# amazon-clone-pi-amber.vercel.app — MALICIOUS > Investigate the fake Amazon login phishing domain amazon-clone-pi-amber.vercel.app flagged by 22 security vendors. Check the full report. ## Summary PhishDestroy identifies the domain amazon-clone-pi-amber.vercel.app as an active phishing page engineered to impersonate Amazon’s official login portal. The page is designed to harvest user credentials and payment details through a spoofed checkout interface, indicating the deployment of a credential and financial drainer kit. No specific malware family or custom toolkit is publicly attributed, but the page’s structure closely mimics Amazon’s branding and UI flow to increase deception. The threat actor leverages Vercel’s hosting platform to rapidly deploy and rotate the infrastructure, likely aiming for short-lived campaigns to evade detection. This domain was flagged by PhishDestroy’s automated pipeline and subsequently verified through multiple threat intelligence sources. VirusTotal analysis shows 22 out of 95 security vendors detecting this domain as malicious. The site is registered through Vercel Inc. and resolves to IP address 216.198.79.67. Google Safe Browsing categorizes the domain under SOCIAL_ENGINEERING, confirming intent to deceive users through impersonation. The SSL certificate is issued by Google Trust Services, which may lend false legitimacy to the phishing site. The domain appears on one known blocklist and is actively blocked by OpenPhish, indicating widespread recognition of its malicious intent. As of the latest scan, the domain remains ACTIVE and accessible via verified URLs. Immediate remediation actions include continued blocking at DNS and network levels and submission to Google Safe Browsing for de-listing. Despite these measures, the domain continues to pose a HIGH risk due to its convincing impersonation of Amazon and the potential for credential theft or fraudulent transactions. Users are strongly advised to avoid interacting with any links referencing this domain, verify all URLs before entering credentials, and report suspicious activity to Amazon and their security teams. The persistent accessibility of the site underscores the need for ongoing vigilance and layered defense strategies. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Vercel Inc. - IP: 216.198.79.67 ## Detection Status - VirusTotal: 22 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 1 hits Lists: ["OpenPhish"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/amazon-clone-pi-amber.vercel.app - PhishDestroy: https://phishdestroy.io/domain/amazon-clone-pi-amber.vercel.app/ - LLM endpoint: https://phishdestroy.io/domain/amazon-clone-pi-amber.vercel.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/amazon-clone-pi-amber.vercel.app/ Last updated: 2026-04-02