aaf32e79089b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"b2541f0a5ea893aef9c8b6be2e2af1b9"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="2443530c-cb7d297fea6f8363.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::5v2kt-1727267798073-8753357cf9ae

GET
H2 200 139-7e70f1d0c57bd3f9.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/ 95 KB
26 KB 89ms
88ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/139-7e70f1d0c57bd3f9.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

91a4b8a35a9fc435e23e037633ef04f9839faf1ebc1acb274fa027c4e0e229fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"cfad656fc5d01783d51c6246ddbda5e4"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="139-7e70f1d0c57bd3f9.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::gkpvc-1727267798073-7fd279751bf0

GET
H2 200 main-app-c0fde4ac3a0b3bab.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/ 417 B
554 B 88ms
87ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/main-app-c0fde4ac3a0b3bab.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2ea453d48b7dd499d05805d5dfb8bfc2d2b1f27c5abd4faa3435cf610ee47fbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
x-vercel-cache: HIT
etag: "cf1a08e9a8fea68bbe2de446b9162660"
age: 623105
accept-ranges: bytes
access-control-allow-origin: *
content-length: 417
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="main-app-c0fde4ac3a0b3bab.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::f8bb5-1727267798073-e8ad59073062

GET
H2 200 348-70cd963cc9bd95d6.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/ 51 KB
19 KB 49ms
49ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/348-70cd963cc9bd95d6.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/webpack-a11adff0ebe57897.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

de7e66e60353cae95be10a48f3e844e359cd4a5e7be2188a0daf89d4202336a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"2a717e7da6514e864e361f071f52a718"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="348-70cd963cc9bd95d6.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::dhwwb-1727267798197-7da0c8303ac4

GET
H2 200 page-5e8488c7c451179a.js Show response
ghjkkjvsrdcx.vercel.app/_next/static/chunks/app/ 7 KB
2 KB 50ms
50ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/app/page-5e8488c7c451179a.js

Requested by

Host: ghjkkjvsrdcx.vercel.app
URL: https://ghjkkjvsrdcx.vercel.app/_next/static/chunks/webpack-a11adff0ebe57897.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4d29584afe8ad985d6ab1ef63e8a674f42fd0c02d01058047ae0e8989b798c69

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public,max-age=31536000,immutable
content-encoding: br
x-vercel-cache: HIT
etag: W/"6e5d787852da9d6d33b17e4a05bb7689"
age: 623105
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:38 GMT
content-disposition: inline; filename="page-5e8488c7c451179a.js"
content-type: application/javascript; charset=utf-8
server: Vercel
x-vercel-id: iad1::gkpvc-1727267798197-90730d7337b7

GET
H2 200 favicon.ico
ghjkkjvsrdcx.vercel.app/ 25 KB
9 KB 54ms
54ms Other
image/vnd.microsoft.icon 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ghjkkjvsrdcx.vercel.app/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://ghjkkjvsrdcx.vercel.app/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=0, must-revalidate
content-encoding: br
x-vercel-cache: HIT
etag: W/"c30c7d42707a47a3f4591831641e50dc"
age: 623106
access-control-allow-origin: *
date: Wed, 25 Sep 2024 12:36:40 GMT
content-disposition: inline; filename="favicon.ico"
content-type: image/vnd.microsoft.icon
server: Vercel
x-vercel-id: iad1::dq88r-1727267800593-d7e977bfbf7f

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.login.idm.telekom.com
ghjkkjvsrdcx.vercel.app
www.t-online.de
13.32.208.48
62.157.140.200
76.76.21.123
11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932
2ea453d48b7dd499d05805d5dfb8bfc2d2b1f27c5abd4faa3435cf610ee47fbc
323530f83b9323ae4a4cd55b5813189499eaff840e6e56ddbf5c943f47e4e8fb
4d29584afe8ad985d6ab1ef63e8a674f42fd0c02d01058047ae0e8989b798c69
5c39703ca6b9a762a5ed4308ed1722b8361742c4d8a4869ced5c8d6140403f95
7f3369901c2f786441fde72bdd56f18655be575f157f8b95ac5c9ec3527697dd
91a4b8a35a9fc435e23e037633ef04f9839faf1ebc1acb274fa027c4e0e229fb
a4881e7b2d2a0ac75c2828cfa145586a5a2e5609d7d3cdad881deaa668c74d5b
bde37bd430d215e28fb644fc25c3545e22ae51646b52a961a4aaf32e79089b42
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
de7e66e60353cae95be10a48f3e844e359cd4a5e7be2188a0daf89d4202336a6

ghjkkjvsrdcx.vercel.app Open in urlscan Pro 76.76.21.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

176 kBTransfer

418 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

ghjkkjvsrdcx.vercel.app Open in urlscan Pro
76.76.21.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

176 kB
Transfer

418 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!