connect-accounts.com Open in urlscan Pro
162.215.230.4  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response connect-accounts.com/login/	6 KB 3 KB	639ms 89ms	Document text/html	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash 1b072d764ab95487c3670ab36a80626b962b92d16654deef5db80cec8d5662d1 Security Headers Name Value X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Content-Encoding gzip Content-Length 2318 Content-Type text/html; charset=UTF-8 Date Sat, 07 Jan 2023 15:07:06 GMT Server Vary Accept-Encoding X-Frame-Options DENY X-Powered-By ASP.NET X-Powered-By-Plesk PleskWin
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/	160 KB 25 KB	30ms 17ms	Stylesheet text/css	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 21906183 x-jsd-version 5.1.3 content-encoding br x-cache HIT, MISS cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19153-FRA, cache-iad-kiad7000069-IAD x-jsd-version-type version server cloudflare etag W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FF6PdhWuQEz4fhyADhLgh3ti%2FObrLBpUrOnpfvb%2FtSJhmEHBFHIUlP4IwAFak5MljihVlNPOijGFsNFmrRLHAf9KCSuI7GqhIDB7ZWuQLNJqyeJ579tWQTElxcUEJZqakRKARagDSSZWAlQNTKA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 785d99ebcac68c21-EWR
GET H2	200	bootstrap.bundle.min.js Show response cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/	76 KB 24 KB	29ms 16ms	Script application/javascript	2606:4700::6810:5614 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 25249525 x-jsd-version 5.1.3 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19181-FRA, cache-ewr18124-EWR x-jsd-version-type version server cloudflare etag W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4b7WJyYU45z9oWVOlmyjtQmG7%2BLBekiG6CrFcV%2FZmf%2BSp9hKpQdBv94YDqd4AO7yOwVli31H2xXCp4lHld4b3VJZDevHG7KKpHahrUZmRUxARsZoQTR%2B2eDUe%2Fm1kEnzu3t2mTNk%2FnpU7H3YNvk%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 785d99ebcac98c21-EWR
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/	87 KB 28 KB	27ms 11ms	Script application/javascript	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 3123935 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 27938 last-modified Tue, 02 Mar 2021 18:58:36 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "603e8adc-15d9d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bC3i%2FDgneOD2u19U17VMI5%2Fj%2FEqtS%2BjcEtiIFuMnxkyRTvO563S3HvNwA1d1X0xbbVwtFw%2BSW1HYOLZ1nFM38cpD9ZgG1xr8L3H1eu9DZQ8KH4KTmg1tvTSwk%2BZjDBHV2nAKIQ4gfOI11PnUmvA6jDzT"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 785d99ebcf508cdd-EWR expires Thu, 28 Dec 2023 15:07:07 GMT
GET H/1.1	404 Not Found	code.js connect-accounts.com/login/	0 0	67ms 65ms	Script text/html	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://connect-accounts.com/login/code.js Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:06 GMT Server X-Powered-By ASP.NET Content-Length 103 Content-Type text/html
GET H2	200	3139285c05.js Show response kit.fontawesome.com/	11 KB 4 KB	43ms 27ms	Script text/javascript	2606:4700::6812:1734 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit.fontawesome.com/3139285c05.js Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a50a27d3811355e45db3fdd058cb33c4b28fbc42cf81157eb74aae068e48573 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://connect-accounts.com/ Origin https://connect-accounts.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT strict-transport-security max-age=31536000; preload content-encoding gzip cf-cache-status REVALIDATED server cloudflare access-control-max-age 3000 access-control-allow-methods GET, OPTIONS content-type text/javascript access-control-allow-origin * cache-control max-age=60, public, must-revalidate vary origin, accept-encoding, access-control-request-headers, access-control-request-method cf-ray 785d99ebc9702395-EWR access-control-allow-headers accept, accept-langauge, content-language, content-type, fa-kit-token x-request-id FzfVfJH9mT5w3Md5shIB
GET H/1.1	200 OK	style.css connect-accounts.com/login/	2 KB 1 KB	134ms 67ms	Stylesheet text/css	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://connect-accounts.com/login/style.css Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash d87aeca803f7b9b20b3290e72029252963ce41538a3d01e8375e87c4261104c8 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:06 GMT Content-Encoding gzip Last-Modified Wed, 22 Jun 2022 19:16:31 GMT Server ETag "a340b8946c86d81:0" X-Powered-By ASP.NET Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 929
