https://gconnectapis.com/66ef7e0a55d9f69e0743eabe8150ed3f/
172.67.164.154 · Cloudflare, Inc.
Toronto, Canada
1 day ⚠
200 · 18.4s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Gmail (Google)
Vendors
28/31
Status
partial
No KB/IOK detections were recorded for this scan.
Technology · 7/19/2026
The page displays a Gmail sign-in UI and branding (Google logo, Gmail typography) on the domain gconnectapis.com. The page title is Gmail and the static HTML shows a Google logo and a sign-in form UI, but the host is not google.com. Network requests and assets reference Google-like resources (google-logo.svg, Gmail sign-in UI) suggesting impersonation of Google's Gmail service. POST endpoints such as /api/access-keys/validate and /gql indicate credential-related interactions, though the form in static HTML does not include an actual login field; the UI strongly mirrors Google's login flow, and the domain age is extremely young, increasing impersonation risk.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 1
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 33
Hosts: 3
Domains: 3
Suspicious Endpoints
hxxps://gconnectapis[.]com/api/access-keys/validate
hxxps://gconnectapis[.]com/66ef7e0a55d9f69e0743eabe8150ed3f/
The page presents a high risk impersonation of Google's Gmail login on a brand-new domain (1 day old) with a Google-signed SSL certificate and Google branding. The UI explicitly imitates Google’s sign-in flow (Gmail title, Google logo, 'Sign in' header, 'Next' button) on gconnectapis.com, a domain not owned by Google. The presence of credential-related endpoints and the overall setup strongly indicate credential phishing intent. Scanner-block considerations are not explicitly shown; however, the combination of impersonation signals and new-domain indicators warrants action. Recommend blocking or suspending domain access to mitigate user credential risk.
Suspend Domain