fidelity-test.duckdns.org

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 182.160.12.148, located in Hong Kong, Hong Kong and belongs to HWCLOUDS-AS-AP HUAWEI CLOUDS, HK. The main domain is fidelity-test.duckdns.org.
TLS certificate: Issued by R10 on December 14th 2024. Valid for: 3 months.

This is the only time fidelity-test.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1	182.160.12.148 182.160.12.148		136907 (HWCLOUDS-...) (HWCLOUDS-AS-AP HUAWEI CLOUDS)
1	2

1 182.160.12.148 (Hong Kong, Hong Kong)

ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK)
PTR: ecs-182-160-12-148.compute.hwclouds-dns.com

fidelity-test.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	duckdns.org fidelity-test.duckdns.org	653 KB
1	1

	Domain	Requested by
1	fidelity-test.duckdns.org
1	1

This site contains links to these domains. Also see Links.

Domain
www.fidelity.com
digital.fidelity.com

Subject Issuer	Validity	Valid
fidelity-test.duckdns.org R10	`2024-12-14` - `2025-03-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fidelity-test.duckdns.org/
Frame ID: 996B0B81465E52CEEB738A8AF12ED6B2
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to Fidelity

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

726 kB
Transfer

1105 kB
Size

2
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fidelity.com/

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/security/overview
Title: Security

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/customer-service/need-help-logging-in
Title: FAQs

Search URL Search Domain Scan URL

URL: https://digital.fidelity.com/prgw/digital/login/user-identity
Title: Forgot username or password?

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/open-account/overview
Title: Open an account

Search URL Search Domain Scan URL

URL: https://digital.fidelity.com/prgw/digital/login/user-identity?intent=nur
Title: sign up.

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/customer-service/nfs-statement-financial-condition
Title: National Financial Services LLC Statement of Financial Condition

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/terms-of-use
Title: Terms of usetrue

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/privacy-policy
Title: Privacytrue

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/accessibility/overview
Title: Accessibilitytrue

Search URL Search Domain Scan URL

URL: https://www.fidelity.com/terms-of-use#For
Title: This is for persons in the US onlytrue

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
fidelity-test.duckdns.org/ 1 MB
653 KB 1568ms
494ms Document
text/html 182.160.12.148
HWCLOUDS-AS-AP HU...

General

Check archive.org

Show headers Download Go to

Full URL

https://fidelity-test.duckdns.org/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

182.160.12.148 Hong Kong, Hong Kong, ASN136907 (HWCLOUDS-AS-AP HUAWEI CLOUDS, HK),

Reverse DNS

ecs-182-160-12-148.compute.hwclouds-dns.com

Software

nginx /

Resource Hash

99bef7a85f7f76082075cddfe1e313fc81075924b6f6a06e49a175e923f920ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: public
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 14 Dec 2024 08:33:56 GMT
last-modified: Sat, 14 Dec 2024 08:33:52 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 38 KB
38 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fidelity-test.duckdns.org
Referer

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 35 KB
35 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fidelity-test.duckdns.org
Referer

Response headers

Content-Type: font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			fidelity-test.duckdns.org/	1970-01-21 01:42:52	Name: XSRF-TOKEN Value: eyJpdiI6IlRnYU83WXRtMTlOb0tsb1V3anZMWVE9PSIsInZhbHVlIjoidW9Vb1hLYXBSTVoweWUvYkhnTnlEL3lQdGFIeEFJQU5UU1pQNmtxN0x3OUN5REdPTGs4cE1IZUZkRmV2RkJjenBwV2FuRHRkWWN6Nm1qNnFqMmVYc3JSbHUyRm1ZOVNBVXVqZlFSanFVQkhyOXhDZWcrTFhBWFdoSEM2c05BRngiLCJtYWMiOiIwN2VhNzg2ODBiOTE2ZGVjNjkxODZkNjAxNmIyNjNjYzUwNjVjMTBlMzNiNmEyNzRkYjZiNDMwOTFjODI5MmY1IiwidGFnIjoiIn0%3D
			fidelity-test.duckdns.org/	1970-01-21 01:42:52	Name: laravel_session Value: eyJpdiI6IjZOZCtRVTAwMGFiZk9FWjRvei90blE9PSIsInZhbHVlIjoiRG9ROThMNUpKMUp6bHEzakV2OWRJcDd2NFZwZloyS0FHbzdxYktodTdFYUh2VjBXRG1FSWQ2aVRmYTg1K1oyKzYvTy9iNDBuOVNqOVdtV1N5L3lxRmpkTjdXZ0ZQRFlGa3BCTEUwNXhqY1NucWN3Z1E1elhmdUk3aXZBeDNlQkciLCJtYWMiOiI0ZGE0NGI3ZGM2OWNlYWYzYTM0YzdjNDYzYjM1YjcxMWJiMTlhMzg4N2VhMjJiMDZmMzU3OThmZjRkNTdkOTU1IiwidGFnIjoiIn0%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: about:blank Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fidelity-test.duckdns.org
182.160.12.148
261810b2a67fd59ab5e89584961e97a6ba419d5db0811ee5baf8b98affb49aa0
4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8
67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487
7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe
99bef7a85f7f76082075cddfe1e313fc81075924b6f6a06e49a175e923f920ae

fidelity-test.duckdns.org Open in urlscan Pro 182.160.12.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

726 kBTransfer

1105 kBSize

2 Cookies

11 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

fidelity-test.duckdns.org Open in urlscan Pro
182.160.12.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

726 kB
Transfer

1105 kB
Size

2
Cookies

1 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!