![](/screenshots/7184caf1-f500-4a6e-b945-63b8cc18651a.png)
connect-accounts.com
Open in
urlscan Pro
162.215.230.4
Malicious Activity!
Public Scan
Submission: On January 07 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on December 26th 2022. Valid for: 3 months.
This is the only time connect-accounts.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 162.215.230.4 162.215.230.4 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:e4:... 2606:4700:e4::ac40:a916 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 23.4.233.232 23.4.233.232 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 45.79.77.20 45.79.77.20 | 63949 (AKAMAI-AP...) (AKAMAI-AP Akamai Technologies) | |
21 | 7 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-215-230-4.unifiedlayer.com
connect-accounts.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-4-233-232.deploy.static.akamaitechnologies.com
online.citi.com |
ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: li1176-20.members.linode.com
jsonip.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
connect-accounts.com
connect-accounts.com |
56 KB |
6 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3242 ka-f.fontawesome.com — Cisco Umbrella Rank: 5927 |
182 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 488 |
49 KB |
1 |
jsonip.com
jsonip.com — Cisco Umbrella Rank: 25176 |
447 B |
1 |
citi.com
online.citi.com — Cisco Umbrella Rank: 29621 |
106 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 356 |
28 KB |
21 | 6 |
Domain | Requested by | |
---|---|---|
10 | connect-accounts.com |
connect-accounts.com
|
5 | ka-f.fontawesome.com |
kit.fontawesome.com
connect-accounts.com |
2 | cdn.jsdelivr.net |
connect-accounts.com
|
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | online.citi.com |
connect-accounts.com
|
1 | kit.fontawesome.com |
connect-accounts.com
|
1 | cdnjs.cloudflare.com |
connect-accounts.com
|
21 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
connect-accounts.com R3 |
2022-12-26 - 2023-03-26 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-22 - 2023-12-23 |
a year | crt.sh |
online.citibank.com DigiCert SHA2 Extended Validation Server CA |
2022-05-03 - 2023-05-16 |
a year | crt.sh |
jsonip.com R3 |
2022-11-12 - 2023-02-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://connect-accounts.com/login/?verify
Frame ID: 42EAD5E38CECB8E9E594ED8BC23372CD
Requests: 21 HTTP requests in this frame
Screenshot
![](/screenshots/7184caf1-f500-4a6e-b945-63b8cc18651a.png)
Page Title
Sign On to Your Citi AccountDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
connect-accounts.com/login/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/ |
160 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/ |
76 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
code.js
connect-accounts.com/login/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3139285c05.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
connect-accounts.com/login/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
connect-accounts.com/login/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
house.png
connect-accounts.com/login/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gplay.png
connect-accounts.com/login/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
astore.png
connect-accounts.com/login/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f.png
connect-accounts.com/login/ |
445 B 704 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.png
connect-accounts.com/login/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
y.png
connect-accounts.com/login/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
823 B 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LSO_4959.jpg
online.citi.com/nga-lite-signon/ |
106 KB 106 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.2.1/webfonts/ |
147 KB 148 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
146 B 447 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange number| uidEvent object| bootstrap function| $ function| jQuery object| FontAwesomeKitConfig number| count0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
connect-accounts.com
jsonip.com
ka-f.fontawesome.com
kit.fontawesome.com
online.citi.com
162.215.230.4
23.4.233.232
2606:4700::6810:5614
2606:4700::6811:190e
2606:4700::6812:1734
2606:4700:e4::ac40:a916
45.79.77.20
04994be7db4693bad5bc011cd1aa7a3cdd72c55dd72f478b772de9a795e82210
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
1494e2691e1c13a3f35cbc3e1b56c5187c10ffe220d1fdc58d99494a666244d4
1b072d764ab95487c3670ab36a80626b962b92d16654deef5db80cec8d5662d1
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
788283b9392704ad36e4767d8e14790895e3a504214d4553da9b4992fd9f2af2
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8a50a27d3811355e45db3fdd058cb33c4b28fbc42cf81157eb74aae068e48573
9a1a1b1e2aa07e46b8d03d0d876ba066405fca75e1ca98c31b2e8236ab815c2b
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
b856bad6a7ffe16d3ba0ea0d6c6fe0526385ebd11e589a2efbcbf97386e9ea40
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
d87aeca803f7b9b20b3290e72029252963ce41538a3d01e8375e87c4261104c8
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e7a9f485d6f2e1dabd73d8b9ebba2930177e6d77565963ed32707837ed9bba33
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e