{"report_id":"3c1292aa-b862-4467-af56-2b63c138ccef","version":6,"status":"done","tags":[],"date":"2026-04-10T14:33:47Z","url":{"schema":"http","addr":"fidelity-investments-login.at","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"fidelity-investments-login.at/","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"title":"Fidelity Investments Login | Secure Access to Your Portfolio","dom":{"size":61954,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1268)","md5":"693db147af57dfada54a775165f960c8","sha1":"94f17ed8ad57b9e5081240f98d29c3fee235b3e4","sha256":"cf9af7da781b8c225bc771893ed5471aa80b60c11f670bc29a8175d61186a998","sha512":"2198e37070836913d61151f352bd2bbf3a16031a1561944eb10648c8585584d8bcfcc2ce984fc78cb1429de295e2af51a79bab7fb52635a0f687de94012c5ffb","ssdeep":"768:crXKGgJIazxjkINRMcGhPs+tYFUpK6pFyHV4aZd:cbKGgJIazxjkIAEMKkU14aZd","tlshash":"925363665af310696953e1682ff7171a2739d043a94bcd283f9c23888fc79d8dd63788","dom_hash":"domhash226dec8ffa4829fd262ac36b4dbe5920","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fidelity-investments-login.at","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":0,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-15T14:33:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"fidelity-investments-login.at","ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-10T13:53:08.090853Z","last_seen":"2026-04-10T13:53:08.090853Z","alert_count":42,"request_count":7,"received_data":1558785,"sent_data":4447,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fidelity-investments-login.at/","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"7cb0ca879f524bd9c2a3abd3cbe6c4f8","sha1":"df514cece977b56b3b6948e37ca5251bade192bc","sha256":"5aa63fa53ab91ed3eb489bf23ee6421abc30505de4a5e11d97de075a0a09722d","sha512":"7c3e912c4b0a9ae2f297f4b998db182deb1cf9ddc0cfebac8d2de0d361ac845d9fa46cca138721e0e543c17c153c9a9914392765ac1430d9025fe2d26c6b5a94","ssdeep":"","tlshash":"49d097eb29f80a3007cc42bfa026c78a3e211048e481fc081528a88029cce220ceca82","size":233,"data":"","first_seen":"2026-04-10T13:53:12.641227Z","last_seen":"2026-04-10T14:33:48.664591Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"34fd8e05af0560a05afad50fab1b48d7","sha1":"95bc575733305f08372a376c89ca6c56c8fe4b90","sha256":"52ea0754acdcb30eae58de7f4e893642b804c84e1acbafe32b6e3a0dabffbc6a","sha512":"d09a6a366fccd4b249d488983b6a4e0e2a8751f7375625680a0424f0b93dbfbf04146b242b0c15d5ac7f53ebd2c504130fcd59a6a6c15ec7747efbbd7c70ff58","ssdeep":"","tlshash":"e4719f2a76f2143489af71bfa78f974d393120033406ca483f1c86815fa5dd1a6abbdd","size":3682,"data":"","first_seen":"2026-04-10T13:53:12.642511Z","last_seen":"2026-04-10T14:33:48.66612Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fidelity-investments-login.at/logo-icon.png","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /logo-icon.png HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fidelity-investments-login.at/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 1449\r\nlast-modified: Mon, 24 Nov 2025 11:50:23 GMT\r\netag: \"6924467f-5a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1449,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit colormap, non-interlaced","md5":"921ebc3f6bfe29dc2dd16713dfa44fe2","sha1":"39d1836f9a11758777120207412e3793ad94cf8b","sha256":"be696c62e0e0a9e44b5eac251db0e80f53e3c07779ec1c19a6dea3e62bae1697","sha512":"3f2eed1328c512db9e49885e953ecd53c827fcacb50c6bba7ea4fa68c841d365b7a3a8454984aea062f2551a5a2433fc2aac2469686f8308a8a0ef02fcf10972","ssdeep":"","tlshash":"3231d87b63a18862d270a500d78a611d89795da4f72c941d4a833b099d7ab9cc388723","first_seen":"2026-04-10T13:53:12.637727Z","last_seen":"2026-04-10T14:33:48.649529Z","times_seen":2,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/visuals/investments_b1f2b_1.jpeg","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /visuals/investments_b1f2b_1.jpeg HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fidelity-investments-login.at/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 176143\r\nlast-modified: Mon, 24 Nov 2025 11:50:23 GMT\r\netag: \"6924467f-2b00f\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":176143,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 77\", baseline, precision 8, 2000x1333, components 3","md5":"312d0dec917044de38ab6d2f68924ba0","sha1":"1c94a0ac96d43a3042ae54cc21da56457fe6bdb0","sha256":"a57b8f8a5cf029471555be854f7c183613e95af3ab60860a5f73863e262f5d6a","sha512":"a50f32d9630ba9f58e791094feaeea3a86216338a19eda870d098b7a82f6b997fde601d74bc17006765c5b00d30192891cefdfe0fb4f866864be6604052b007a","ssdeep":"3072:zO8s0zVFqMKHZCVC/opFlNzmP2Mav9pZRcsCXFjPT6daOT9lNES:ts0ZFqrsPpn8taX7csSUdJT9lNh","tlshash":"bb041257cc22e0d7d63c469037b78f42ef176d7462801ef2df39aa5a3cd67a60992a04","first_seen":"2026-04-10T13:53:12.62556Z","last_seen":"2026-04-10T14:33:48.651808Z","times_seen":2,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/media/loop-yN0.mp4","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /media/loop-yN0.mp4 HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nReferer: https://fidelity-investments-login.at/\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 1133416\r\nlast-modified: Mon, 24 Nov 2025 11:50:25 GMT\r\netag: \"69244681-114b68\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\ncontent-range: bytes 0-1133415/1133416\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1133416,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"9c99e41c6c8a4bb7dd6a574a3888b96b","sha1":"5629ed433ec9d39c2d8f91be99b868a1e209d1d2","sha256":"18fd7a272682eb212a614423428d6852f3ab7f3307d9ca05317602ad367213e2","sha512":"2fefefa89292093d085edd576596d2cca87e9c3303cade858ced2e8dd6c513cfcc4cbb2d77f5758e12cee98bf103f20c373ff0bde1355d302a587736a6b3a279","ssdeep":"24576:DvNeosYCqBEsJfCll0+YNOOqauS/pCgfFgummi5+O7mE:7UFmXfWK3NJBuS/Egf6ummiN7mE","tlshash":"532523997bc8f8a7e440a774f1e0578336b6f7b1dd071c0ba1af8648ac486cd4b93166","first_seen":"2026-04-10T13:53:12.632788Z","last_seen":"2026-04-10T14:33:48.653446Z","times_seen":2,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-10T14:33:24.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; path=/\ne3b0c4_391=1g8lj973539bu1; expires=Sat, 11-Apr-2026 13:52:44 GMT; Max-Age=83959; path=/; domain=.fidelity-investments-login.at; HttpOnly\n_token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; expires=Sat, 11-Apr-2026 13:52:44 GMT; Max-Age=83959; path=/; domain=.fidelity-investments-login.at; HttpOnly\n_subid=1sjos4f.187.5ieumq; expires=Sat, 11-Apr-2026 13:52:44 GMT; Max-Age=83959; path=/; domain=.fidelity-investments-login.at; HttpOnly\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62344,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1239)","md5":"86628d4374e4c4dab46e565bae8cd8e1","sha1":"9b11fa91d2f7b079eb158b105317168dc7276413","sha256":"82a4a3f2c28411c8ade07e9a6e0c10256d5a296b2aaf34dfae0e77f34e311b21","sha512":"c6103fc117c138f557286c686342b1361db3a6848383d7310c3492d156f39956ffa48925fe17b679a271d9c6ec45ebb18f94a7ce8bda08cb8c901c3d5de954d5","ssdeep":"768:EnietBv/JzO4k0NRMchhPL+tYFUpK6pFyHV4aZL:EietBv/JzO4k0ACMKkU14aZL","tlshash":"475354665af310696953e1682ff7171a3739d043a94bcd283e9c23888fc79d8dd63788","first_seen":"2026-04-10T13:53:12.639822Z","last_seen":"2026-04-10T14:33:48.654923Z","times_seen":2,"resource_available":true,"data":null}},"time_used":452,"timings":{"blocked":105,"dns":23,"connect":37,"send":0,"wait":242,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/media/vector-bg-2025-11-06_12-59-320.svg","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /media/vector-bg-2025-11-06_12-59-320.svg HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fidelity-investments-login.at/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 38689\r\nlast-modified: Mon, 24 Nov 2025 11:50:27 GMT\r\netag: \"69244683-9721\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38689,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e3a0a88b24183f71851ad4acffd9dc3e","sha1":"7462949e04308bf69b76483b8fe48d8c21281749","sha256":"b0da0f0d8854907517e9a6455d93c9262a110bc53611abcb3f21d54a81d61832","sha512":"0e32c9e277d512d8da1dc04ba6b503bb5091b4f02e41b94c3ddaca7cc3715d704240e915b7e7ce4299465db86201ba524ea2ea8b645084d5d6df692964a8f1be","ssdeep":"768:EZKC4zC/E0C6z0HrHKeBw9K0wda+te/q74bNb9:EZqqpz0Hdwnbz","tlshash":"5503b47f13146bbbd682cf548f90509936e2d4cab2b991dcdb639b169c05df380b8e21","first_seen":"2026-04-10T13:53:12.619932Z","last_seen":"2026-04-10T14:33:48.656879Z","times_seen":2,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/media/pattern-bg-1920x10800.webp","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /media/pattern-bg-1920x10800.webp HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fidelity-investments-login.at/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: image/webp\r\ncontent-length: 140312\r\nlast-modified: Mon, 24 Nov 2025 11:50:26 GMT\r\netag: \"69244682-22418\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140312,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1285, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dc94ac3078fd0916f28a716218e5a506","sha1":"c78b21663fb7a9cf3c859f7d39698a3456cedbb4","sha256":"c54ab4ef116385f6808c983b8642171c85c8959a577769c0a875f6640f20a13f","sha512":"3692488a24685191be3a15a7e061be9543bd02a720cba2df4e480cfb5902e16fdfa1eeffd96b409587ee87c4881f5154c1c70ffb0a8599ce59b7e1596f9c1cf0","ssdeep":"3072:nxIifCJof+EUt5BITNWelu0Ls+CaAHFSmOaDA/+8n6VRf:nqJo24YelRLsFHFSFngRf","tlshash":"5dd313fa6aa6f543c8b7b540030e3652d2116d56381b9980fd423c3e9e7fb8b51bb641","first_seen":"2026-04-10T13:53:12.631016Z","last_seen":"2026-04-10T14:33:48.659831Z","times_seen":2,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":36,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fidelity-investments-login.at/logo-icon.png","fqdn":"fidelity-investments-login.at","domain":"fidelity-investments-login.at","tld":"at"},"ip":{"addr":"95.129.234.38","port":443,"asn":57724,"as":"Ddos-guard Ltd","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fidelity-investments-login.at/","date":"2026-04-10T14:33:25.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fidelity-investments-login.at","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 17:54:51 GMT","end":"Thu, 25 Jun 2026 17:54:50 GMT"},"fingerprint":{"sha1":"23:32:DD:A0:D1:64:63:11:C2:C9:70:93:D1:C7:2C:87:56:F2:78:44","sha256":"E5:63:27:CF:99:57:DD:8F:AB:72:A7:BC:E5:9A:D1:37:AA:C5:35:DF:B2:A6:5F:ED:11:B0:79:B5:6E:58:42:6C"}}},"request":{"raw":"GET /logo-icon.png HTTP/1.1\r\nHost: fidelity-investments-login.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fidelity-investments-login.at/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=fm0h3evrmo91uqn9bd6j9bi7ac; e3b0c4_391=1g8lj973539bu1; _token=1g8lj973539bu1.1775915564.2.19e96c6de8dc00bc347ff4c50e991488; _subid=1sjos4f.187.5ieumq\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Apr 2026 14:33:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 1449\r\nlast-modified: Mon, 24 Nov 2025 11:50:23 GMT\r\netag: \"6924467f-5a9\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1449,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit colormap, non-interlaced","md5":"921ebc3f6bfe29dc2dd16713dfa44fe2","sha1":"39d1836f9a11758777120207412e3793ad94cf8b","sha256":"be696c62e0e0a9e44b5eac251db0e80f53e3c07779ec1c19a6dea3e62bae1697","sha512":"3f2eed1328c512db9e49885e953ecd53c827fcacb50c6bba7ea4fa68c841d365b7a3a8454984aea062f2551a5a2433fc2aac2469686f8308a8a0ef02fcf10972","ssdeep":"","tlshash":"3231d87b63a18862d270a500d78a611d89795da4f72c941d4a833b099d7ab9cc388723","first_seen":"2026-04-10T13:53:12.637727Z","last_seen":"2026-04-10T14:33:48.649529Z","times_seen":2,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-10","alert":"Phishing Block","trigger":"fidelity-investments-login.at","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-10","alert":"Sinkholed","trigger":"fidelity-investments-login.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}