fidelity-payment.com Open in urlscan Pro
80.94.92.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://fidelity-payment.com/
Submission: On July 08 via api (July 8th 2023, 11:26:11 am UTC) from US — Scanned from DE

Summary HTTP 6 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 80.94.92.29, located in Romania and belongs to UNMANAGED-DEDICATED-SERVERS, GB. The main domain is fidelity-payment.com.

This is the only time fidelity-payment.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	80.94.92.29 80.94.92.29		47890 (UNMANAGED...) (UNMANAGED-DEDICATED-SERVERS)
6	2

6 80.94.92.29 (Romania)

ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB)

fidelity-payment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	fidelity-payment.com fidelity-payment.com	210 KB
6	1

	Domain	Requested by
6	fidelity-payment.com	fidelity-payment.com
6	1

This site contains links to these domains. Also see Links.

Domain
www.fidelity.com
login.fidelity.com
personal.fidelity.com
scs.fidelity.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://fidelity-payment.com/
Frame ID: 75E8A256938F065E309B43A475EE530A
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In to Fidelity Investments

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

283 kB
Transfer

597 kB
Size

0
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: http://www.fidelity.com/

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/pages/retail/html/include/RememberIDInfo.html
Title: Remember me

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/Fas/Fidelity/RtlCust/IdentifyUser/Init
Title: Having Trouble with Your Username or Password?

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/accounts/services/content/pinchange2.shtml.cvsr?refhp=c
Title: Frequently Asked Questions

Search URL Search Domain Scan URL

URL: http://www.fidelity.com/security/overview
Title: Online Security Opens in a new window.

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/Fas/Fidelity/NBPart/Login/Init?ISPBypass=true
Title: Log in to your employee benefits on NetBenefits®

Search URL Search Domain Scan URL

URL: https://login.fidelity.com/ftgw/Fas/Fidelity/CgfCust/Login/Init
Title: Log in to Fidelity CharitableSM

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/misc/legal/sofclegal.html.cvsr
Title: National Financial Services LLC Statement of Financial Condition

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/accounts/services/findanswer/content/security.shtml.cvsr
Title: browser encryption.

Search URL Search Domain Scan URL

URL: https://scs.fidelity.com/webxpress/electronic_services_agreement.shtml
Title: Electronic Services Customer Agreement

Search URL Search Domain Scan URL

URL: https://scs.fidelity.com/webxpress/license_agreement.html
Title: License Agreement.

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/misc/legal/index_legal.shtml
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/accounts/services/findanswer/content/index_privacy.shtml
Title: Privacy

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/accounts/services/findanswer/content/index_security.shtml
Title: Security

Search URL Search Domain Scan URL

URL: http://personal.fidelity.com/accounts/services/index_sitemap.html
Title: Site Map

Search URL Search Domain Scan URL

URL: http://www.fidelity.com/terms-of-use
Title: This is for persons in the U.S. only.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response fidelity-payment.com/	383 KB 178 KB	189ms 70ms	Document text/html	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/ Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `94b520542569a56be2e4ae37e86672093e61d593e32d6402e6a9a322eb6c3080` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 08 Jul 2023 11:26:03 GMT ETag W/"5fd79-5ffe8dfb38e4e" Keep-Alive timeout=60 Last-Modified Fri, 07 Jul 2023 17:22:14 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	rl-style.css fidelity-payment.com/rl-style/	215 B 542 B	124ms 61ms	Stylesheet text/css	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/rl-style/rl-style.css Requested by Host: fidelity-payment.com URL: http://fidelity-payment.com/ Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `3dc44b01b3d25063f221faf45480db463ad40fe1fe9fc5fbb372621c87edb68d` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 11:26:03 GMT Last-Modified Fri, 07 Jul 2023 17:22:16 GMT Server nginx ETag "64a849c8-d7" Content-Type text/css Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 215 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	0 0		Stylesheet text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2a1c09732cb11b016693c838b9797d112b5969e8207c79c23c8d39f00eb6a2f0` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5d8e46e32462b3344646da8e0c7388ac17ca1a00c9d4d7b47332c557b14403e1` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	200 OK	spinner.css fidelity-payment.com/rl-style/	868 B 765 B	65ms 65ms	Stylesheet text/css	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/rl-style/spinner.css Requested by Host: fidelity-payment.com URL: http://fidelity-payment.com/rl-style/rl-style.css Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `d2925d044cad5e809d3acc8468b871c09d4fa4b42149965505852b8f2a4d32b8` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/rl-style/rl-style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 11:26:03 GMT Content-Encoding gzip Last-Modified Fri, 07 Jul 2023 17:22:16 GMT Server nginx ETag W/"64a849c8-364" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	90 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db1a93fdbe73a47896e343a3238c85fdc0c369a3cc2b49fdf3262292ef550fb2` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01f4e8149dbee04b647282848b4bee36da2c46ef8698d3a159c2cc506826cb6e` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	559 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a911032f62a182b5d9d0a70063d6f5ca07b84a30a218acd5b26cc431c74e6627` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	38 KB 38 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe` Request headers Referer http://fidelity-payment.com/ Origin http://fidelity-payment.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	35 KB 35 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487` Request headers Referer http://fidelity-payment.com/ Origin http://fidelity-payment.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type binary/octet-stream
GET H/1.1	200 OK	socket.io.js Show response fidelity-payment.com/socket.io-client-4.6.0/dist/	122 KB 28 KB	81ms 81ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/socket.io-client-4.6.0/dist/socket.io.js Requested by Host: fidelity-payment.com URL: http://fidelity-payment.com/ Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `f89f5c4c50e3c6084ff33ce5b865de73139e4945ad01a173addac9db1cafa244` Request headers accept-language de-DE,de;q=0.9 Referer http://fidelity-payment.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 11:26:03 GMT Content-Encoding gzip Last-Modified Fri, 07 Jul 2023 17:22:20 GMT Server nginx ETag W/"64a849cc-1e610" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	rl-script.js Show response fidelity-payment.com/rl-script/	11 KB 3 KB	80ms 80ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/rl-script/rl-script.js Requested by Host: fidelity-payment.com URL: http://fidelity-payment.com/ Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `69a35cc7304884c1912669b23b127241e53e1f83c957548d443077400d3c8a99` Request headers Referer http://fidelity-payment.com/ Origin http://fidelity-payment.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 11:26:03 GMT Content-Encoding gzip Last-Modified Fri, 07 Jul 2023 17:22:15 GMT Server nginx ETag W/"64a849c7-2bd0" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	config.js Show response fidelity-payment.com/rl-script/	332 B 674 B	64ms 63ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL http://fidelity-payment.com/rl-script/config.js Requested by Host: fidelity-payment.com URL: http://fidelity-payment.com/ Protocol HTTP/1.1 Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `58825d70f0ea6934c5b335753fb1a92e09e4a484033cd1fa96b472375d0bc64c` Request headers Referer http://fidelity-payment.com/rl-script/rl-script.js Origin http://fidelity-payment.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sat, 08 Jul 2023 11:26:03 GMT Last-Modified Fri, 07 Jul 2023 17:22:15 GMT Server nginx ETag "64a849c7-14c" Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 332 Expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| io

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fidelity-payment.com
80.94.92.29
01f4e8149dbee04b647282848b4bee36da2c46ef8698d3a159c2cc506826cb6e
2a1c09732cb11b016693c838b9797d112b5969e8207c79c23c8d39f00eb6a2f0
3dc44b01b3d25063f221faf45480db463ad40fe1fe9fc5fbb372621c87edb68d
58825d70f0ea6934c5b335753fb1a92e09e4a484033cd1fa96b472375d0bc64c
5d8e46e32462b3344646da8e0c7388ac17ca1a00c9d4d7b47332c557b14403e1
67c80d56758cda1bb5bec77917aaf74c32006a0bc09a7dd164c556de2c754487
69a35cc7304884c1912669b23b127241e53e1f83c957548d443077400d3c8a99
7a407e54294c6ef2fe14317f6653ff26f73749e20d8c8e53a4016f822a5024fe
94b520542569a56be2e4ae37e86672093e61d593e32d6402e6a9a322eb6c3080
a911032f62a182b5d9d0a70063d6f5ca07b84a30a218acd5b26cc431c74e6627
d2925d044cad5e809d3acc8468b871c09d4fa4b42149965505852b8f2a4d32b8
db1a93fdbe73a47896e343a3238c85fdc0c369a3cc2b49fdf3262292ef550fb2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f89f5c4c50e3c6084ff33ce5b865de73139e4945ad01a173addac9db1cafa244

fidelity-payment.com Open in urlscan Pro 80.94.92.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

283 kBTransfer

597 kBSize

0 Cookies

16 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

fidelity-payment.com Open in urlscan Pro
80.94.92.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

283 kB
Transfer

597 kB
Size

0
Cookies

6 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!