urlscan.io logo urlscan.io
SecurityTrails logo

newdevice-removal.vercel.app Open in urlscan Pro
76.76.21.142  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Submission: On June 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 76.76.21.142, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is newdevice-removal.vercel.app.
TLS certificate: Issued by R3 on April 15th 2024. Valid for: 3 months.
This is the only time newdevice-removal.vercel.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Protonmail (Online)

Domain & IP information

IP Address AS Autonomous System
6 76.76.21.142 16509 (AMAZON-02)
2 2620:1ec:bdf::43 8075 (MICROSOFT...)
1 185.70.42.36 62371 (PROTON)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 20.122.63.128 8075 (MICROSOFT...)
11 5
6    76.76.21.142 (Walnut, United States)

ASN16509 (AMAZON-02, US)
newdevice-removal.vercel.app
2    2620:1ec:bdf::43 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    185.70.42.36 (Switzerland)

ASN62371 (PROTON, CH)
PTR: 185-70-42-36.protonmail.ch
account.proton.me
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
1    20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
p.clarity.ms
Apex Domain
Subdomains		 Transfer
6 vercel.app
newdevice-removal.vercel.app
522 KB
5 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 783
c.clarity.ms — Cisco Umbrella Rank: 1541
p.clarity.ms — Cisco Umbrella Rank: 7031
28 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 231
760 B
1 proton.me
account.proton.me — Cisco Umbrella Rank: 62175
1 KB
11 4
Domain Requested by
6 newdevice-removal.vercel.app newdevice-removal.vercel.app
2 c.clarity.ms 1 redirects
2 www.clarity.ms newdevice-removal.vercel.app
www.clarity.ms
1 p.clarity.ms www.clarity.ms
1 c.bing.com 1 redirects
1 account.proton.me newdevice-removal.vercel.app
11 6

This site contains no links.

Subject Issuer Validity Valid
*.vercel.app
R3		 2024-04-15 -
2024-07-14		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
proton.me
R3		 2024-05-14 -
2024-08-12		 3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01		 2024-01-14 -
2024-06-27		 5 months crt.sh

This page contains 1 frames:

Primary Page: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Frame ID: CC1468C022337FB3145420117F841076
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Proton Account - Security Portal

Page Statistics

11
Requests

91 %
HTTPS

33 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

550 kB
Transfer

1219 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&RedC=c.clarity.ms&MXFR=2E2EED4AC87C6EA6156CF9DFCC7C6085 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&MUID=1946AA5901E3647835AEBECC003165CB

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
newdevice-removal.vercel.app/ 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
199e70ac12dc6b193a5c41c0b91223fac7a73f11b2fe95fdbb36e0d1a3a114cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
age
1647794
cache-control
public, max-age=0, must-revalidate
content-disposition
inline
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 05 Jun 2024 22:30:14 GMT
etag
W/"5e34bba39dd56e890ee6238a152e19dc"
server
Vercel
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-vercel-cache
HIT
x-vercel-id
fra1::nbghs-1717626614360-f016956bbb1d
index.bundle.js
newdevice-removal.vercel.app/ 		620 KB
182 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newdevice-removal.vercel.app/index.bundle.js
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
866245a706c45deb92db6c491ee83ade592bcadc69d4ce7267fb4f3b98198cde
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:14 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::nbghs-1717626614404-686106c51d43
age
1647793
etag
W/"c1fb008baedbce5635659ed7d690e39d"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index.bundle.js"
index.css
newdevice-removal.vercel.app/ 		204 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://newdevice-removal.vercel.app/index.css
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9dcebc67d1df9a7afdee37ae8e055dc658aa7a449d99bd929050101ea6d4b4e2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:14 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::6jhmr-1717626614399-0f38cdf8ead7
age
1647793
etag
W/"fd45056417c2195b655514ded95b0d82"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index.css"
hidwqtxmpa
www.clarity.ms/tag/ 		637 B
1002 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/hidwqtxmpa
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/index.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fcf81eb45de1a406d766c6e908edbeafe9e3800c24e7b12f4834734fa933adac

