urlscan.io logo urlscan.io
SecurityTrails logo

investment-helpdesk-com.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2fb4  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://investment-helpdesk-com.pages.dev/
Submission: On March 11 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 10 domains to perform 9 HTTP transactions. The main IP is 2606:4700:310c::ac42:2fb4, located in United States and belongs to CLOUDFLARENET, US. The main domain is investment-helpdesk-com.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on March 11th 2024. Valid for: 3 months.
This is the only time investment-helpdesk-com.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

2    2606:4700:310c::ac42:2fb4 (United States)

ASN13335 (CLOUDFLARENET, US)
investment-helpdesk-com.pages.dev
1    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)
upload.wikimedia.org
1    23.15.178.194 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-15-178-194.deploy.static.akamaitechnologies.com
www.fidelity.com
1    104.71.130.48 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-71-130-48.deploy.static.akamaitechnologies.com
investor.vanguard.com
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
2 pages.dev
investment-helpdesk-com.pages.dev
29 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6744
455 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 124
2 KB
1 vanguard.com
investor.vanguard.com — Cisco Umbrella Rank: 58679
5 KB
1 fidelity.com
www.fidelity.com — Cisco Umbrella Rank: 15072
3 KB
1 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2808
4 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
83 KB
0 Failed
function sub() { [native code] }. Failed
9 10
Domain Requested by
2 investment-helpdesk-com.pages.dev investment-helpdesk-com.pages.dev
1 www.google.de investment-helpdesk-com.pages.dev
1 www.google.com 1 redirects
1 googleads.g.doubleclick.net 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 investor.vanguard.com investment-helpdesk-com.pages.dev
1 www.fidelity.com investment-helpdesk-com.pages.dev
1 upload.wikimedia.org investment-helpdesk-com.pages.dev
1 www.googletagmanager.com investment-helpdesk-com.pages.dev
0 +18888897595 Failed investment-helpdesk-com.pages.dev
9 10

This site contains no links.

Subject Issuer Validity Valid
investment-helpdesk-com.pages.dev
GTS CA 1P5		 2024-03-11 -
2024-06-09		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-18 -
2024-10-16		 a year crt.sh
www.fidelity.com
Entrust Certification Authority - L1M		 2024-01-08 -
2025-02-06		 a year crt.sh
investor.vanguard.com
R3		 2024-01-17 -
2024-04-16		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh

This page contains 1 frames:

Frame: tel://+18888897595
Frame ID: EDAD759031C2FA9691D45D0C18F828BD
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Robinhood, Charles Schwab, Fidelity, vanguard Guide & Market research articles

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

9
Requests

78 %
HTTPS

67 %
IPv6

10
Domains

10
Subdomains

8
IPs

2
Countries

125 kB
Transfer

299 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC HTTP 302
  • https://www.google.com/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153 HTTP 302
  • https://www.google.de/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153&ipr=y

