Fidelity-themed phishing campaign observed November 2024
Techniques & Tactics
- Use of CloudFlare anti-bot features to prevent automated access
- Use of server-based User-Agent checks to discourage access by non-phone devices
- Use of Javascript-based checks on viewport dimensions and User-Agent to discourage access by non-phone devices
- Phishing
Fidelity: login detected if this wasn't you view https://is[.]gd/<redacted>
- is[.]gd
- https://www.virustotal.com/gui/domain/is.gd/details
- This is strictly a URL shortener, but VirusTotal indicates past abuse.
- verify-digitalfidelity[.]us
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
<meta name="robots" content="noindex, nofollow" />
<!-- Start: Ad code and script tags for header of page -->
<!-- End: Ad code and script tags for header of page -->
<script type="text/javascript" charset="utf-8" data-cfasync="false">eval(decodeURIComponent(escape('\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x61\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x20\x7B\x74\x72\x79\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x21\x77\x69\x6E\x64\x6F\x77\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x7D\x20\x63\x61\x74\x63\x68\x28\x65\x29\x20\x7B\x72\x65\x74\x75\x72\x6E\x20\x21\x31\x7D\x20\x7D\x2C\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x62\x2C\x20\x63\x29\x20\x7B\x61\x28\x29\x20\x3F\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72\x28\x22\x44\x4F\x4D\x43\x6F\x6E\x74\x65\x6E\x74\x4C\x6F\x61\x64\x65\x64\x22\x2C\x20\x62\x2C\x20\x63\x29\x20\x3A\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x61\x74\x74\x61\x63\x68\x45\x76\x65\x6E\x74\x28\x22\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65\x22\x2C\x20\x62\x29\x7D\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x62\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x6E\x6F\x77\x20\x3D\x20\x6E\x65\x77\x20\x44\x61\x74\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x74\x69\x6D\x65\x20\x3D\x20\x6E\x6F\x77\x2E\x67\x65\x74\x54\x69\x6D\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x74\x69\x6D\x65\x20\x2B\x3D\x20\x33\x30\x30\x20\x2A\x20\x31\x30\x30\x30\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x6E\x6F\x77\x2E\x73\x65\x74\x54\x69\x6D\x65\x28\x74\x69\x6D\x65\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x20\x3D\x20\x27\x56\x74\x2D\x6D\x77\x4D\x5A\x70\x37\x77\x35\x37\x47\x4D\x6D\x7A\x53\x74\x43\x76\x4B\x33\x57\x53\x6E\x64\x59\x3D\x44\x30\x70\x4E\x7A\x54\x75\x51\x4D\x2D\x47\x57\x6B\x4F\x42\x68\x2D\x5A\x6D\x38\x32\x33\x68\x51\x70\x79\x34\x27\x20\x2B\x20\x27\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D\x27\x20\x2B\x20\x27\x46\x72\x69\x2C\x20\x32\x32\x2D\x4E\x6F\x76\x2D\x32\x34\x20\x31\x39\x3A\x34\x30\x3A\x31\x39\x20\x47\x4D\x54\x27\x20\x2B\x20\x27\x3B\x20\x70\x61\x74\x68\x3D\x2F\x27\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2F\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x20\x70\x75\x7A\x7A\x6C\x65\x20\x66\x6F\x72\x20\x62\x72\x6F\x77\x73\x65\x72\x20\x74\x6F\x20\x66\x69\x67\x75\x72\x65\x20\x6F\x75\x74\x20\x74\x6F\x20\x67\x65\x74\x20\x61\x6E