# amazon-clone-amber-six.vercel.app — SUSPICIOUS

> Investigating amazon-clone-amber-six.vercel.app for brand impersonation phishing (0/95 VirusTotal detections). Avoid inputting credentials or downloading files.

## Summary
PhishDestroy identifies amazon-clone-amber-six.vercel.app as an active brand impersonation domain leveraging Amazon’s likeness to deceive users. The domain employs a Vercel-hosted page mimicking Amazon’s UI to harvest credentials or inject malicious scripts. No public evidence links it to a known drainer kit, but the social engineering tactic suggests a credential theft objective. The operator’s use of Vercel’s infrastructure enables rapid deployment and evasion of initial detection, typical of opportunistic campaigns targeting unsuspecting shoppers or users expecting Amazon correspondence.


Technical indicators confirm this domain as a high-effort threat under active analysis. Registered through Vercel Inc., the domain resolves to IP 64.29.17.131 and operates under a Google Trust Services SSL certificate. VirusTotal analysis shows zero detections (0/95 engines), aligning with its recent deployment and lack of signature-based detection. Google Safe Browsing flags it under SOCIAL_ENGINEERING, indicating confirmed malicious intent. The absence of blocklist records suggests it may be newly active, exploiting gaps in automated defenses.


This domain remains active with an 'under_investigation' status. Immediate action includes blocking 64.29.17.131 at the network perimeter and instructing users to avoid interaction. Users should report access to security teams and verify any 'Amazon' communications via official channels. Remaining risk is HIGH due to evasion tactics and unpatched infrastructure, warranting heightened monitoring and rapid takedown pursuit through Vercel’s abuse channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Vercel Inc.
- IP: 64.29.17.131

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/amazon-clone-amber-six.vercel.app
- PhishDestroy: https://phishdestroy.io/domain/amazon-clone-amber-six.vercel.app/
- LLM endpoint: https://phishdestroy.io/domain/amazon-clone-amber-six.vercel.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amazon-clone-amber-six.vercel.app/
Last updated: 2026-04-04