review-mailvaccount-verifyaccess.vercel.app
Open in
urlscan Pro
76.76.21.123
Malicious Activity!
Public Scan
Effective URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Submission: On April 02 via manual from CH — Scanned from CH
Summary
TLS certificate: Issued by R3 on February 14th 2024. Valid for: 3 months.
This is the only time review-mailvaccount-verifyaccess.vercel.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Protonmail (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 38.62.228.208 38.62.228.208 | 55286 (SERVER-MANIA) (SERVER-MANIA) | |
6 | 76.76.21.123 76.76.21.123 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.107.213.63 13.107.213.63 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 185.70.42.36 185.70.42.36 | 62371 (PROTON) (PROTON) | |
1 2 | 68.219.88.97 68.219.88.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 1 | 204.79.197.200 204.79.197.200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 20.75.32.255 20.75.32.255 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
12 | 5 |
ASN55286 (SERVER-MANIA, CA)
review-mailwaccount-access.hostman.dev |
ASN16509 (AMAZON-02, US)
review-mailvaccount-verifyaccess.vercel.app |
ASN62371 (PROTON, CH)
PTR: 185-70-42-36.protonmail.ch
account.proton.me |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
clarity.ms
1 redirects
www.clarity.ms — Cisco Umbrella Rank: 753 c.clarity.ms — Cisco Umbrella Rank: 1387 b.clarity.ms — Cisco Umbrella Rank: 6394 |
28 KB |
6 |
vercel.app
review-mailvaccount-verifyaccess.vercel.app |
522 KB |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 245 |
764 B |
1 |
proton.me
account.proton.me — Cisco Umbrella Rank: 61310 |
1 KB |
1 |
hostman.dev
1 redirects
review-mailwaccount-access.hostman.dev |
329 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
6 | review-mailvaccount-verifyaccess.vercel.app |
review-mailvaccount-verifyaccess.vercel.app
|
2 | b.clarity.ms |
www.clarity.ms
|
2 | c.clarity.ms | 1 redirects |
2 | www.clarity.ms |
review-mailvaccount-verifyaccess.vercel.app
www.clarity.ms |
1 | c.bing.com | 1 redirects |
1 | account.proton.me |
review-mailvaccount-verifyaccess.vercel.app
|
1 | review-mailwaccount-access.hostman.dev | 1 redirects |
12 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vercel.app R3 |
2024-02-14 - 2024-05-14 |
3 months | crt.sh |
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1 |
2023-12-07 - 2024-12-07 |
a year | crt.sh |
proton.me R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
a.clarity.ms Microsoft Azure TLS Issuing CA 01 |
2024-01-14 - 2024-06-27 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Frame ID: 2C1F8E2F47DD116A6D768C692F1691C1
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Proton Account - Security PortalPage URL History Show full URLs
-
https://review-mailwaccount-access.hostman.dev/?email=
HTTP 302
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://review-mailwaccount-access.hostman.dev/?email=
HTTP 302
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://c.clarity.ms/c.gif HTTP 302
- https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&RedC=c.clarity.ms&MXFR=0C3C96E93CB06B27080782BC38B065D8 HTTP 302
- https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&MUID=38F846FB00A36233287952AE01A86383
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ Redirect Chain
|
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.bundle.js
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ |
620 KB 182 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ |
204 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jdicyok9o8
www.clarity.ms/tag/ |
650 B 1015 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
170a1a5fb468cdaa91bf.jpg
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ |
72 KB 72 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
host.png
account.proton.me/assets/ |
42 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba4caefcdf5b36b438db.woff2
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ |
222 KB 222 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clarity.js
www.clarity.ms/s/0.7.26/ |
60 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.clarity.ms/ Redirect Chain
|
42 B 464 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
b.clarity.ms/ |
0 323 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/assets/ |
33 KB 6 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
b.clarity.ms/ |
0 323 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Protonmail (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal function| clarity12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
account.proton.me/ | Name: Domain Value: proton.me |
|
account.proton.me/ | Name: Tag Value: default |
|
www.clarity.ms/ | Name: CLID Value: ede1aac6a9284322985916fd603b9945.20240402.20250402 |
|
.review-mailvaccount-verifyaccess.vercel.app/ | Name: _clck Value: 4tf9td%7C2%7Cfkl%7C0%7C1553 |
|
.review-mailvaccount-verifyaccess.vercel.app/ | Name: _clsk Value: 18c1u1e%7C1712046305971%7C1%7C1%7Cb.clarity.ms%2Fcollect |
|
.bing.com/ | Name: MUID Value: 38F846FB00A36233287952AE01A86383 |
|
.c.bing.com/ | Name: MR Value: 0 |
|
.c.bing.com/ | Name: SRM_B Value: 38F846FB00A36233287952AE01A86383 |
|
.c.clarity.ms/ | Name: SM Value: C |
|
.clarity.ms/ | Name: MUID Value: 38F846FB00A36233287952AE01A86383 |
|
.c.clarity.ms/ | Name: MR Value: 0 |
|
.c.clarity.ms/ | Name: ANONCHK Value: 0 |
15 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account.proton.me
b.clarity.ms
c.bing.com
c.clarity.ms
review-mailvaccount-verifyaccess.vercel.app
review-mailwaccount-access.hostman.dev
www.clarity.ms
13.107.213.63
185.70.42.36
20.75.32.255
204.79.197.200
38.62.228.208
68.219.88.97
76.76.21.123
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
199e70ac12dc6b193a5c41c0b91223fac7a73f11b2fe95fdbb36e0d1a3a114cd
39e5fa5f875fafb5b0b74537728b1f4d21db329da0c6c1cfa37947ceebd7f925
5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d
96ccf3523e3e403ceb93a7fa39510aaf67b6db7375a89b4d777652dd3486395d
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9dcebc67d1df9a7afdee37ae8e055dc658aa7a449d99bd929050101ea6d4b4e2
e1e52399a4c864d6809c26023c13e5d5b37bffbd43343382f02dfbb856b83e67
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8821e3987460bf773ae61eb9e0be49779c58741e414023aca891a11977a9a6e