\x73\x77\x65\x72\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x63\x61\x6C\x6C\x50\x68\x61\x6E\x74\x6F\x6D\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x5F\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x29\x7B\x2F\x2A\x70\x68\x61\x6E\x74\x6F\x6D\x61\x73\x20\x50\x68\x61\x6E\x74\x6F\x6D\x4A\x53\x2D\x62\x61\x73\x65\x64\x20\x77\x65\x62\x20\x70\x65\x72\x66\x20\x6D\x65\x74\x72\x69\x63\x73\x20\x2B\x20\x6D\x6F\x6E\x69\x74\x6F\x72\x69\x6E\x67\x20\x74\x6F\x6F\x6C\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x42\x75\x66\x66\x65\x72\x29\x7B\x2F\x2A\x6E\x6F\x64\x65\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x65\x6D\x69\x74\x29\x7B\x2F\x2A\x63\x6F\x75\x63\x68\x6A\x73\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x73\x70\x61\x77\x6E\x29\x7B\x2F\x2A\x72\x68\x69\x6E\x6F\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x77\x65\x62\x64\x72\x69\x76\x65\x72\x29\x7B\x2F\x2A\x73\x65\x6C\x65\x6E\x69\x75\x6D\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x64\x6F\x6D\x41\x75\x74\x6F\x6D\x61\x74\x69\x6F\x6E\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x64\x6F\x6D\x41\x75\x74\x6F\x6D\x61\x74\x69\x6F\x6E\x43\x6F\x6E\x74\x72\x6F\x6C\x6C\x65\x72\x29\x7B\x2F\x2A\x63\x68\x72\x6F\x6D\x69\x75\x6D\x20\x62\x61\x73\x65\x64\x20\x61\x75\x74\x6F\x6D\x61\x74\x69\x6F\x6E\x20\x64\x72\x69\x76\x65\x72\x2A\x2F\x0A\x69\x66\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x64\x6F\x63\x75\x6D\x65\x6E\x74\x45\x6C\x65\x6D\x65\x6E\x74\x2E\x67\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65\x28\x22\x77\x65\x62\x64\x72\x69\x76\x65\x72\x22\x29\x29\x7B\x0A\x2F\x2A\x69\x66\x28\x6E\x61\x76\x69\x67\x61\x74\x6F\x72\x2E\x75\x73\x65\x72\x41\x67\x65\x6E\x74\x29\x7B\x2A\x2F\x0A\x69\x66\x28\x21\x2F\x62\x6F\x74\x7C\x63\x75\x72\x6C\x7C\x6B\x6F\x64\x69\x7C\x78\x62\x6D\x63\x7C\x77\x67\x65\x74\x7C\x75\x72\x6C\x6C\x69\x62\x7C\x70\x79\x74\x68\x6F\x6E\x7C\x77\x69\x6E\x68\x74\x74\x70\x7C\x68\x74\x74\x72\x61\x63\x6B\x7C\x61\x6C\x65\x78\x61\x7C\x69\x61\x5F\x61\x72\x63\x68\x69\x76\x65\x72\x7C\x66\x61\x63\x65\x62\x6F\x6F\x6B\x7C\x74\x77\x69\x74\x74\x65\x72\x7C\x6C\x69\x6E\x6B\x65\x64\x69\x6E\x7C\x70\x69\x6E\x67\x64\x6F\x6D\x2F\x69\x2E\x74\x65\x73\x74\x28\x6E\x61\x76\x69\x67\x61\x74\x6F\x72\x2E\x75\x73\x65\x72\x41\x67\x65\x6E\x74\x29\x29\x7B\x0A\x2F\x2A\x69\x66\x28\x6E\x61\x76\x69\x67\x61\x74\x6F\x72\x2E\x63\x6F\x6F\x6B\x69\x65\x45\x6E\x61\x62\x6C\x65\x64\x29\x7B\x2A\x2F\x0A\x2F\x2A\x69\x66\x28\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x2E\x6D\x61\x74\x63\x68\x28\x2F\x5E\x28\x3F\x3A\x2E\x2A\x3B\x29\x3F\x5C\x73\x2A\x5B\x30\x2D\x39\x61\x2D\x66\x5D\x7B\x33\x32\x7D\x5C\x73\x2A\x3D\x5C\x73\x2A\x28\x5B\x5E\x3B\x5D\x2B\x29\x28\x3F\x3A\x2E\x2A\x29\x3F\x24\x2F\x29\x29\x7B\x2A\x2F\x2F\x2A\x48\x74\x74\x70\x4F\x6E\x6C\x79\x20\x43\x6F\x6F\x6B\x69\x65\x20\x66\x6C\x61\x67\x73\x20\x70\x72\x65\x76\x65\x6E\x74\x20\x74\x68\x69\x73\x2A\x2F\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x5F\x37\x34\x38\x5F\x39\x37\x30\x34\x3D\x70\x61\x72\x73\x65\x49\x6E\x74\x28\x22\x32\x30\x32\x34\x31\x31\x32\x30\x22\x2C\x20\x31\x30\x29\x20\x2B\x20\x70\x61