auth-connect.live
Open in
urlscan Pro
206.189.52.23
Malicious Activity!
Public Scan
Effective URL: https://auth-connect.live/connect/
Submission: On June 30 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by R3 on June 27th 2022. Valid for: 3 months.
This is the only time auth-connect.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 206.189.52.23 206.189.52.23 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
12 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
auth-connect.live
1 redirects
auth-connect.live |
1 MB |
12 | 1 |
Domain | Requested by | |
---|---|---|
13 | auth-connect.live |
1 redirects
auth-connect.live
|
12 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.auth-connect.live R3 |
2022-06-27 - 2022-09-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth-connect.live/connect/
Frame ID: 95E93B855188BAC176FC04D21C2A7EFC
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://auth-connect.live/connect/
HTTP 301
https://auth-connect.live/connect/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://auth-connect.live/connect/
HTTP 301
https://auth-connect.live/connect/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
auth-connect.live/connect/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.fca70a1b.chunk.css
auth-connect.live/static/css/ |
383 KB 49 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.8959c43d.chunk.css
auth-connect.live/static/css/ |
2 KB 905 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.27d28d70.chunk.js
auth-connect.live/static/js/ |
371 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.8e9b296d.chunk.js
auth-connect.live/static/js/ |
407 KB 270 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask.69ce6b56.png
auth-connect.live/static/media/ |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto.500937c7.png
auth-connect.live/static/media/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trustwallet.66f87775.png
auth-connect.live/static/media/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
safemoon.604f76f6.jpg
auth-connect.live/static/media/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
atomic.4c02d2b3.png
auth-connect.live/static/media/ |
432 KB 432 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phantom.28da7a1d.jpg
auth-connect.live/static/media/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blockchain.335e0da6.png
auth-connect.live/static/media/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonpconnectwallet object| scCGSHMRCache object| regeneratorRuntime1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
auth-connect.live/ | Name: walletName Value: "others" |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth-connect.live
206.189.52.23
007d181222c464fe26ce56dccd6793d9288d9dfc11ecae68fad29db72c2c782f
40348a3efc349ddfa486bcf4061f0a11b9bafa95354e81414ba3520b8726d83a
4857444ed08cfd29e5282e5b7012e047b777998c0375a4ff53454163dcf90aa7
663d35a3d897c47e87516ff63f3913ef3025c3b13b01ad056d00ba856172d8b7
6bf8adc0f5815fa6e3c9e64fff4fb268fdbdb6f624750660fb7f80e3e2d981f1
7476a21b74902db49c1f35727a02d20fa78acc4dc0662daee1ec6d29da2b4273
7f8ca27957b9c11eb5258bc322ccfe39c1fd540886f003650c228b20613a4574
8aeda38ebc65bdf0f1510a228d3110a69c66147cd0e1523d932df039499a3091
905e608a2f4aeaa6aad215988f7e3426a935986b0adb556cf2e1e548748f0a7b
986c650b40370229a537901f4a71b2d0d6622e9ba05457dcc1cbaf7cf0da70f8
9c3f44ce4f71e590aa788b15ede361051d5483581dc8731bb2faf5439ca5c362
a58785e444b7cbbbfa612aa6b0c9e090cfd4334960ffcc797f295fa2f0b7e32d
bd788a344b730f166983ebd68bd690a8b697c04ead53ce4f10c20ba3a0fa8136
da601b8945da849200eb3defcca77e1adbb8b4740a96bbc19965924d8fb6a63b
f433caf85f383751af30f5e44f7004096a116cef69cb43db587a526e2cb4ce4f