![](/screenshots/9b5d4b39-3f3c-48cc-ac2f-17bb541a3652.png)
main.d3lqtddfsbdi2v.amplifyapp.com
Open in
urlscan Pro
13.227.219.51
Malicious Activity!
Public Scan
Effective URL: https://main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/index.html
Submission: On December 04 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time main.d3lqtddfsbdi2v.amplifyapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
23 | 13.227.219.51 13.227.219.51 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2620:1ec:bdf::45 2620:1ec:bdf::45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 195.201.57.90 195.201.57.90 | 24940 (HETZNER-AS) (HETZNER-AS) | |
3 | 20.122.63.128 20.122.63.128 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 2 | 68.219.88.97 68.219.88.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 1 | 2620:1ec:c11:... 2620:1ec:c11::200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
30 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-51.ams54.r.cloudfront.net
main.d3lqtddfsbdi2v.amplifyapp.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.90.57.201.195.clients.your-server.de
ipwho.is |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
amplifyapp.com
main.d3lqtddfsbdi2v.amplifyapp.com |
798 KB |
7 |
clarity.ms
1 redirects
www.clarity.ms — Cisco Umbrella Rank: 796 p.clarity.ms — Cisco Umbrella Rank: 7833 c.clarity.ms — Cisco Umbrella Rank: 1377 |
28 KB |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 228 |
759 B |
1 |
ipwho.is
ipwho.is — Cisco Umbrella Rank: 63095 |
1013 B |
30 | 4 |
Domain | Requested by | |
---|---|---|
23 | main.d3lqtddfsbdi2v.amplifyapp.com |
main.d3lqtddfsbdi2v.amplifyapp.com
|
3 | p.clarity.ms |
www.clarity.ms
|
2 | c.clarity.ms | 1 redirects |
2 | www.clarity.ms |
main.d3lqtddfsbdi2v.amplifyapp.com
www.clarity.ms |
1 | c.bing.com | 1 redirects |
1 | ipwho.is |
main.d3lqtddfsbdi2v.amplifyapp.com
|
30 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.d3lqtddfsbdi2v.amplifyapp.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1 |
2023-08-29 - 2024-08-29 |
a year | crt.sh |
ipwho.is GoGetSSL ECC DV CA |
2023-04-05 - 2024-04-05 |
a year | crt.sh |
a.clarity.ms Microsoft Azure TLS Issuing CA 06 |
2023-02-13 - 2024-02-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/index.html
Frame ID: 8FB4B2E46DBBFAFE5239BA0B62E06C66
Requests: 31 HTTP requests in this frame
Screenshot
![](/screenshots/9b5d4b39-3f3c-48cc-ac2f-17bb541a3652.png)
Page Title
Device Err00r Code #B9PwNn100d7Page URL History Show full URLs
- https://main.d3lqtddfsbdi2v.amplifyapp.com/?gclid=EAIaIQobChMIp8H915jBggMV9szCBB1dXwdeEAMYASAAEgKHYvD_BwE Page URL
- https://main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/index.html Page URL
Detected technologies
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://main.d3lqtddfsbdi2v.amplifyapp.com/?gclid=EAIaIQobChMIp8H915jBggMV9szCBB1dXwdeEAMYASAAEgKHYvD_BwE Page URL
- https://main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 27- https://c.clarity.ms/c.gif HTTP 302
- https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4D9819BC1E984D9FA1893569F26AFFDB&RedC=c.clarity.ms&MXFR=0E329BCAE013632403208817E4136D64 HTTP 302
- https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D9819BC1E984D9FA1893569F26AFFDB&MUID=2F35033600516A9126CC10EB01516B4C
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
main.d3lqtddfsbdi2v.amplifyapp.com/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
24 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tapa.css
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-1.4.4.min.js
main.d3lqtddfsbdi2v.amplifyapp.com/ |
77 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
452 KB 452 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mnc.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
187 B 482 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msmm.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
168 B 462 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
set.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
364 B 658 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vsc.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
722 B 1016 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bx1.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
97 KB 97 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bel.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
276 B 572 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pcm.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dm.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
332 B 626 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cs.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nvidia.js
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jupiter.js
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
503 B 799 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i92631h1ap
www.clarity.ms/tag/ |
668 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ipwho.is/ |
741 B 1013 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
349 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mnc.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
187 B 481 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msmm.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
168 B 462 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
set.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
364 B 658 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vsc.png
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
722 B 1016 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
_Fm7-alert.mp3
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
196 KB 196 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ai2.mp3
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
webs.mp4
main.d3lqtddfsbdi2v.amplifyapp.com/Win08Ay0Er08d8d77/ |
0 0 |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clarity.js
www.clarity.ms/s/0.7.20/ |
60 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
p.clarity.ms/ |
0 314 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.clarity.ms/ Redirect Chain
|
42 B 441 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
p.clarity.ms/ |
0 314 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
collect
p.clarity.ms/ |
0 314 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| clarity object| t function| toggleFullScreen function| addEvent object| modal object| btn undefined| span number| e number| isNS function| mischandler function| mousehandler function| win_onkeydown_handler string| ipadd string| city string| country string| isp string| currtime10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.clarity.ms/ | Name: CLID Value: b3419fe5653240598b69e762e13213bd.20231204.20241203 |
|
.amplifyapp.com/ | Name: _clck Value: kmxadd%7C2%7Cfh9%7C0%7C1433 |
|
.amplifyapp.com/ | Name: _clsk Value: n1vwsf%7C1701720554609%7C1%7C1%7Cp.clarity.ms%2Fcollect |
|
.bing.com/ | Name: MUID Value: 2F35033600516A9126CC10EB01516B4C |
|
.c.bing.com/ | Name: MR Value: 0 |
|
.c.bing.com/ | Name: SRM_B Value: 2F35033600516A9126CC10EB01516B4C |
|
.c.clarity.ms/ | Name: SM Value: C |
|
.clarity.ms/ | Name: MUID Value: 2F35033600516A9126CC10EB01516B4C |
|
.c.clarity.ms/ | Name: MR Value: 0 |
|
.c.clarity.ms/ | Name: ANONCHK Value: 0 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.bing.com
c.clarity.ms
ipwho.is
main.d3lqtddfsbdi2v.amplifyapp.com
p.clarity.ms
www.clarity.ms
13.227.219.51
195.201.57.90
20.122.63.128
2620:1ec:bdf::45
2620:1ec:c11::200
68.219.88.97
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
22b2c21cd86ff8e53b784c5e40608872a0666f3682d1331829eb8a643f50b3e4
2eafb93159b1df103bfca1f223350fdbec07e0be6a69798e7cb3ca93192985d3
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977
4eaf7b7f53ea1a27a22bae168f560d9dc78dc2e2185162be9ee4db59e1e1065a
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
728e2716362f3c3581d3fe1fe6bbb7c4dbe0beba60451678b5792d2ade11c8bf
73310aa233204005c5d97ccd8b6c8c06dda83205f1de6571aa798400fb5bedeb
7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5
93ab9ddc223156f5f4ba7ff8fc14a885e9b5946fc10917571022d7c2d9a08886
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348
c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
dfd4911ee44bb9bef48dbcdd8eb22375e57e314d8626120c4bdd65d4ff60d69b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65