\x72\x73\x65\x49\x6E\x74\x28\x22\x32\x30\x31\x31\x32\x30\x32\x34\x22\x2C\x20\x31\x30\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2F\x2A\x7D\x2A\x2F\x0A\x2F\x2A\x7D\x2A\x2F\x0A\x7D\x0A\x2F\x2A\x7D\x2A\x2F\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x7D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2F\x2F\x65\x6E\x64\x20\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x20\x70\x75\x7A\x7A\x6C\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x78\x68\x74\x74\x70\x20\x3D\x20\x6E\x65\x77\x20\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x20\x28\x78\x68\x74\x74\x70\x2E\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65\x20\x3D\x3D\x3D\x20\x34\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x6F\x6E\x73\x74\x20\x66\x69\x72\x73\x74\x46\x6F\x72\x6D\x20\x3D\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x28\x27\x66\x6F\x72\x6D\x27\x29\x3B\x0A\x0A\x2F\x2F\x20\x43\x68\x65\x63\x6B\x20\x69\x66\x20\x74\x68\x65\x20\x66\x6F\x72\x6D\x20\x65\x78\x69\x73\x74\x73\x20\x61\x6E\x64\x20\x69\x66\x20\x69\x74\x20\x68\x61\x73\x20\x69\x6E\x70\x75\x74\x20\x65\x6C\x65\x6D\x65\x6E\x74\x73\x0A\x69\x66\x20\x28\x66\x69\x72\x73\x74\x46\x6F\x72\x6D\x29\x20\x7B\x0A\x20\x20\x63\x6F\x6E\x73\x74\x20\x69\x6E\x70\x75\x74\x46\x69\x65\x6C\x64\x73\x20\x3D\x20\x66\x69\x72\x73\x74\x46\x6F\x72\x6D\x2E\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C\x28\x27\x69\x6E\x70\x75\x74\x27\x29\x3B\x0A\x20\x20\x0A\x20\x20\x69\x66\x20\x28\x69\x6E\x70\x75\x74\x46\x69\x65\x6C\x64\x73\x2E\x6C\x65\x6E\x67\x74\x68\x20\x3E\x20\x30\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x66\x6F\x72\x6D\x73\x5B\x30\x5D\x2E\x73\x75\x62\x6D\x69\x74\x28\x29\x3B\x0A\x20\x20\x7D\x20\x65\x6C\x73\x65\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x20\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x61\x73\x68\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x72\x65\x66\x20\x3D\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x72\x65\x66\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x20\x65\x6C\x73\x65\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x0A\x20\x20\x7D\x0A\x7D\x20\x65\x6C\x73\x65\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x20\x28\x21\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x61\x73\x68\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x72\x65\x66\x20\x3D\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x68\x72\x65\x66\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x20\x65\x6C\x73\x65\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x0A\x7D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x6F\x70\x65\x6E\x28\x22\x50\x4F\x53\x54\x22\x2C\x20\x22\x2F\x35\x71\x6C\x58\x76\x33\x34\x39\x34\x35\x33\x36\x35\x34\x33\x34\x32\x32\x33\x34\x36\x36\x34\x65\x35\x34\x31\x32\x34\x22\x2C\x20\x74\x72\x75\x65\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x5A\x6D\x52\x61\x78\x70\x4D\x33\x50\x42\x7A\x64\x45\x47\x62\x6A\x31\x34\x65\x43\x41\x72\x75\x48\x7A\x39\x38\x27\x2C\x20\x5F\x37\x34\x38\x5F\x39\x37\x30\x34\x29\x3B\x20\x2F\x2F\x6D\x61\x6B\x65\x20\x74\x68\x65\x20\x61\x6E\x73\x77\x65