secure0-fidelit00.info

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3036::6815:5962, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure0-fidelit00.info.
TLS certificate: Issued by WE1 on September 24th 2024. Valid for: 3 months.

This is the only time secure0-fidelit00.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 8	2606:4700:303... 2606:4700:3036::6815:5962		13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	1

8 2606:4700:3036::6815:5962 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

secure0-fidelit00.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	secure0-fidelit00.info 1 redirects secure0-fidelit00.info	92 KB
7	1

	Domain	Requested by
8	secure0-fidelit00.info	1 redirects secure0-fidelit00.info
7	1

This site contains no links.

Subject Issuer	Validity	Valid
secure0-fidelit00.info WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure0-fidelit00.info/auth/login
Frame ID: BD89A686A38DDEA3AEF8EFF450BF8241
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in

Page URL History Show full URLs

https://secure0-fidelit00.info/ HTTP 302
https://secure0-fidelit00.info/auth/login Page URL

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

91 kB
Transfer

147 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secure0-fidelit00.info/ HTTP 302
https://secure0-fidelit00.info/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request login Show response secure0-fidelit00.info/auth/ Redirect Chain https://secure0-fidelit00.info/ https://secure0-fidelit00.info/auth/login	34 KB 5 KB	130ms 130ms	Document text/html	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/auth/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `32e8438c8f1bd2d53e7cb61a159789e9c69f8cf6bfbf36b664c5dc0f62515d11` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8c8196a9aa92424b-EWR content-encoding br content-type text/html; charset=utf-8 date Tue, 24 Sep 2024 09:01:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0l1fxxFpuIH9xrNnFlZXFcR0gTlksqmUHnrSaAYYQPL9wo0PolmPwiRYOj%2FQNPmnwnnNiKNiKCCuEkk4SdapW4lWAIfHBhuRtMloEGkoMCL3AibE4u2w%2Bp5z%2F8wW4hnA3lWglbPb5PyeC0RipYDt4%2BrGIlAP"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" x-powered-by Express x-request-id 8efb4339-06bc-4c26-8e5d-7b87f89947ac Redirect headers cf-cache-status DYNAMIC cf-ray 8c8196a8299c424b-EWR content-type text/html; charset=utf-8 date Tue, 24 Sep 2024 09:01:12 GMT location /auth/login nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b9PfdNzJD3E3ozeEauKgvXEWu%2BBdXTt7aN3TA4cJcKF3ud81sihDMldmp5oQOy6wOF7S1WbO6bPjAXuUucS7jw1cEwl6Ye5bYVYBMQIE0gvpwXXgTi1g2RWnVJFJNyh3BTQfPMj2h1Vb0dj7FTtVY21Mxl%2BU"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" vary Accept x-powered-by Express x-request-id 94d62fb5-aafb-4e83-bc50-63de4b04534f
GET H3	200	speculation secure0-fidelit00.info/cdn-cgi/	128 B 569 B	14ms 14ms	Other application/speculationrules+json	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://secure0-fidelit00.info Referer https://secure0-fidelit00.info/auth/login Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7M%2F%2B%2FwJ49Elyf6Jgx9%2B2ezg8qpMh4CbYe5d2JGTOxkZCAyHuDVql%2FljTCxfwfMPxMAyrRYlNz7DzJ1yreUcS5RfFxdE6G%2Fv7gYRc4aw5irunx0cVuNiorCft1FvYS42SAxKK%2FPSuhU9QYsI%2FCF%2FlFJRkLsEY"}],"group":"cf-nel","max_age":604800} cf-ray 8c8196aa7b7f424b-EWR access-control-allow-origin https://secure0-fidelit00.info content-length 128 date Tue, 24 Sep 2024 09:01:12 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H3	200	main.css secure0-fidelit00.info/css/	22 KB 5 KB	208ms 207ms	Stylesheet text/css	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/css/main.css Requested by Host: secure0-fidelit00.info URL: https://secure0-fidelit00.info/auth/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `8d9e833012dc7a2b421046c002f3fcf8f3a114985c016ad7383c909b26a540d3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://secure0-fidelit00.info/auth/login Response headers server cloudflare x-request-id 9de97b32-d42f-45a4-98de-3969fbf1f4f1 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"582d-1921ff81cd8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aP2elVRmz2hQdnmy5NnxEeTxZbPmDW6KvXo%2BFybp4e3udtXpTQF42ETMz8JWAx3XVuza4kJIghALjGqs4up9CFU0Mq20t3fzFJd%2F4IOr0lNQY1Q7UinWZ6zE4z9H9l4cYGGcWm6fXJGsC8u98apc%2Bbr0ukhE"}],"group":"cf-nel","max_age":604800} cf-ray 8c8196aa8b81424b-EWR date Tue, 24 Sep 2024 09:01:12 GMT content-type text/css; charset=UTF-8 x-powered-by Express vary Accept-Encoding last-modified Mon, 23 Sep 2024 17:40:07 GMT