GET H/1.1	200 OK	logo.png connect-accounts.com/login/	2 KB 2 KB	134ms 77ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/logo.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 16:47:08 GMT Server ETag "c5f910b65786d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 1799
GET H/1.1	200 OK	house.png connect-accounts.com/login/	2 KB 2 KB	132ms 68ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/house.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:40:06 GMT Server ETag "3a2a87e6786d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 1606
GET H/1.1	200 OK	gplay.png connect-accounts.com/login/	24 KB 25 KB	332ms 207ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/gplay.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:40:57 GMT Server ETag "e08e5f9c6786d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 25077
GET H/1.1	200 OK	astore.png connect-accounts.com/login/	20 KB 20 KB	333ms 208ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/astore.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash 87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:41:07 GMT Server ETag "7d8579a26786d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 20047
GET H/1.1	200 OK	f.png connect-accounts.com/login/	445 B 704 B	197ms 72ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/f.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:43:53 GMT Server ETag "64188756886d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 445
GET H/1.1	200 OK	t.png connect-accounts.com/login/	1 KB 2 KB	134ms 73ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/t.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:44:01 GMT Server ETag "f2f893a6886d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 1277
GET H/1.1	200 OK	y.png connect-accounts.com/login/	1 KB 1 KB	74ms 73ms	Image image/png	162.215.230.4 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://connect-accounts.com/login/y.png Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 162.215.230.4 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-230-4.unifiedlayer.com Software / ASP.NET Resource Hash be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/login/?verify User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers X-Powered-By-Plesk PleskWin Date Sat, 07 Jan 2023 15:07:07 GMT Last-Modified Wed, 22 Jun 2022 18:44:09 GMT Server ETag "108cc6e6886d81:0" X-Powered-By ASP.NET Content-Type image/png Accept-Ranges bytes Content-Length 1175
GET H2	200	free.min.css Show response ka-f.fontawesome.com/releases/v6.2.1/css/	100 KB 23 KB	39ms 22ms	Fetch text/css	2606:4700:e4::ac40:a916 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.2.1/css/free.min.css?token=3139285c05 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/3139285c05.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:a916 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7a9f485d6f2e1dabd73d8b9ebba2930177e6d77565963ed32707837ed9bba33 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT via 1.1 eb0e559672da6f524cf68a461f930cc4.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop PHL50-C1 age 22945 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 14 Nov 2022 15:06:08 GMT server cloudflare etag W/"2dbe34367e935e2684b01124b0860d71" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=urQpv823sSMdr85REwo1044TpYr8B3rLqoZYo4jgS1%2FHETtLCc59KEyVxPlnRdFxbwWVKmwrOhJx2AnS6g0aYFckdtwkpZ5AZ5CsbG%2BztymHsNxJlS%2FrB0rn8gie5nKbyuBBe129ghB6tAmSn8GfICH4zA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 785d99ec4e7e78d9-EWR access-control-allow-headers fa-kit-token x-amz-cf-id B4oTFGRMl8NMBDNACeeNI_Ak43fBbH2uWkNJUWwO0q-q4VmMQ3C_kg==
