urlscan.io logo urlscan.io
SecurityTrails logo

review-mailvaccount-verifyaccess.vercel.app Open in urlscan Pro
76.76.21.123  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://review-mailwaccount-access.hostman.dev/?email=
Effective URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Submission: On April 02 via manual from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 76.76.21.123, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is review-mailvaccount-verifyaccess.vercel.app.
TLS certificate: Issued by R3 on February 14th 2024. Valid for: 3 months.
This is the only time review-mailvaccount-verifyaccess.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Protonmail (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 38.62.228.208 55286 (SERVER-MANIA)
6 76.76.21.123 16509 (AMAZON-02)
2 13.107.213.63 8075 (MICROSOFT...)
1 185.70.42.36 62371 (PROTON)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 204.79.197.200 8068 (MICROSOFT...)
2 20.75.32.255 8075 (MICROSOFT...)
12 5
1    38.62.228.208 (Piscataway, United States)

ASN55286 (SERVER-MANIA, CA)
review-mailwaccount-access.hostman.dev
6    76.76.21.123 (Walnut, United States)

ASN16509 (AMAZON-02, US)
review-mailvaccount-verifyaccess.vercel.app
2    13.107.213.63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    185.70.42.36 (Switzerland)

ASN62371 (PROTON, CH)
PTR: 185-70-42-36.protonmail.ch
account.proton.me
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
2    20.75.32.255 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
b.clarity.ms
Apex Domain
Subdomains		 Transfer
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 753
c.clarity.ms — Cisco Umbrella Rank: 1387
b.clarity.ms — Cisco Umbrella Rank: 6394
28 KB
6 vercel.app
review-mailvaccount-verifyaccess.vercel.app
522 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 245
764 B
1 proton.me
account.proton.me — Cisco Umbrella Rank: 61310
1 KB
1 hostman.dev
review-mailwaccount-access.hostman.dev
329 B
12 5
Domain Requested by
6 review-mailvaccount-verifyaccess.vercel.app review-mailvaccount-verifyaccess.vercel.app
2 b.clarity.ms www.clarity.ms
2 c.clarity.ms 1 redirects
2 www.clarity.ms review-mailvaccount-verifyaccess.vercel.app
www.clarity.ms
1 c.bing.com 1 redirects
1 account.proton.me review-mailvaccount-verifyaccess.vercel.app
1 review-mailwaccount-access.hostman.dev 1 redirects
12 7

This site contains no links.

Subject Issuer Validity Valid
*.vercel.app
R3		 2024-02-14 -
2024-05-14		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
proton.me
R3		 2024-02-01 -
2024-05-01		 3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01		 2024-01-14 -
2024-06-27		 5 months crt.sh

This page contains 1 frames:

Primary Page: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Frame ID: 2C1F8E2F47DD116A6D768C692F1691C1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Proton Account - Security Portal

Page URL History Show full URLs

  1. https://review-mailwaccount-access.hostman.dev/?email= HTTP 302
    https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined Page URL

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

5
IPs

3
Countries

550 kB
Transfer

1218 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://review-mailwaccount-access.hostman.dev/?email= HTTP 302
    https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&RedC=c.clarity.ms&MXFR=0C3C96E93CB06B27080782BC38B065D8 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&MUID=38F846FB00A36233287952AE01A86383

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/
Redirect Chain
  • https://review-mailwaccount-access.hostman.dev/?email=
  • https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
199e70ac12dc6b193a5c41c0b91223fac7a73f11b2fe95fdbb36e0d1a3a114cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-CH,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
age
0
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="remove-hidden-apps"
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 02 Apr 2024 08:25:02 GMT
etag
W/"5e34bba39dd56e890ee6238a152e19dc"
server
Vercel
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-vercel-cache
HIT
x-vercel-id
fra1::bwv56-1712046302259-0b21150ed952

Redirect headers

Connection
keep-alive
Content-Length
262
Content-Type
text/html; charset=utf-8
Date
Tue, 02 Apr 2024 08:25:01 GMT
Location
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept
X-Powered-By
Express
index.bundle.js
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ 		620 KB
182 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.bundle.js
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
e1e52399a4c864d6809c26023c13e5d5b37bffbd43343382f02dfbb856b83e67
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:02 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::fkq97-1712046302680-f7dc3f7f0c3a
age
0
etag
W/"63570500bd3f5c4991d6e46523b8f2bd"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index.bundle.js"
index.css
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ 		204 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9dcebc67d1df9a7afdee37ae8e055dc658aa7a449d99bd929050101ea6d4b4e2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:02 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::n449b-1712046302634-2e2ef0a9b5c9
age
0
etag
W/"fd45056417c2195b655514ded95b0d82"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index.css"
jdicyok9o8
www.clarity.ms/tag/ 		650 B
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/jdicyok9o8
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.213.63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
39e5fa5f875fafb5b0b74537728b1f4d21db329da0c6c1cfa37947ceebd7f925