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Wed, 05 Jun 2024 22:30:15 GMT
x-azure-ref
20240605T223015Z-r1695cb7469mwjmc5twr4rranc00000004300000000179t7
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
637
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
170a1a5fb468cdaa91bf.jpg
newdevice-removal.vercel.app/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://newdevice-removal.vercel.app/170a1a5fb468cdaa91bf.jpg
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
96ccf3523e3e403ceb93a7fa39510aaf67b6db7375a89b4d777652dd3486395d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/index.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::jknxg-1717626614570-07bf988e6d60
age
130090
etag
"d3f7256300a1238986e29e1934c2189c"
x-vercel-cache
HIT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="170a1a5fb468cdaa91bf.jpg"
accept-ranges
bytes
content-length
74017
host.png
account.proton.me/assets/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.proton.me/assets/host.png
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.70.42.36 , Switzerland, ASN62371 (PROTON, CH),
Reverse DNS
185-70-42-36.protonmail.ch
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob: https://proton.me https://*.protonmail.com; script-src 'self' 'wasm-unsafe-eval' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: data: https://www.youtube-nocookie.com https://account-api.proton.me; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://verify.proton.me https://mail.proton.me https://calendar.proton.me https://drive.proton.me https://account-api.proton.me;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:24:22 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob: https://proton.me https://*.protonmail.com; script-src 'self' 'wasm-unsafe-eval' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: data: https://www.youtube-nocookie.com https://account-api.proton.me; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://verify.proton.me https://mail.proton.me https://calendar.proton.me https://drive.proton.me https://account-api.proton.me;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Mon, 03 Jun 2024 13:23:57 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
age
352
etag
"2a-619fc3ed71540"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
public-key-pins-report-only
pin-sha256="CT56BhOTmj5ZIPgb/xD5mH8rY3BLo/MlhP7oPyJUEDo="; pin-sha256="35Dx28/uzN3LeltkCBQ8RHK0tlNSa2kCpCRGNp34Gxc="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
content-length
42
x-xss-protection
0
ba4caefcdf5b36b438db.woff2
newdevice-removal.vercel.app/ 		222 KB
222 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://newdevice-removal.vercel.app/ba4caefcdf5b36b438db.woff2?v=3.19
Requested by
Host: newdevice-removal.vercel.app
URL: https://newdevice-removal.vercel.app/index.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/index.css
Origin
https://newdevice-removal.vercel.app
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::q675m-1717626614598-82c57f5b6b3e
age
1647779
etag
"66c6e40883646a7ad993108b2ce2da32"
x-vercel-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="ba4caefcdf5b36b438db.woff2"
accept-ranges
bytes
content-length
227180
clarity.js
www.clarity.ms/s/0.7.32/ 		61 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.32/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hidwqtxmpa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::43 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:15 GMT
content-encoding
br
last-modified
Fri, 10 May 2024 17:30:20 GMT
etag
W/"0x8DC7116DE09E645"
vary
Accept-Encoding
x-azure-ref
20240605T223015Z-r1695cb7469mwjmc5twr4rranc00000004300000000179tg
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
6c728f9f-801e-0015-2192-b53968000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&RedC=c.clarity.ms&MXFR=2E2EED4AC87C6EA6156CF9DFCC7C6085
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&MUID=1946AA5901E3647835AEBECC003165CB
42 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&MUID=1946AA5901E3647835AEBECC003165CB
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://newdevice-removal.vercel.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Jun 2024 22:30:15 GMT
last-modified
Fri, 01 Mar 2024 22:54:48 GMT
server
Microsoft-IIS/10.0
etag
"3e26b762b6cda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Wed, 05 Jun 2024 22:30:14 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8BD413273BAA449999A7A566AAC23552 Ref B: FRAEDGE2022 Ref C: 2024-06-05T22:30:15Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=339C0F5CCBE240AEA3A29A6E62AA87AE&MUID=1946AA5901E3647835AEBECC003165CB
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
favicon.ico
newdevice-removal.vercel.app/assets/ 		33 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://newdevice-removal.vercel.app/assets/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.142 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
f8821e3987460bf773ae61eb9e0be49779c58741e414023aca891a11977a9a6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 22:30:15 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
Vercel
x-vercel-id
fra1::jknxg-1717626615270-49f8f5f7a6f8
age
130091
etag
W/"2eba6c0dd278db2c1e36c7e8bddcdc37"
x-vercel-cache
HIT
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="favicon.ico"
collect
p.clarity.ms/ 		0
308 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://p.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/x-clarity-gzip
Referer
https://newdevice-removal.vercel.app/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://newdevice-removal.vercel.app
Date
Wed, 05 Jun 2024 22:30:15 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Protonmail (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| clarity

12 Cookies

Domain/Path Name / Value
account.proton.me/ Name: Domain
Value: proton.me
account.proton.me/ Name: Tag
Value: default
www.clarity.ms/ Name: CLID
Value: f0e1dbd733974f459af442d9dbb6ee2e.20240605.20250605
.newdevice-removal.vercel.app/ Name: _clck
Value: 17scjuo%7C2%7Cfmd%7C0%7C1617
.bing.com/ Name: MUID
Value: 1946AA5901E3647835AEBECC003165CB
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 1946AA5901E3647835AEBECC003165CB
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 1946AA5901E3647835AEBECC003165CB
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.newdevice-removal.vercel.app/ Name: _clsk
Value: 1jwn8vn%7C1717626615913%7C1%7C1%7Cp.clarity.ms%2Fcollect

15 Console Messages

Source Level URL
Text
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://newdevice-removal.vercel.app/?email=e*******@p*********.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload