https://gconnect4.com/c7608cb374be73cd217a423ff4576b8f
172.67.184.164 · Cloudflare, Inc.
Toronto, Canada
0 days ⚠
200 · 18.4s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Gmail (Google) impersonation on gconnect4.com
Vendors
28/31
Status
partial
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page presents a Gmail sign-in UI with Google branding (Google logo, Gmail title, and UI text) loaded from a domain (gconnect4.com) that is not an official Google domain. The HTML source shows a Gmail login shell with an email/phone field and a Next button, and a Google logo is loaded from the site. The visible branding and structure strongly indicate impersonation of Google/Gmail. However, the final URL is not Google's domain, and the page includes garbled hosting signals (new domain, Cloudflare, external scripts) that support a phishing clone rather than a first-party Google page.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 1
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 33
Hosts: 3
Domains: 3
Suspicious Endpoints
hxxps://gconnect4[.]com/api/access-keys/validate
hxxps://gconnect4[.]com/c7608cb374be73cd217a423ff4576b8f/
The scan indicates a strong impersonation attempt: Gmail branding is presented on a non-Google domain gconnect4.com, with a sign-in UI designed to resemble Google's Gmail login. The dedicated login shell, presence of a Google logo, and credential-related network calls (api/access-keys/validate, gql, hubs/session/negotiate) strongly suggest credential harvesting. The domain is very new (0 days) and protected behind Cloudflare, which is common in phishing setups to evade detection. Recommend treating as high-risk phishing impersonation and take action accordingly.
Suspend Domain