\x72\x20\x77\x68\x61\x74\x20\x65\x76\x65\x72\x20\x74\x68\x65\x20\x62\x72\x6F\x77\x73\x65\x72\x20\x66\x69\x67\x75\x72\x65\x73\x20\x69\x74\x20\x6F\x75\x74\x20\x74\x6F\x20\x62\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x77\x69\x74\x68\x27\x2C\x20\x27\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x27\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x54\x69\x6D\x65\x53\x74\x61\x6D\x70\x27\x2C\x20\x27\x27\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x54\x69\x6D\x65\x53\x74\x61\x6D\x70\x2D\x45\x78\x70\x69\x72\x65\x27\x2C\x20\x27\x27\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x54\x69\x6D\x65\x53\x74\x61\x6D\x70\x2D\x43\x6F\x6D\x62\x69\x6E\x61\x74\x69\x6F\x6E\x27\x2C\x20\x27\x27\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x54\x79\x70\x65\x27\x2C\x20\x27\x47\x45\x54\x27\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x58\x2D\x52\x65\x71\x75\x65\x73\x74\x65\x64\x2D\x54\x79\x70\x65\x2D\x43\x6F\x6D\x62\x69\x6E\x61\x74\x69\x6F\x6E\x27\x2C\x20\x27\x47\x45\x54\x27\x29\x3B\x20\x2F\x2F\x45\x6E\x63\x72\x79\x70\x74\x65\x64\x20\x66\x6F\x72\x20\x74\x6F\x64\x61\x79\x73\x20\x64\x61\x74\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x77\x69\x74\x68\x43\x72\x65\x64\x65\x6E\x74\x69\x61\x6C\x73\x20\x3D\x20\x74\x72\x75\x65\x3B\x0A\x76\x61\x72\x20\x73\x77\x2C\x20\x73\x68\x2C\x20\x77\x77\x2C\x20\x77\x68\x2C\x20\x76\x3B\x0A\x73\x77\x20\x3D\x20\x73\x63\x72\x65\x65\x6E\x2E\x77\x69\x64\x74\x68\x3B\x0A\x73\x68\x20\x3D\x20\x73\x63\x72\x65\x65\x6E\x2E\x68\x65\x69\x67\x68\x74\x3B\x0A\x77\x77\x20\x3D\x20\x77\x69\x6E\x64\x6F\x77\x2E\x69\x6E\x6E\x65\x72\x57\x69\x64\x74\x68\x20\x7C\x7C\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x64\x6F\x63\x75\x6D\x65\x6E\x74\x45\x6C\x65\x6D\x65\x6E\x74\x2E\x63\x6C\x69\x65\x6E\x74\x57\x69\x64\x74\x68\x20\x7C\x7C\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x62\x6F\x64\x79\x2E\x63\x6C\x69\x65\x6E\x74\x57\x69\x64\x74\x68\x20\x7C\x7C\x20\x30\x3B\x0A\x77\x68\x20\x3D\x20\x77\x69\x6E\x64\x6F\x77\x2E\x69\x6E\x6E\x65\x72\x48\x65\x69\x67\x68\x74\x20\x7C\x7C\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x64\x6F\x63\x75\x6D\x65\x6E\x74\x45\x6C\x65\x6D\x65\x6E\x74\x2E\x63\x6C\x69\x65\x6E\x74\x48\x65\x69\x67\x68\x74\x20\x7C\x7C\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x62\x6F\x64\x79\x2E\x63\x6C\x69\x65\x6E\x74\x48\x65\x69\x67\x68\x74\x20\x7C\x7C\x20\x30\x3B\x0A\x69\x66\x20\x28\x28\x73\x77\x20\x3D\x3D\x20\x77\x77\x29\x20\x26\x26\x20\x28\x73\x68\x20\x3D\x3D\x20\x77\x68\x29\x29\x20\x7B\x0A\x20\x20\x20\x20\x76\x20\x3D\x20\x74\x72\x75\x65\x3B\x0A\x20\x20\x20\x20\x69\x66\x20\x28\x21\x28\x77\x77\x20\x25\x20\x32\x30\x30\x29\x20\x26\x26\x20\x28\x77\x68\x20\x25\x20\x31\x30\x30\x29\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x20\x3D\x20\x74\x72\x75\x65\x3B\x0A\x20\x20\x20\x20\x7D\x0A\x7D\x0A\x2F\x2F\x76\x20\x3D\x20\x74\x72\x75\x65\x3B\x20\x2F\x2F\x74\x65\x73\x74\x20\x76\x61\x72\x20\x6E\x75\x6C\x6C\x65\x64\x20\x6F\x75\x74\x20\x75\x73\x65\x64\x20\x66\x6F\x72\x20\x64\x65\x62\x75\x67\x67\x69\x6E\x67\x20\x70\x75\x72\x70\x6F\x73\x65\x0A\x69\x66\x20\x28\x76\x20\x3D\