urlscan.io logo urlscan.io
SecurityTrails logo

googlealerts.ga Open in urlscan Pro
34.87.59.92  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://googlealerts.ga/
Effective URL: https://googlealerts.ga/
Submission: On November 20 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 34.87.59.92, located in Singapore, Singapore and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is googlealerts.ga.
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time googlealerts.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 52.220.193.16 16509 (AMAZON-02)
2 6 34.87.59.92 396982 (GOOGLE-CL...)
4 2404:6800:400... 15169 (GOOGLE)
8 3
Apex Domain
Subdomains		 Transfer
7 googlealerts.ga
googlealerts.ga
174 KB
4 gstatic.com
fonts.gstatic.com
51 KB
8 2
Domain Requested by
7 googlealerts.ga 3 redirects googlealerts.ga
4 fonts.gstatic.com googlealerts.ga
8 2

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
Subject Issuer Validity Valid
*.googlealerts.ga
R3		 2022-11-18 -
2023-02-16		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://googlealerts.ga/
Frame ID: CC431AB7C1D99F9102D22F58D1BC5F2F
Requests: 7 HTTP requests in this frame

Frame: https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Frame ID: 238576D99EA3E4A05AA2E5E5B161E531
Requests: 1 HTTP requests in this frame

Frame: https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
Frame ID: 20611F4D93A67A7C7DBA8AE5F073920E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connexion : comptes Google

Page URL History Show full URLs

  1. http://googlealerts.ga/ HTTP 301
    https://googlealerts.ga/ Page URL

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

224 kB
Transfer

1010 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://googlealerts.ga/ HTTP 301
    https://googlealerts.ga/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/CheckConnection.html HTTP 301
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Request Chain 7
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/bscframe.html HTTP 301
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
googlealerts.ga/
Redirect Chain
  • http://googlealerts.ga/
  • https://googlealerts.ga/
744 KB
100 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.87.59.92 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
92.59.87.34.bc.googleusercontent.com
Software
Netlify /
Resource Hash
35dac75d738d60c0655ddbc2cb45198c078d5459dae263fe50af843117a4b0e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
169280
cache-control
public, max-age=0, must-revalidate
content-encoding
gzip
content-length
101928
content-type
text/html; charset=UTF-8
date
Fri, 18 Nov 2022 21:01:09 GMT
etag
"c2ede5b2ebf9b3ffa5c19276be1e4198-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01GJBA56PSWA394SXVHTDNPGFM

Redirect headers

Content-Length
39
Content-Type
text/plain; charset=utf-8
Date
Sun, 20 Nov 2022 20:02:29 GMT
Location
https://googlealerts.ga/
Server
Netlify
X-Nf-Request-Id
01GJBA566S8KR2PVWK2B1D1S3E
m=_b,_tp,_r
googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/ 		187 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/m=_b,_tp,_r
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.87.59.92 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
92.59.87.34.bc.googleusercontent.com
Software
Netlify /
Resource Hash
fcb5d42ee3cc39f0a1dac13ab89b8f9daaebb320caabfe794c1c45f774c63e22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://googlealerts.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id
01GJBA574VJBQV6HW8KZVMTBAY
date
Sun, 20 Nov 2022 20:02:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"b120644cc405cd3b5badb36373dbb611-ssl-df"
vary
Accept-Encoding
content-type
text/plain; charset=UTF-8
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
truncated
/ 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v14/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e1c37812116c45a81199ac9302cf3bb1fa9ef9199d9d8e7a0887dd526dc039a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sat, 19 Nov 2022 12:27:31 GMT
x-content-type-options
nosniff
age
113699
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14576
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:42:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 Nov 2023 12:27:31 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 		10 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sat, 19 Nov 2022 01:05:10 GMT
x-content-type-options
nosniff
age
154640
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10748
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 Nov 2023 01:05:10 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v14/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca8a090651c62cbe8c24c6e99ce3c75a2aeac745159675da0f35a3249b2d4733
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 10:03:38 GMT
x-content-type-options
nosniff
age
467932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14712
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:43:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Nov 2023 10:03:38 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:811::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 14 Nov 2022 22:16:37 GMT
x-content-type-options
nosniff
age
510353
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10788
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Nov 2023 22:16:37 GMT
checkconnection
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/ Frame 2385
Redirect Chain
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/CheckConnection.html
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
29 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.87.59.92 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
92.59.87.34.bc.googleusercontent.com
Software
Netlify /
Resource Hash
0f54f8e3cf89f711b8bc5ee5bb5bf3e1a810a0aa5c7725608f1be26254a614ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://googlealerts.ga/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
2
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 20:02:30 GMT
etag
"0ac79ca7bfaaeecbf644e0f7635243fe-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01GJBA57TN03EMNKRMA22DCZ2Z

Redirect headers

age
0
cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 20:02:30 GMT
etag
"0ac79ca7bfaaeecbf644e0f7635243fe-ssl-df"
location
/connexion%C2%A0_%20comptes%20google_files/checkconnection
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJBA575SM8AH43RE5KP8T8GM
bscframe
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/ Frame 2061
Redirect Chain
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/bscframe.html
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
167 B
220 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.87.59.92 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
92.59.87.34.bc.googleusercontent.com
Software
Netlify /
Resource Hash
caad5aee48a682140c58a6c6e749696b96c11b33d58f7b1ff2a817490be57046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://googlealerts.ga/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
2
cache-control
public, max-age=0, must-revalidate
content-length
167
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 20:02:30 GMT
etag
"9fe98c4557aa7478d8ba794a9e63ed4f-ssl"
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJBA57TP906VR1E42S4NF1Z7

Redirect headers

age
0
cache-control
public, max-age=0, must-revalidate
content-length
167
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 20:02:30 GMT
etag
"9fe98c4557aa7478d8ba794a9e63ed4f-ssl"
location
/connexion%C2%A0_%20comptes%20google_files/bscframe
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJBA575SPT7DDZ8ZBCGAHBZP

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| WIZ_global_data number| cc_latency_start_time function| onaft function| _isLazyImage string| cc_aid number| iml_start number| css_size object| cc_latency function| ccTick function| onJsLoad function| onCssLoad function| _isVisible function| _recordImlEl number| prt function| wiz_tick string| _F_cssRowKey string| _F_combinedSignature function| _DumpException object| BOQ_wizbind object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue function| AF_initDataCallback undefined| AF_initDataInitializeCallback object| aft_counter function| initAft object| IJ_values object| _wjdd object| default_AccountsSignInUi boolean| BOQ_loadedInitialJS function| _F_installCss

1 Cookies

Domain/Path Name / Value
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files Name: CheckConnectionTempCookie316
Value: 934672

1 Console Messages

Source Level URL
Text
security error URL: /_/mss/boq-identity/_/js/k=boq-identity.AccountsDomaincookiesCheckconnectionJs.fr.jkoaMRkhaFQ.es5.O/d=1/rs=AOaEmlEAJeXaEUECIauxp17QxyF8hhmaTQ/m=base(Line 96)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('https://googlealerts.ga').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000