GET H3	200	Fidel-wordmark.svg secure0-fidelit00.info/img/	3 KB 2 KB	231ms 231ms	Image image/svg+xml	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://secure0-fidelit00.info/img/Fidel-wordmark.svg Requested by Host: secure0-fidelit00.info URL: https://secure0-fidelit00.info/auth/login Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://secure0-fidelit00.info/auth/login Response headers server cloudflare x-request-id bd1cb661-3562-41b1-895a-1f4503a0bd3c cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"c55-1921ff81cd8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmHBCdf0YNeHhw%2BUdsrR1pqbeu7VqXGIVlKVN2CBDBy1egpvs0O1aaNw3KqJ%2F5rH19S0PLcwByxyUcIgz0KlJSFssg4wEqdNdapbJJpeaf%2BqmbxsS7GeKPrtREtdQGTiqRrgMyXQR0ivjMXbOmaShKD8rWja"}],"group":"cf-nel","max_age":604800} cf-ray 8c8196aa8b82424b-EWR date Tue, 24 Sep 2024 09:01:12 GMT content-type image/svg+xml x-powered-by Express vary Accept-Encoding last-modified Mon, 23 Sep 2024 17:40:07 GMT
GET H3	200	FidelSans-Regular.woff2 secure0-fidelit00.info/fonts/	38 KB 38 KB	236ms 235ms	Font font/woff2	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/fonts/FidelSans-Regular.woff2 Requested by Host: secure0-fidelit00.info URL: https://secure0-fidelit00.info/css/main.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://secure0-fidelit00.info Referer https://secure0-fidelit00.info/css/main.css Response headers server cloudflare x-request-id 973fc80a-5c6e-47bc-9b35-67f13bf16624 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status REVALIDATED etag W/"96d4-1921ff81cd8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iUEDWeMnBoQ1aLPXC9L4Zq%2FsfLIMyOitV6mYfqZw5d6%2FijXDhtxeE1p%2BJkTX13OZYMu5Juv4bjCi2gqk3Dm9fsBicY8LLx47WZtQkz7DXwdNr03JMegF25zveBQOdBLzA%2FPZVhfT1RlcnE68Eue%2FOvsujV5u"}],"group":"cf-nel","max_age":604800} cf-ray 8c8196abfc51424b-EWR accept-ranges bytes content-length 38612 date Tue, 24 Sep 2024 09:01:13 GMT content-type font/woff2 x-powered-by Express vary Accept-Encoding last-modified Mon, 23 Sep 2024 17:40:07 GMT
GET H3	200	FidelSans-Bold.woff2 secure0-fidelit00.info/fonts/	35 KB 36 KB	299ms 298ms	Font font/woff2	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/fonts/FidelSans-Bold.woff2 Requested by Host: secure0-fidelit00.info URL: https://secure0-fidelit00.info/css/main.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://secure0-fidelit00.info Referer https://secure0-fidelit00.info/css/main.css Response headers x-request-id 1417dab3-e719-49c4-a1ea-0ab1d020aa60 cf-cache-status REVALIDATED etag W/"8be4-1921ff81cd8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqDsB4N7nttK%2ByYtKqNhMtDvq7eik7ziw%2BQmEJ0l3pIsvKwPfwv6W0ZjM1Fj7VkY7qbtuToSw7lp39G4b4fiaBg14VmZlLzZWHkv0L75ZmjjeneX4zah46HgA1zWFq7h5riadTDyOuryNXEzH%2BiYYRDPQS9f"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 date Tue, 24 Sep 2024 09:01:13 GMT content-type font/woff2 vary Accept-Encoding last-modified Mon, 23 Sep 2024 17:40:07 GMT cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8c8196abfc52424b-EWR accept-ranges bytes content-length 35812 x-powered-by Express server cloudflare
GET H3	200	favicon.ico secure0-fidelit00.info/img/	15 KB 5 KB	235ms 234ms	Other image/x-icon	2606:4700:3036::6815:5962 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure0-fidelit00.info/img/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:5962 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `2a252a3b62e775f04b35745157e51c0ab3f00bf2235e0c1f062600782d98ca85` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://secure0-fidelit00.info/auth/login Response headers server cloudflare x-request-id f4d14520-5244-43a4-baab-01d048754177 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status REVALIDATED etag W/"3aee-1921ff81cd8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qn44s5B7neDyEiHf5LA5tttk392XAVbvKk%2BhboVTiheR%2Bp4j5QVGJ4fS3Imb9JEyN26biSkD6UurcS3GZRmPOt4q3YE%2FUo3rab9FW4VlGmUcmBYlILeghnLSFZ%2FQLKGQJYdE4k52LHwBbfmXh2c5kD3hATX"}],"group":"cf-nel","max_age":604800} cf-ray 8c8196adfdc7424b-EWR date Tue, 24 Sep 2024 09:01:13 GMT content-type image/x-icon x-powered-by Express vary Accept-Encoding last-modified Mon, 23 Sep 2024 17:40:07 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure0-fidelit00.info
2606:4700:3036::6815:5962
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
2a252a3b62e775f04b35745157e51c0ab3f00bf2235e0c1f062600782d98ca85
32e8438c8f1bd2d53e7cb61a159789e9c69f8cf6bfbf36b664c5dc0f62515d11
4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8
67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487
7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe
8d9e833012dc7a2b421046c002f3fcf8f3a114985c016ad7383c909b26a540d3

secure0-fidelit00.info Open in urlscan Pro 2606:4700:3036::6815:5962 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

7 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

91 kBTransfer

147 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

secure0-fidelit00.info Open in urlscan Pro
2606:4700:3036::6815:5962 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

91 kB
Transfer

147 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!