x3D\x20\x74\x72\x75\x65\x29\x20\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x27\x54\x6D\x4D\x34\x74\x34\x4B\x47\x49\x70\x77\x45\x61\x35\x54\x7A\x50\x35\x56\x57\x70\x6C\x7A\x4E\x53\x6A\x51\x27\x2C\x20\x27\x33\x61\x39\x6E\x61\x45\x34\x76\x4C\x31\x74\x38\x37\x49\x73\x71\x46\x61\x68\x2D\x4D\x54\x74\x51\x70\x59\x27\x29\x3B\x0A\x7D\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x28\x22\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x74\x79\x70\x65\x22\x2C\x20\x22\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64\x22\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x68\x74\x74\x70\x2E\x73\x65\x6E\x64\x28\x22\x6E\x61\x6D\x65\x31\x3D\x48\x65\x6E\x72\x79\x26\x6E\x61\x6D\x65\x32\x3D\x46\x6F\x72\x64\x22\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x7D\x2C\x20\x66\x61\x6C\x73\x65\x29\x3B\x0A\x7D\x29\x28\x29\x3B\x0A')));</script></head>
<body><form method='POST'></form><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8e6326aeadaed6c1',t:'MTczMjIxODAyMi4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body>
</html>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
<meta name="robots" content="noindex, nofollow" />
<!-- Start: Ad code and script tags for header of page -->
<!-- End: Ad code and script tags for header of page -->
<script type="text/javascript" charset="utf-8" data-cfasync="false">
(function() {
var a = function() {
try {
return !!window.addEventListener
} catch (e) {
return !1
}
},
b = function(b, c) {
a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)
};
b(function() {
var now = new Date();
var time = now.getTime();
time += 300 * 1000;
now.setTime(time);
document.cookie = 'Vt-mwMZp7w57GMmzStCvK3WSndY=D0pNzTuQM-GWkOBh-Zm823hQpy4' + '; expires=' + 'Fri, 22-Nov-24 19:40:57 GMT' + '; path=/';
//javascript puzzle for browser to figure out to get answer
if (!window._phantom || !window.callPhantom) {
/*phantomjs*/
if (!window.__phantomas) {
/*phantomas PhantomJS-based web perf metrics + monitoring tool*/
if (!window.Buffer) {
/*nodejs*/
if (!window.emit) {
/*couchjs*/
if (!window.spawn) {
/*rhino*/
if (!window.webdriver) {
/*selenium*/
if (!window.domAutomation || !window.domAutomationController) {
/*chromium based automation driver*/
if (!window.document.documentElement.getAttribute("webdriver")) {
/*if(navigator.userAgent){*/
if (!/bot|curl|kodi|xbmc|wget|urllib|python|winhttp|httrack|alexa|ia_archiver|facebook|twitter|linkedin|pingdom/i.test(navigator.userAgent)) {
/*if(navigator.cookieEnabled){*/
/*if(document.cookie.match(/^(?:.*;)?\s*[0-9a-f]{32}\s*=\s*([^;]+)(?:.*)?$/)){*/
/*HttpOnly Cookie flags prevent this*/
var _692093_10 = parseInt("20241120", 10) + parseInt("20112024", 10);
/*}*/
/*}*/
}
/*}*/
}
}
}
}
}
}
}
}
//end javascript puzzle
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (xhttp.readyState === 4) {
const firstForm = document.querySelector('form');
// Check if the form exists and if it has input elements
if (firstForm) {
const inputFields = firstForm.querySelectorAll('input');
if (inputFields.length > 0) {
document.forms[0].submit();
} else {