GET H2	200	free-v4-shims.min.css Show response ka-f.fontawesome.com/releases/v6.2.1/css/	27 KB 5 KB	37ms 20ms	Fetch text/css	2606:4700:e4::ac40:a916 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.2.1/css/free-v4-shims.min.css?token=3139285c05 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/3139285c05.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:a916 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b856bad6a7ffe16d3ba0ea0d6c6fe0526385ebd11e589a2efbcbf97386e9ea40 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT via 1.1 b59dc71c4a8ee4973a73c80b9766a6dc.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop JFK50-P8 age 22945 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 14 Nov 2022 15:06:08 GMT server cloudflare etag W/"0d00741459c51dd7330d97cd19326a7b" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7f7HWfju2R7gyC3tFWJcPW8yYKHwFM2ZMpas9dxCOJeEYTz2GGSP%2BSIPs2O5hgpEks5yxRTvspObXy1gLKEjK58J%2F90VMOR9%2BfXlIFedzIQX7suBiAygjE2kSeJl%2FVi3w9cuZFO1eIAUp6Hh9m43L8OXVg%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 785d99ec4e8078d9-EWR access-control-allow-headers fa-kit-token x-amz-cf-id HLM9CACltOcjQJFtyg_n2vC-G4OWa7N0fE_MGR_C2lBBddyiacob7g==
GET H2	200	free-v5-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.2.1/css/	823 B 1 KB	33ms 16ms	Fetch text/css	2606:4700:e4::ac40:a916 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.2.1/css/free-v5-font-face.min.css?token=3139285c05 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/3139285c05.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:a916 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 788283b9392704ad36e4767d8e14790895e3a504214d4553da9b4992fd9f2af2 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT via 1.1 4a6fd791b6663fb7a124f5d43d11ba3c.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop JFK50-P8 age 22945 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 14 Nov 2022 15:06:07 GMT server cloudflare etag W/"15e2713dff942747406520edde3fd0bf" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vbCQDdDbo29RFfhJrEK9kMqCMClRiDiZ9iA09jbMoqCy%2F35e%2Bjmwd0IsUgkx8YoWUbo8ATyWigTrCOPbA3hai%2FCvrgtFq7PE8CamG0ffpPzr6rxKU6AedrgeuqwStWFMHqAzzAaVse8Xw%2BAsFZN6F2KlYA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 785d99ec4e8278d9-EWR access-control-allow-headers fa-kit-token x-amz-cf-id tQ4WEiv-DRVxqQXu-HLIhtdb4uYIQiUGCjbavfTo1n56h-qLEeFlCw==
GET H2	200	free-v4-font-face.min.css Show response ka-f.fontawesome.com/releases/v6.2.1/css/	2 KB 1 KB	37ms 21ms	Fetch text/css	2606:4700:e4::ac40:a916 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.2.1/css/free-v4-font-face.min.css?token=3139285c05 Requested by Host: kit.fontawesome.com URL: https://kit.fontawesome.com/3139285c05.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:a916 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 04994be7db4693bad5bc011cd1aa7a3cdd72c55dd72f478b772de9a795e82210 Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT via 1.1 3ffc96c97d8be4bd38d62dce94cb1db0.cloudfront.net (CloudFront) content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop JFK50-P8 age 22945 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Mon, 14 Nov 2022 15:06:07 GMT server cloudflare etag W/"075b2106ba08d32bc88fff3724503b1e" access-control-max-age 3000 access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nk7Mvm4EC%2FriFgC7OWei7Rq38Pz5bCV71fM8Spit%2FYlH1X%2F7cGoQTQAZEHFGEDf5kO9%2BYKZjDbLUq%2FU5dRSW5KQk1R1zj4vGS5qzLoMeRJKE5QrP37vDlGqtCKudk%2BjL5y9sdkAhvXxkfrP6qrUoU4xDWA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding cf-ray 785d99ec4e8378d9-EWR access-control-allow-headers fa-kit-token x-amz-cf-id YI9nxkKsBrYjlHYUqxuLe7WDz1lGOaBT7RDDY764Fm-1JhN1c-Tblw==
GET H2	200	LSO_4959.jpg online.citi.com/nga-lite-signon/	106 KB 106 KB	148ms 14ms	Image image/jpeg	23.4.233.232 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://online.citi.com/nga-lite-signon/LSO_4959.jpg Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/style.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.4.233.232 Piscataway, United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-4-233-232.deploy.static.akamaitechnologies.com Software / Resource Hash dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070 Security Headers Name Value Content-Security-Policy frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net Strict-Transport-Security max-age=300 X-Content-Security-Policy frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers strict-transport-security max-age=300 date Sat, 07 Jan 2023 15:07:07 GMT content-security-policy frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net last-modified Mon, 25 Apr 2022 13:54:04 GMT x-akamai-citisite SWDC content-type image/jpeg p3p policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI" accept-ranges bytes content-length 108233 x-webkit-csp frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net x-content-security-policy frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
GET H2	200	free-fa-solid-900.woff2 ka-f.fontawesome.com/releases/v6.2.1/webfonts/	147 KB 148 KB	11ms 10ms	Font font/woff2	2606:4700:e4::ac40:a916 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ka-f.fontawesome.com/releases/v6.2.1/webfonts/free-fa-solid-900.woff2 Requested by Host: connect-accounts.com URL: https://connect-accounts.com/login/?verify Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:a916 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1494e2691e1c13a3f35cbc3e1b56c5187c10ffe220d1fdc58d99494a666244d4 Request headers Referer https://connect-accounts.com/ Origin https://connect-accounts.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 07 Jan 2023 15:07:07 GMT via 1.1 2dd59b0ea355cb92a87e9e385032622a.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop JFK50-P8 age 22944 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 150500 last-modified Mon, 14 Nov 2022 15:15:23 GMT server cloudflare etag "69a76555beae5c43a59559396c1aeb54" access-control-max-age 3000 access-control-allow-methods GET content-type font/woff2 access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1U0H8amp%2BfTf8yh93pja7uuB78di1exgs%2BcIlZGLini0W8i%2BO4AZN5fwHWBeMOJRrfflDziUP6yLmdlJIvKdITpLFwB7VP2h7ZkwczE7LmL23BrWEzIcU%2BGYGpZ98WHvzlOMTIFl07NaEt90sRLjZySJzg%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control max-age=31556926 vary Accept-Encoding accept-ranges bytes cf-ray 785d99ecaf0f78d9-EWR access-control-allow-headers fa-kit-token x-amz-cf-id W2xAew5doQPzQ4pUsdaaGCq56twkLnGCAMRCs2ve8wiSqdwqg0fp1g==
GET H/1.1	200 OK	/ Show response jsonip.com/	146 B 447 B	554ms 73ms	Script application/json	45.79.77.20 AKAMAI-AP Akamai ...
General Check archive.org Show headers Download Go to Full URL https://jsonip.com/?callback=jQuery360034755793751572606_1673104027525&_=1673104027526 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 45.79.77.20 Fremont, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG), Reverse DNS li1176-20.members.linode.com Software nginx/1.20.2 / Resource Hash 9a1a1b1e2aa07e46b8d03d0d876ba066405fca75e1ca98c31b2e8236ab815c2b Security Headers Name Value Strict-Transport-Security max-age=31536000; Request headers accept-language en-US,en;q=0.9 Referer https://connect-accounts.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 07 Jan 2023 15:07:08 GMT Strict-Transport-Security max-age=31536000; Server nginx/1.20.2 Transfer-Encoding chunked Access-Control-Allow-Methods GET Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Connection keep-alive

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange number| uidEvent object| bootstrap function| $ function| jQuery object| FontAwesomeKitConfig number| count

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://connect-accounts.com/login/code.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
connect-accounts.com
jsonip.com
ka-f.fontawesome.com
kit.fontawesome.com
online.citi.com
162.215.230.4
23.4.233.232
2606:4700::6810:5614
2606:4700::6811:190e
2606:4700::6812:1734
2606:4700:e4::ac40:a916
45.79.77.20
04994be7db4693bad5bc011cd1aa7a3cdd72c55dd72f478b772de9a795e82210
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
1494e2691e1c13a3f35cbc3e1b56c5187c10ffe220d1fdc58d99494a666244d4
1b072d764ab95487c3670ab36a80626b962b92d16654deef5db80cec8d5662d1
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
788283b9392704ad36e4767d8e14790895e3a504214d4553da9b4992fd9f2af2
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8a50a27d3811355e45db3fdd058cb33c4b28fbc42cf81157eb74aae068e48573
9a1a1b1e2aa07e46b8d03d0d876ba066405fca75e1ca98c31b2e8236ab815c2b
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
b856bad6a7ffe16d3ba0ea0d6c6fe0526385ebd11e589a2efbcbf97386e9ea40
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
d87aeca803f7b9b20b3290e72029252963ce41538a3d01e8375e87c4261104c8
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e7a9f485d6f2e1dabd73d8b9ebba2930177e6d77565963ed32707837ed9bba33
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e