Statistics

Google Trust Services

TLS certificate intermediate · suspicious phishing activity

URLs
26
Brands targeted
9
Unique IPs
17

What is Google Trust Services?

Operator
Google Trust Services LLC
Chains to
GTS Root R1, GTS Root R4
Key type
RSA & ECDSA
In use since
2017

Operator-name view of Google's free public ACME endpoint (pki.goog). When the cert's Organization field shows only the operator without an intermediate CN, the issuing CA is one of WE1/WE2 (ECDSA) or WR1/WR2/WR4/GTS CA 1C3/GTS CA 1D4 (RSA).

Public ACME issuance opened in 2022; volume has grown rapidly. Same abuse profile as the underlying intermediates.

Related intermediates from the same operator: WE1, WE2, WR1, WR2, WR4, GTS CA 1C3, GTS CA 1D4

Authoritative references: Google Trust Services repository · Google Public ACME endpoint

Frequently asked questions

What is Google Trust Services?

Google Trust Services is a publicly trusted intermediate certificate authority operated by Google Trust Services LLC and chained to GTS Root R1, GTS Root R4. It is recognized by all mainstream browsers and operating system trust stores, so the certificate itself is not a phishing indicator - the same intermediate signs millions of legitimate sites. phishunt only flags the specific domains listed below as suspicious; Google Trust Services as a CA is fine.

Why does Google Trust Services show up on phishing sites?

Google Trust Services LLC issues RSA & ECDSA domain-validated certificates automatically and at no cost (or very low cost), which is the exact workflow scammers need to put HTTPS on a throwaway domain. Domain validation only proves that the requester controls the domain name, not that the site behind it is trustworthy. phishunt lists the specific domains currently flagged below — those are the suspicious ones, not Google Trust Services itself.

How do I verify a certificate issued by Google Trust Services?

In a desktop browser, click the padlock in the address bar and open the certificate viewer. Confirm the issuer chain ends at GTS Root R1, GTS Root R4, that the subject matches the domain you expect, and that the notAfter date has not passed. A valid Google Trust Services certificate only proves TLS was negotiated correctly — always verify the domain name itself belongs to the service you intended to visit.

What is the difference between Google Trust Services and WE1?

Google Trust Services and its siblings (WE1, WE2, WR1, WR2) share the same operator (Google Trust Services LLC) and roll up to the same root (GTS Root R1, GTS Root R4). CAs rotate multiple intermediates so that if one key ever has to be revoked, the damage is contained. As a user, you can treat all of them as the same trust anchor.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-05-15 07:30 2026-05-14 10:12
https://facebook-ai-trading.org
Screenshot of facebook-ai-trading.org urlscan Details
2026-05-15 07:30 2026-05-13 09:07
https://metamaskcasino.de
Screenshot of metamaskcasino.de urlscan Details
2026-05-15 07:30 2026-05-12 22:18
https://amazonslots.biz
Screenshot of amazonslots.biz urlscan Details
2026-05-15 07:30 2026-05-11 23:23
https://netflixtornedo.in
Screenshot of netflixtornedo.in urlscan Details
2026-05-15 07:30 2026-05-10 19:21
https://hsbc.dev
Screenshot of hsbc.dev urlscan Details
2026-05-15 07:30 2026-05-09 17:54
https://amazones.digital
Screenshot of amazones.digital urlscan Details
2026-05-15 07:30 2026-05-09 17:20
https://cnzh-chrom-google.com.cn
Screenshot of cnzh-chrom-google.com.cn urlscan Details
2026-05-15 07:30 2026-05-08 14:53
https://amazonnoutlet.com
Screenshot of amazonnoutlet.com urlscan Details
2026-05-15 07:30 2026-05-06 09:30
https://eur.revolutionrvrc.com
Screenshot of eur.revolutionrvrc.com urlscan Details
2026-05-15 07:30 2026-05-01 21:31
https://zelleria.shop
Screenshot of zelleria.shop urlscan Details
2026-05-15 07:30 2026-04-30 21:44
https://googlelogos.com
Screenshot of googlelogos.com urlscan Details
2026-05-15 07:30 2026-04-30 12:08
https://netflixcasino.co
Screenshot of netflixcasino.co urlscan Details
2026-05-15 07:30 2026-04-29 08:56
https://facebookgongguan.com
Screenshot of facebookgongguan.com urlscan Details
2026-05-15 07:30 2026-04-29 04:57
https://mirror-google.com
Screenshot of mirror-google.com urlscan Details
2026-05-15 07:30 2026-04-21 07:23
https://amazon-europe.club
Screenshot of amazon-europe.club urlscan Details
2026-05-15 07:30 2026-04-18 04:21
https://amazonde.best
Screenshot of amazonde.best urlscan Details
2026-05-15 07:30 2026-04-12 06:13
https://google29.m4ntapaset.ink
Screenshot of google29.m4ntapaset.ink urlscan Details
2026-05-15 07:30 2026-04-11 16:10
https://amazonpalletsinc.shop
Screenshot of amazonpalletsinc.shop urlscan Details
2026-05-15 07:30 2026-04-09 10:48
https://google32.m4ntapaset.ink
Screenshot of google32.m4ntapaset.ink urlscan Details
2026-05-15 07:30 2026-04-08 11:27
https://amazonde.world
Screenshot of amazonde.world urlscan Details
2026-05-15 07:30 2026-04-06 19:16
https://google28.m4ntapaset.ink
Screenshot of google28.m4ntapaset.ink urlscan Details
2026-05-15 07:30 2026-04-05 17:13
https://santanderbet317.com
Screenshot of santanderbet317.com urlscan Details
2026-05-15 07:30 2026-04-05 00:19
https://how-to-turn-off-autoplay-netflix.pages.dev
Screenshot of how-to-turn-off-autoplay-netflix.pages.dev urlscan Details
2026-05-15 07:30 2026-03-30 16:57
https://googlechromeindir.com
Screenshot of googlechromeindir.com urlscan Details
2026-05-15 07:30 2026-03-29 15:04
https://metamaskuks.vip
Screenshot of metamaskuks.vip urlscan Details
2026-05-15 07:30 2026-03-28 08:47
https://facebookpostscheduler.com
Screenshot of facebookpostscheduler.com urlscan Details
URL Screenshot Flags Details
https://facebook-ai-trading.o… Screenshot of facebook-ai-trading.org urlscan Details
https://metamaskcasino.de Screenshot of metamaskcasino.de urlscan Details
https://amazonslots.biz Screenshot of amazonslots.biz urlscan Details
https://netflixtornedo.in Screenshot of netflixtornedo.in urlscan Details
https://hsbc.dev Screenshot of hsbc.dev urlscan Details
https://amazones.digital Screenshot of amazones.digital urlscan Details
https://cnzh-chrom-google.com… Screenshot of cnzh-chrom-google.com.cn urlscan Details
https://amazonnoutlet.com Screenshot of amazonnoutlet.com urlscan Details
https://eur.revolutionrvrc.com Screenshot of eur.revolutionrvrc.com urlscan Details
https://zelleria.shop Screenshot of zelleria.shop urlscan Details
https://googlelogos.com Screenshot of googlelogos.com urlscan Details
https://netflixcasino.co Screenshot of netflixcasino.co urlscan Details
https://facebookgongguan.com Screenshot of facebookgongguan.com urlscan Details
https://mirror-google.com Screenshot of mirror-google.com urlscan Details
https://amazon-europe.club Screenshot of amazon-europe.club urlscan Details
https://amazonde.best Screenshot of amazonde.best urlscan Details
https://google29.m4ntapaset.i… Screenshot of google29.m4ntapaset.ink urlscan Details
https://amazonpalletsinc.shop Screenshot of amazonpalletsinc.shop urlscan Details
https://google32.m4ntapaset.i… Screenshot of google32.m4ntapaset.ink urlscan Details
https://amazonde.world Screenshot of amazonde.world urlscan Details
https://google28.m4ntapaset.i… Screenshot of google28.m4ntapaset.ink urlscan Details
https://santanderbet317.com Screenshot of santanderbet317.com urlscan Details
https://how-to-turn-off-autop… Screenshot of how-to-turn-off-autoplay-netflix.pages.dev urlscan Details
https://googlechromeindir.com Screenshot of googlechromeindir.com urlscan Details
https://metamaskuks.vip Screenshot of metamaskuks.vip urlscan Details
https://facebookpostscheduler… Screenshot of facebookpostscheduler.com urlscan Details