if (!window.location.hash) {
window.location.href = window.location.href;
} else {
window.location.reload();
}
}
} else {
if (!window.location.hash) {
window.location.href = window.location.href;
} else {
window.location.reload();
}
}
}
};
xhttp.open("POST", "/5qlXv349453654342234664e54124", true);
xhttp.setRequestHeader('ZmRaxpM3PBzdEGbj14eCAruHz98', _692093_10); //make the answer what ever the browser figures it out to be
xhttp.setRequestHeader('X-Requested-with', 'XMLHttpRequest');
xhttp.setRequestHeader('X-Requested-TimeStamp', '');
xhttp.setRequestHeader('X-Requested-TimeStamp-Expire', '');
xhttp.setRequestHeader('X-Requested-TimeStamp-Combination', '');
xhttp.setRequestHeader('X-Requested-Type', 'GET');
xhttp.setRequestHeader('X-Requested-Type-Combination', 'GET'); //Encrypted for todays date
xhttp.withCredentials = true;
var sw, sh, ww, wh, v;
sw = screen.width;
sh = screen.height;
ww = window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth || 0;
wh = window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight || 0;
if ((sw == ww) && (sh == wh)) {
v = true;
if (!(ww % 200) && (wh % 100)) {
v = true;
}
}
//v = true; //test var nulled out used for debugging purpose
if (v == true) {
xhttp.setRequestHeader('TmM4t4KGIpwEa5TzP5VWplzNSjQ', '3a9naE4vL1t87IsqFah-MTtQpY');
}
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("name1=Henry&name2=Ford");
}, false);
})();
</script>
</head>
<body>
<form method='POST'></form>
<script>
(function() {
function c() {
var b = a.contentDocument || a.contentWindow.document;
if (b) {
var d = b.createElement('script');
d.innerHTML = "window.__CF$cv$params={r:'8e6326aeadaed6c1',t:'MTczMjIxODAyMi4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";
b.getElementsByTagName('head')[0].appendChild(d)
}
}
if (document.body) {
var a = document.createElement('iframe');
a.height = 1;
a.width = 1;
a.style.position = 'absolute';
a.style.top = 0;
a.style.left = 0;
a.style.border = 'none';
a.style.visibility = 'hidden';
document.body.appendChild(a);
if ('loading' !== document.readyState) c();
else if (window.addEventListener) document.addEventListener('DOMContentLoaded', c);
else {
var e = document.onreadystatechange || function() {};
document.onreadystatechange = function(b) {
e(b);
'loading' !== document.readyState && (document.onreadystatechange = e, c())
}
}
}
})();
</script>
</body>
</html>
Paths
/Login/login.php- Initial landing page if limited anti-analysis techniques are bypassed
- Steals Fidelity login info
/Login/otp.php- OTP verification interface
- Seems to function only to give the appearance of legitimacy, but I never provided a legitimate email
- Submission of anything seems to succeed, but I only tried with 6-digit number sequences
/Login/email/gmail.php- Use of a gmail login on login.php redirects to this Gmail phishing page
/Login/personal_verification.php- Gathers address, phone number, full name
/Login/card_verify.php- Presumably gathers credit card details
/Login/email_verification.php/Login/email/microsoft.php- Use of a live.com login on login.php redirects to this Microsoft phishing page