urlscan.io logo urlscan.io
SecurityTrails logo

googlealerts.ga Open in urlscan Pro
52.220.244.242  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://googlealerts.ga/
Effective URL: https://googlealerts.ga/
Submission: On November 20 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 52.220.244.242, located in Singapore, Singapore and belongs to AMAZON-02, US. The main domain is googlealerts.ga.
TLS certificate: Issued by R3 on November 18th 2022. Valid for: 3 months.
This is the only time googlealerts.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
3 7 52.220.244.242 16509 (AMAZON-02)
4 2404:6800:400... 15169 (GOOGLE)
8 3
Apex Domain
Subdomains		 Transfer
7 googlealerts.ga
googlealerts.ga
174 KB
4 gstatic.com
fonts.gstatic.com
51 KB
8 2
Domain Requested by
7 googlealerts.ga 3 redirects googlealerts.ga
4 fonts.gstatic.com googlealerts.ga
8 2

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
Subject Issuer Validity Valid
*.googlealerts.ga
R3		 2022-11-18 -
2023-02-16		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://googlealerts.ga/
Frame ID: 0E4B8BC9AE33D5FB6B1AF3795C08DEEB
Requests: 7 HTTP requests in this frame

Frame: https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Frame ID: 2E7BB4A72FF1EC4D302E247A04B57917
Requests: 1 HTTP requests in this frame

Frame: https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
Frame ID: B0564A9A6A1FA74FC360F9BA31A54A23
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connexion : comptes Google

Page URL History Show full URLs

  1. http://googlealerts.ga/ HTTP 301
    https://googlealerts.ga/ Page URL

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

224 kB
Transfer

1010 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://googlealerts.ga/ HTTP 301
    https://googlealerts.ga/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/CheckConnection.html HTTP 301
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Request Chain 7
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/bscframe.html HTTP 301
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
googlealerts.ga/
Redirect Chain
  • http://googlealerts.ga/
  • https://googlealerts.ga/
744 KB
100 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.220.244.242 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-220-244-242.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
35dac75d738d60c0655ddbc2cb45198c078d5459dae263fe50af843117a4b0e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
76965
cache-control
public, max-age=0, must-revalidate
content-encoding
gzip
content-length
101928
content-type
text/html; charset=UTF-8
date
Sat, 19 Nov 2022 18:40:46 GMT
etag
"c2ede5b2ebf9b3ffa5c19276be1e4198-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01GJAWFMGAVPAQ915ZYNW1KQ8M

Redirect headers

Content-Length
39
Content-Type
text/plain; charset=utf-8
Date
Sun, 20 Nov 2022 16:03:31 GMT
Location
https://googlealerts.ga/
Server
Netlify
X-Nf-Request-Id
01GJAWFM3A6X7D9RJB0J7NV802
m=_b,_tp,_r
googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/ 		187 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/m=_b,_tp,_r
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.220.244.242 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-220-244-242.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
fcb5d42ee3cc39f0a1dac13ab89b8f9daaebb320caabfe794c1c45f774c63e22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://googlealerts.ga/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id
01GJAWFMQ1F9CNM7DVCREREXXC
date
Sun, 20 Nov 2022 16:03:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"b120644cc405cd3b5badb36373dbb611-ssl-df"
vary
Accept-Encoding
content-type
text/plain; charset=UTF-8
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
truncated
/ 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v14/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e1c37812116c45a81199ac9302cf3bb1fa9ef9199d9d8e7a0887dd526dc039a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sat, 19 Nov 2022 12:27:31 GMT
x-content-type-options
nosniff
age
99360
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14576
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:42:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 Nov 2023 12:27:31 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 		10 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Sat, 19 Nov 2022 01:05:10 GMT
x-content-type-options
nosniff
age
140301
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10748
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 19 Nov 2023 01:05:10 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v14/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca8a090651c62cbe8c24c6e99ce3c75a2aeac745159675da0f35a3249b2d4733
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 10:03:38 GMT
x-content-type-options
nosniff
age
453593
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14712
x-xss-protection
0
last-modified
Mon, 22 Apr 2019 23:43:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Nov 2023 10:03:38 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googlealerts.ga/
Origin
https://googlealerts.ga
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 14 Nov 2022 22:16:37 GMT
x-content-type-options
nosniff
age
496014
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10788
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Nov 2023 22:16:37 GMT
checkconnection
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/ Frame 2E7B
Redirect Chain
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/CheckConnection.html
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
29 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/checkconnection
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.220.244.242 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-220-244-242.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
0f54f8e3cf89f711b8bc5ee5bb5bf3e1a810a0aa5c7725608f1be26254a614ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://googlealerts.ga/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
0
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 16:03:32 GMT
etag
"0ac79ca7bfaaeecbf644e0f7635243fe-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01GJAWFN44VGJKS2MF64CKRWXV

Redirect headers

age
2
cache-control
public, max-age=0, must-revalidate
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 16:03:31 GMT
etag
"0ac79ca7bfaaeecbf644e0f7635243fe-ssl-df"
location
/connexion%C2%A0_%20comptes%20google_files/checkconnection
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJAWFMS59M121JMQ864DYKMT
bscframe
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/ Frame B056
Redirect Chain
  • https://googlealerts.ga/Connexion%C2%A0_%20comptes%20Google_files/bscframe.html
  • https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
167 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googlealerts.ga/connexion%C2%A0_%20comptes%20google_files/bscframe
Requested by
Host: googlealerts.ga
URL: https://googlealerts.ga/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.220.244.242 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-220-244-242.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
caad5aee48a682140c58a6c6e749696b96c11b33d58f7b1ff2a817490be57046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://googlealerts.ga/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

age
0
cache-control
public, max-age=0, must-revalidate
content-length
167
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 16:03:32 GMT
etag
"9fe98c4557aa7478d8ba794a9e63ed4f-ssl"
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJAWFN1WQPTZHJJNNT9WS64P

Redirect headers

age
0
cache-control
public, max-age=0, must-revalidate
content-length
167
content-type
text/html; charset=UTF-8
date
Sun, 20 Nov 2022 16:03:31 GMT
etag
"9fe98c4557aa7478d8ba794a9e63ed4f-ssl"
location
/connexion%C2%A0_%20comptes%20google_files/bscframe
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01GJAWFMS6YT48Y0H1PM8179ZY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| WIZ_global_data number| cc_latency_start_time function| onaft function| _isLazyImage string| cc_aid number| iml_start number| css_size object| cc_latency function| ccTick function| onJsLoad function| onCssLoad function| _isVisible function| _recordImlEl number| prt function| wiz_tick string| _F_cssRowKey string| _F_combinedSignature function| _DumpException object| BOQ_wizbind object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue function| AF_initDataCallback undefined| AF_initDataInitializeCallback object| aft_counter function| initAft object| IJ_values object| _wjdd object| default_AccountsSignInUi boolean| BOQ_loadedInitialJS function| _F_installCss

1 Cookies

Domain/Path Name / Value
googlealerts.ga/connexion%C2%A0_%20comptes%20google_files Name: CheckConnectionTempCookie569
Value: 700472

1 Console Messages

Source Level URL
Text
security error URL: /_/mss/boq-identity/_/js/k=boq-identity.AccountsDomaincookiesCheckconnectionJs.fr.jkoaMRkhaFQ.es5.O/d=1/rs=AOaEmlEAJeXaEUECIauxp17QxyF8hhmaTQ/m=base(Line 96)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('https://googlealerts.ga').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000