urlscan.io logo urlscan.io
SecurityTrails logo

google-assistance.com Open in urlscan Pro
95.217.28.78  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://google-assistance.com/
Submission Tags: @phishunt_io
Submission: On November 10 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 95.217.28.78, located in Finland and belongs to HETZNER-AS, DE. The main domain is google-assistance.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 6th 2020. Valid for: 3 months.
This is the only time google-assistance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

IP Address AS Autonomous System
2 95.217.28.78 24940 (HETZNER-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
7 4
Domain Requested by
4 fonts.gstatic.com google-assistance.com
2 google-assistance.com google-assistance.com
1 cdnjs.cloudflare.com google-assistance.com
7 3

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com
Subject Issuer Validity Valid
google-assistance.com
Let's Encrypt Authority X3		 2020-11-06 -
2021-02-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://google-assistance.com/
Frame ID: 15ED8C3A2C31D92DDFE0A25F2A0F433C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

289 kB
Transfer

297 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
google-assistance.com/ 		25 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://google-assistance.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
95.217.28.78 , Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.78.28.217.95.clients.your-server.de
Software
nginx/1.17.6 /
Resource Hash
8f28db2fe2009e8cf21c7f12318f573c7b983de780499ff7b20a109e987e7ed9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
google-assistance.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx/1.17.6
date
Tue, 10 Nov 2020 01:42:19 GMT
content-type
text/html
content-length
25380
last-modified
Fri, 06 Nov 2020 17:16:25 GMT
etag
"5fa584e9-6324"
accept-ranges
bytes
strict-transport-security
max-age=31536000
google.css
google-assistance.com/ 		190 KB
190 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://google-assistance.com/google.css
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
95.217.28.78 , Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.78.28.217.95.clients.your-server.de
Software
nginx/1.17.6 /
Resource Hash
806d4c376184ca1825c4b0f1024c58265ae17283908167ded9675add24a86eea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://google-assistance.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 10 Nov 2020 01:42:19 GMT
last-modified
Fri, 06 Nov 2020 17:14:10 GMT
server
nginx/1.17.6
etag
"5fa58462-2f750"
strict-transport-security
max-age=31536000
content-type
text/css
status
200
accept-ranges
bytes
content-length
194384
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.0/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.0/axios.min.js
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000

Request headers

Origin
https://google-assistance.com
Referer
https://google-assistance.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 10 Nov 2020 01:42:19 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
163433
x-via
cfworker/kv
status
200
content-length
4405
cf-request-id
06516a84e700001786f52ff000000001
timing-allow-origin
*
last-modified
Fri, 23 Oct 2020 16:44:19 GMT
server
cloudflare
etag
"5f930863-379d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SWlSvSIWLekFtjosy6eWxroxGQ%2BfMtr8NJHmIeYYZZBLF3%2FwQ%2B9GI1Pje5cPtWhs2uDEKlBu6NNb2JsLKphcLHInKvk%2BjHl7mD%2B3AdKxcOPSCOifoQAxyKnWqHNboHF3EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5efc13817b7c1786-FRA
expires
Sun, 31 Oct 2021 01:42:19 GMT
truncated
/ 		356 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb22484b6ac90a9bcddc4158e5b530c078c475b78ceab0a9873719ec7e87eb9

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		267 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v5/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v5/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/google.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00001d3b9b00d5daf5cfc4e0e9e72db60a51f6928568ec99a635033468083937
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://google-assistance.com
Referer
https://google-assistance.com/google.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 11:33:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jan 2018 02:51:11 GMT
server
sffe
age
137344
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19432
x-xss-protection
0
expires
Mon, 08 Nov 2021 11:33:15 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/google.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://google-assistance.com
Referer
https://google-assistance.com/google.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 06 Nov 2020 11:20:36 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
age
310903
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
expires
Sat, 06 Nov 2021 11:20:36 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v5/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v5/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/google.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce1b0ccd9e4b99c469fb6f13068242bcc56c71da7bae294bc47eb5ba100b807d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://google-assistance.com
Referer
https://google-assistance.com/google.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 11:33:15 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jan 2018 02:51:18 GMT
server
sffe
age
137344
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19664
x-xss-protection
0
expires
Mon, 08 Nov 2021 11:33:15 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: google-assistance.com
URL: https://google-assistance.com/google.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://google-assistance.com
Referer
https://google-assistance.com/google.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 11:20:37 GMT
x-content-type-options
nosniff
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
age
138102
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
expires
Mon, 08 Nov 2021 11:20:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| axios function| checkUser function| lookupUser

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000