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
investment-helpdesk-com.pages.dev/ 		26 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a730bee31d6717288a8f0b3a5b81d788559266a1d00ba7c5e6939f148db27233
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
862bd49f3944993f-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 11 Mar 2024 13:18:27 GMT
etag
W/"5ff4ad998c820ac5bbe7a5e2e8f634ed"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RT9eK%2Bjf4voaKRAk5LqaFykwkBAsxIM13uUvBn%2BDofm2QriIUmA8mCriAHp%2BMyUj47DXmFryMZqpxenr1%2BurV5jZFfc4wvTDermfQQn%2BT8RUYLaAI6AMHD4luk9YIcpqEDXPFnNMLmdj098Rm0sWOstbpa3UwXBObcIhXZMX8vU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
js
www.googletagmanager.com/gtag/ 		238 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-16490233084
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cd7ff41358435aa7e57694017956956319862131fa31ad56916c9eeb6a694d4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Mon, 11 Mar 2024 13:18:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
84641
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 11 Mar 2024 13:18:27 GMT
Robinhood_%28company%29_logo.svg
upload.wikimedia.org/wikipedia/commons/d/da/ 		7 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upload.wikimedia.org/wikipedia/commons/d/da/Robinhood_%28company%29_logo.svg
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
envoy /
Resource Hash
12125194b3f71d797963c28ffbb4d35ae52d378612aba1467d14be183b068114
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Mon, 11 Mar 2024 13:18:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=106384710; includeSubDomains; preload
nel
{ "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age
2
x-cache-status
miss
x-cache
cp3076 miss, cp3076 miss
server-timing
cache;desc="miss", host;desc="cp3076"
x-client-ip
2a01:4a0:5a::3
x-object-meta-sha1base36
36v52ii6kvr2wdcyhvnuqucxuzj8oyl
last-modified
Tue, 02 Aug 2022 21:46:44 GMT
server
envoy
etag
W/64f134da8ed227a03bf76396c31d4ba1
vary
Accept-Encoding
report-to
{ "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges
bytes
timing-allow-origin
*
01.png
investment-helpdesk-com.pages.dev/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://investment-helpdesk-com.pages.dev/01.png
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2fb4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5412879d3afe03b27f692bfddcb406c962667e44cdd32f67d89caddc216ae76
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Mon, 11 Mar 2024 13:18:27 GMT
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"9489f5c36cfbaa464ef9410c07100d3a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibjsm0rYOTcwmk02CJj5E8%2BourwkWPI3sUpojHi5J627hvpz69oR8mLQaPhfB2rli5QHNpMfUbzRz6JB3WThOAVJsMrhNg2YJxBs8Zn7J03VjUlBCXcKwedwbs8tr9Mel6JlA9DETz%2BzKceSRLluX230jBsERZPQZKOw2PLudf4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
862bd4a01a42993f-FRA
alt-svc
h3=":443"; ma=86400
content-length
20668
Fidelity-footer-logo.png
www.fidelity.com/bin-public/060_www_fidelity_com/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fidelity.com/bin-public/060_www_fidelity_com/images/Fidelity-footer-logo.png
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.15.178.194 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-15-178-194.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f7c79c22b5345e47843b9f1ad2882ab50ed55325f9fcadc1a4bfa309acf70001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma
no-cache
x-amz-version-id
3KwOnY1AIOpNe8G_1IC78lMgPVcf6A3t
date
Mon, 11 Mar 2024 13:18:27 GMT
last-modified
Mon, 11 Mar 2024 12:08:58 GMT
server
AmazonS3
x-amz-request-id
06EWKRRBW20X51ZQ
etag
"9b787a54e341e9d886273df4e0f2d68e"
x-amz-server-side-encryption
AES256
content-type
image/png
cache-control
max-age=0, no-cache, no-store
x-amz-replication-status
PENDING
accept-ranges
bytes
content-length
2073
x-amz-id-2
5us8ScjauqdP0UH3gxXbu4yBQlnrFR0nAePAiKX/ZD7umayIknn2uXah7mZvv99WPsBRTJyuBkY=
expires
Mon, 11 Mar 2024 13:18:27 GMT
vanguard.svg
investor.vanguard.com/corporate-portal/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://investor.vanguard.com/corporate-portal/vanguard.svg
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.71.130.48 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-71-130-48.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a57d967a90170c60454b132814d73231f16fb96319460c6f882800f4ba21211f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; frame-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; img-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; media-src 'self' *.vgdynamic.info *.youtube-nocookie.com *.limelight.com *.llnw.net blob:; worker-src 'self' blob:; font-src 'self' *.vanguard.com *.vgcontent.info *.vgdynamic.info *.vgdynamic.info:* *.vgcontent.info:* data:;
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; frame-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; img-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; media-src 'self' *.vgdynamic.info *.youtube-nocookie.com *.limelight.com *.llnw.net blob:; worker-src 'self' blob:; font-src 'self' *.vanguard.com *.vgcontent.info *.vgdynamic.info *.vgdynamic.info:* *.vgcontent.info:* data:;
content-encoding
gzip
date
Mon, 11 Mar 2024 13:18:28 GMT
server
nginx
strict-transport-security
max-age=15768000 ; includeSubDomains
akamai-grn
0.2c824768.1710163108.13c8e34
etag
W/"f66-Xv15faYMINp8+U8zYnJjPVk/Oyg"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1710163108071_1749516844_20745780_97_9343_86_252_182";dur=1
content-length
1871
x-xss-protection
1; mode=block
expires
Mon, 11 Mar 2024 13:18:28 GMT
/
www.googleadservices.com/pagead/conversion/16490233084/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/16490233084/?random=1710163107970&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16490233084
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
cdb906d9cc1d15b09eed9cb85e93b02aee7fbd7ec35fe0f12ad93a98fa0b41f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Mar 2024 13:18:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1684
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/16490233084/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma...
  • https://www.google.com/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&...
  • https://www.google.de/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&u...
42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153&ipr=y
Requested by
Host: investment-helpdesk-com.pages.dev
URL: https://investment-helpdesk-com.pages.dev/
Protocol
H2
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investment-helpdesk-com.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 11 Mar 2024 13:18:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 11 Mar 2024 13:18:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/16490233084/?random=1196443669&cv=11&fst=1710163107970&bg=ffffff&guid=ON&async=1&gtm=45be4360za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Finvestment-helpdesk-com.pages.dev%2F&label=1kr4CL-j9poZEPz5k7c9&hn=www.googleadservices.com&frm=0&tiba=Robinhood%2C%20Charles%20Schwab%2C%20Fidelity%2C%20vanguard%20Guide%20%26%20Market%20research%20articles&gtm_ee=1&npa=1&pscdl=noapi&auid=452363924.1710163108&uamb=0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=COy7sQII4b2xAg&pscrd=EkxDaEFJOE5lNnJ3WVF5YmJNcE1DV3M0azNFaVVBWU1IUXI2UjNEZDZNNF9INmVhN3lac1kyQzZxUWhaWUx4b1Y1WGxodXRjeEdHeVZVGldDaEFJOE5lNnJ3WVF5SW1NMmZTMDNONVpFaTBBMDZuVkJZcDcyY2t4TnNGcUFaLU5IUGxrdFR6X3ZsWDB3WUo4S1NHMmctaHRlU2oyWGVLeXQ3WXdVT3ciEwix6b6EpuyEAxUDB6IDHXZlDqQyAggDMgIIBDICCAcyAggIMgIICTICCAoyAggC&is_vtc=1&cid=CAQSGwB7FLtqHsTYQL7BYIvOt450Tf23OQku_XdOJg&random=2501920153&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
+18888897595
/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
+18888897595
URL
tel:+18888897595

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer function| autoDial function| call object| google_tag_manager object| google_tag_data object| GooglebQhCsO

3 Cookies

Domain/Path Name / Value
.investment-helpdesk-com.pages.dev/ Name: _gcl_au
Value: 1.1.452363924.1710163108
www.fidelity.com/ Name: akaalb_www_AWS_ALB
Value: 1710164007~op=EAST_AWS_WWW:WWW-EAST|~rv=45~m=WWW-EAST:0|~os=f1162b9d355bd32846e2d2dc4b3e9a05~id=46694a9098c007887aa498bf0791b26f
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

2 Console Messages

Source Level URL
Text
other warning URL: https://investment-helpdesk-com.pages.dev/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://investment-helpdesk-com.pages.dev/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff