ScanMalware.com

Security Scan Report: rms.cleerkutroyalty.com

Redirected to: blob:https://helis.vn/1552534d-a061-4b5a-a637-807c331b5583

Submitted: Oct 31, 2025, 12:49:31 PMCompleted: Oct 31, 2025, 12:50:20 PMpubliccompleted
Loading additional data...

Summary

This website contacted 22 IPs in 3 countries across 7 domains to perform 14 HTTP transactions. The main domain is .

Submitted URL: https://rms.cleerkutroyalty.com/wp-includes/Text/jblyaxt/tas/hmp.html

Effective URL: blob:https://helis.vn/1552534d-a061-4b5a-a637-807c331b5583Redirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

Confirmed phishing scam harvesting Fidelity credentials via a compromised WordPress site and blob URL.

Risk Factors
Use of blob: URL scheme to hide phishing content
Compromised WordPress site indicated by internal paths
Credential‑harvesting login forms on a suspicious domain
Brand impersonation of Fidelity on an unrelated domain
Unranked, likely newly registered domain
Domain age information unavailable

Details

Page Title

Log in to Fidelity

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

suspicious phishing

(57%)

Domain Information

You're looking at domain 'rms.cleerkutroyalty.com' on the commercial generic top-level domain (.com) with subdomain 'rms'. Count 15 characters in 'cleerkutroyalty' holding five vowels versus ten consonants. Word splitting yields four words: c, leer, kut, royalty. The median word length lands at 3.5 characters. The linguistic tilt is Breton for 'c'. Usage also turns up in Chinese (Zhuyin) and Dutch contexts. Overall, 'rms.cleerkutroyalty.com' reads as Breton.

Screenshot

Security scan screenshot of https://rms.cleerkutroyalty.com/wp-includes/Text/jblyaxt/tas/hmp.html

Page Load Overview

23.70s
Total Load Time
14
HTTP Requests
7
Domains
400 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:2,334 chars
Detector Agreement:67%

Website Classification

Primary Category

suspicious phishing57% confidence
Type: webapp
Method: ml+structural

All Detected Categories

suspicious phishing
57%
other
55%
malicious
38%
legitimate website
35%
e-commerce
32%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
14216.58.206.67United States
AS15169GOOGLE
0104.17.25.14United States
AS13335CLOUDFLARENET
0151.101.194.137San Francisco, California, United States
AS54113FASTLY
0151.101.66.137San Francisco, California, United States
AS54113FASTLY
0104.17.24.14United States
AS13335CLOUDFLARENET
0151.101.2.137San Francisco, California, United States
AS54113FASTLY
014.177.232.31Hanoi, Hanoi, Vietnam
AS45899VNPT Corp
0151.101.130.137San Francisco, California, United States
AS54113FASTLY
0216.58.206.42United States
AS15169GOOGLE
040.85.190.10Washington, Virginia, United States
AS8075MICROSOFT-CORP-MSN-AS-BLOCK
1422--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T15C93F91242D550A564634AA65FEB17093D64E4A3FC4185A47EAC8FC08FCFE98F89B3DC

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:5iOxAUk2tZhJNDwqe8tF9o6ZtF9o6ntF9o690blfSj4vHjQvKh0:RzDTNPJTPTtTL

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:90211:GUCISRQQAZhgqmNAZFOAAOmSAPMSEBQMACQYdlYiUxWRCinAIAQDCKBRGiCBOCFzAKLAknDXL3KIAJcoMAqwIRSXgICmCImS

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:N/A
Perceptual Hash:N/A
Difference Hash:N/A
Wavelet Hash:N/A
Color Hash:N/A

Other Hashes

Crop Resistant:N/A

Scan History

Scan history not available

Unable to load historical scan data