![](/screenshots/658751eb-67a3-4d1c-aaab-6e153711c57b.png)
investment-helpdesk-com.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2fb4
Malicious Activity!
Public Scan
Submission: On March 11 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 11th 2024. Valid for: 3 months.
This is the only time investment-helpdesk-com.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fidelity (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:310... 2606:4700:310c::ac42:2fb4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:ec80:300... 2a02:ec80:300:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 23.15.178.194 23.15.178.194 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.71.130.48 104.71.130.48 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 142.250.186.130 142.250.186.130 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:811::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:80e::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2003 | 15169 (GOOGLE) (GOOGLE) | |
9 | 8 |
ASN13335 (CLOUDFLARENET, US)
investment-helpdesk-com.pages.dev |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-15-178-194.deploy.static.akamaitechnologies.com
www.fidelity.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-71-130-48.deploy.static.akamaitechnologies.com
investor.vanguard.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
pages.dev
investment-helpdesk-com.pages.dev |
29 KB |
1 |
google.de
www.google.de — Cisco Umbrella Rank: 6744 |
455 B |
1 |
google.com
1 redirects
www.google.com — Cisco Umbrella Rank: 2 |
1 KB |
1 |
doubleclick.net
1 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 |
1 KB |
1 |
googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 124 |
2 KB |
1 |
vanguard.com
investor.vanguard.com — Cisco Umbrella Rank: 58679 |
5 KB |
1 |
fidelity.com
www.fidelity.com — Cisco Umbrella Rank: 15072 |
3 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2808 |
4 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
83 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
9 | 10 |
Domain | Requested by | |
---|---|---|
2 | investment-helpdesk-com.pages.dev |
investment-helpdesk-com.pages.dev
|
1 | www.google.de |
investment-helpdesk-com.pages.dev
|
1 | www.google.com | 1 redirects |
1 | googleads.g.doubleclick.net | 1 redirects |
1 | www.googleadservices.com |
www.googletagmanager.com
|
1 | investor.vanguard.com |
investment-helpdesk-com.pages.dev
|
1 | www.fidelity.com |
investment-helpdesk-com.pages.dev
|
1 | upload.wikimedia.org |
investment-helpdesk-com.pages.dev
|
1 | www.googletagmanager.com |
investment-helpdesk-com.pages.dev
|
0 | +18888897595 Failed |
investment-helpdesk-com.pages.dev
|
9 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
investment-helpdesk-com.pages.dev GTS CA 1P5 |
2024-03-11 - 2024-06-09 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
www.fidelity.com Entrust Certification Authority - L1M |
2024-01-08 - 2025-02-06 |
a year | crt.sh |
investor.vanguard.com R3 |
2024-01-17 - 2024-04-16 |
3 months | crt.sh |
www.googleadservices.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
tel://+18888897595
Frame ID: EDAD759031C2FA9691D45D0C18F828BD
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/658751eb-67a3-4d1c-aaab-6e153711c57b.png)
Page Title
Robinhood, Charles Schwab, Fidelity, vanguard Guide & Market research articlesDetected technologies
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1>m=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles>m_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC HTTP 302
- https://www.google.com/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1>m=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles>m_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153 HTTP 302
- https://www.google.de/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1>m=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles>m_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153&ipr=y
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
investment-helpdesk-com.pages.dev/ |
26 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
238 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Robinhood_%28company%29_logo.svg
upload.wikimedia.org/wikipedia/commons/d/da/ |
7 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01.png
investment-helpdesk-com.pages.dev/ |
20 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fidelity-footer-logo.png
www.fidelity.com/bin-public/060_www_fidelity_com/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vanguard.svg
investor.vanguard.com/corporate-portal/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.googleadservices.com/pagead/conversion/16490233084/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.de/pagead/1p-conversion/16490233084/ Redirect Chain
|
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
+18888897595
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- +18888897595
- URL
- tel:+18888897595
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fidelity (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| gtag object| dataLayer function| autoDial function| call object| google_tag_manager object| google_tag_data object| GooglebQhCsO3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.investment-helpdesk-com.pages.dev/ | Name: _gcl_au Value: 1.1.452363924.1710163108 |
|
www.fidelity.com/ | Name: akaalb_www_AWS_ALB Value: 1710164007~op=EAST_AWS_WWW:WWW-EAST|~rv=45~m=WWW-EAST:0|~os=f1162b9d355bd32846e2d2dc4b3e9a05~id=46694a9098c007887aa498bf0791b26f |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
+18888897595
googleads.g.doubleclick.net
investment-helpdesk-com.pages.dev
investor.vanguard.com
upload.wikimedia.org
www.fidelity.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
+18888897595
104.71.130.48
142.250.186.130
23.15.178.194
2606:4700:310c::ac42:2fb4
2a00:1450:4001:80e::2004
2a00:1450:4001:811::2002
2a00:1450:4001:812::2008
2a00:1450:4001:828::2003
2a02:ec80:300:ed1a::2:b
12125194b3f71d797963c28ffbb4d35ae52d378612aba1467d14be183b068114
a5412879d3afe03b27f692bfddcb406c962667e44cdd32f67d89caddc216ae76
a57d967a90170c60454b132814d73231f16fb96319460c6f882800f4ba21211f
a730bee31d6717288a8f0b3a5b81d788559266a1d00ba7c5e6939f148db27233
cd7ff41358435aa7e57694017956956319862131fa31ad56916c9eeb6a694d4a
cdb906d9cc1d15b09eed9cb85e93b02aee7fbd7ec35fe0f12ad93a98fa0b41f7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7c79c22b5345e47843b9f1ad2882ab50ed55325f9fcadc1a4bfa309acf70001