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Tue, 02 Apr 2024 08:25:04 GMT
x-azure-ref
20240402T082504Z-hcerzxxgdt3cvdyhnxxy4bmgdg0000000hx0000000004nb2
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
650
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
170a1a5fb468cdaa91bf.jpg
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/170a1a5fb468cdaa91bf.jpg
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
96ccf3523e3e403ceb93a7fa39510aaf67b6db7375a89b4d777652dd3486395d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::bvv92-1712046303224-f7f50f83a157
age
0
etag
"d3f7256300a1238986e29e1934c2189c"
x-vercel-cache
HIT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="170a1a5fb468cdaa91bf.jpg"
accept-ranges
bytes
content-length
74017
host.png
account.proton.me/assets/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.proton.me/assets/host.png
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.70.42.36 , Switzerland, ASN62371 (PROTON, CH),
Reverse DNS
185-70-42-36.protonmail.ch
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob: https://proton.me https://*.protonmail.com; script-src 'self' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: data: https://www.youtube-nocookie.com https://account-api.proton.me; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://verify.proton.me https://mail.proton.me https://calendar.proton.me https://drive.proton.me https://account-api.proton.me;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:03 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob: https://proton.me https://*.protonmail.com; script-src 'self' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: data: https://www.youtube-nocookie.com https://account-api.proton.me; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://verify.proton.me https://mail.proton.me https://calendar.proton.me https://drive.proton.me https://account-api.proton.me;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Tue, 02 Apr 2024 07:58:18 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
etag
"2a-6151878105a80"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
public-key-pins-report-only
pin-sha256="CT56BhOTmj5ZIPgb/xD5mH8rY3BLo/MlhP7oPyJUEDo="; pin-sha256="35Dx28/uzN3LeltkCBQ8RHK0tlNSa2kCpCRGNp34Gxc="; report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
accept-ranges
bytes
content-length
42
x-xss-protection
0
ba4caefcdf5b36b438db.woff2
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ 		222 KB
222 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/ba4caefcdf5b36b438db.woff2?v=3.19
Requested by
Host: review-mailvaccount-verifyaccess.vercel.app
URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/index.css
Origin
https://review-mailvaccount-verifyaccess.vercel.app
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::4zz8w-1712046303262-b907cca53436
age
0
etag
"66c6e40883646a7ad993108b2ce2da32"
x-vercel-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="ba4caefcdf5b36b438db.woff2"
accept-ranges
bytes
content-length
227180
clarity.js
www.clarity.ms/s/0.7.26/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.26/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jdicyok9o8
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.213.63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5d0a9506ee0c2e64325d59451eff05b24df4cd07dc65f300b3bc39e28379640d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:04 GMT
content-encoding
br
last-modified
Wed, 27 Mar 2024 19:34:44 GMT
etag
W/"0x8DC4E94F45C2BE5"
vary
Accept-Encoding
x-azure-ref
20240402T082504Z-hcerzxxgdt3cvdyhnxxy4bmgdg0000000hx0000000004nb8
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
2dd79675-101e-0028-7e99-804f73000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&RedC=c.clarity.ms&MXFR=0C3C96E93CB06B27080782BC38B065D8
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&MUID=38F846FB00A36233287952AE01A86383
42 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&MUID=38F846FB00A36233287952AE01A86383
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 02 Apr 2024 08:25:05 GMT
last-modified
Fri, 01 Mar 2024 22:54:48 GMT
server
Microsoft-IIS/10.0
etag
"3e26b762b6cda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Tue, 02 Apr 2024 08:25:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E344B06BC5B947098AE26E843CA1FEDC Ref B: GVA30EDGE0111 Ref C: 2024-04-02T08:25:06Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3CE85510DFAC4EF38E269063D7EEDDD8&MUID=38F846FB00A36233287952AE01A86383
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
b.clarity.ms/ 		0
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://review-mailvaccount-verifyaccess.vercel.app
Date
Tue, 02 Apr 2024 08:25:05 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
favicon.ico
review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/assets/ 		33 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/assets/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
f8821e3987460bf773ae61eb9e0be49779c58741e414023aca891a11977a9a6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Apr 2024 08:25:05 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::n449b-1712046305227-6d505c657097
age
0
etag
W/"2eba6c0dd278db2c1e36c7e8bddcdc37"
x-vercel-cache
HIT
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="favicon.ico"
collect
b.clarity.ms/ 		0
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.26/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
https://review-mailvaccount-verifyaccess.vercel.app/
accept-language
de-CH,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://review-mailvaccount-verifyaccess.vercel.app
Date
Tue, 02 Apr 2024 08:25:06 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Protonmail (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| clarity

12 Cookies

Domain/Path Name / Value
account.proton.me/ Name: Domain
Value: proton.me
account.proton.me/ Name: Tag
Value: default
www.clarity.ms/ Name: CLID
Value: ede1aac6a9284322985916fd603b9945.20240402.20250402
.review-mailvaccount-verifyaccess.vercel.app/ Name: _clck
Value: 4tf9td%7C2%7Cfkl%7C0%7C1553
.review-mailvaccount-verifyaccess.vercel.app/ Name: _clsk
Value: 18c1u1e%7C1712046305971%7C1%7C1%7Cb.clarity.ms%2Fcollect
.bing.com/ Name: MUID
Value: 38F846FB00A36233287952AE01A86383
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 38F846FB00A36233287952AE01A86383
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 38F846FB00A36233287952AE01A86383
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

15 Console Messages

Source Level URL
Text
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://review-mailvaccount-verifyaccess.vercel.app/account-mail/remove-hidden-apps/?email=&utm=undefined
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload