# kerqjwpfidelity.cyou — MALICIOUS

> kerqjwpfidelity.cyou is an active phishing site mimicking Fidelity NetBenefits. Avoid this high-risk domain flagged by multiple threat sources.

## Summary
PhishDestroy identifies kerqjwpfidelity.cyou as a high-risk generic phishing domain targeting users of Fidelity NetBenefits. The site is designed to deceive victims by replicating the legitimate login page to harvest sensitive credentials.

This domain was registered recently on February 21, 2026, and currently resolves to IP address 43.162.126.210. It is listed on one security blocklist and appears in 13 AlienVault OTX threat intelligence pulses, indicating active malicious activity. Additionally, 15 out of 95 VirusTotal security vendors detect suspicious behavior linked to this domain. The domain's registration through Gname.com Pte. Ltd. also aligns with common patterns seen in fraudulent domain registrations.

Users and organizations should avoid interacting with kerqjwpfidelity.cyou and block it within their security filters. PhishDestroy confirms the domain remains active and continues to pose a significant phishing threat. Monitoring and immediate mitigation actions are recommended to prevent credential compromise and potential downstream attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Log In to Fidelity NetBenefits

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Gname.com Pte. Ltd.
- Country: SG
- IP: 43.162.126.210
- Nameservers: ["A.SHARE-DNS.COM", "B.SHARE-DNS.NET"]
- SSL Issuer: E8

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ab889-a788-70a9-b9f5-dd39f3698c52.png
- PhishDestroy: https://phishdestroy.io/domain/kerqjwpfidelity.cyou/
- LLM endpoint: https://phishdestroy.io/domain/kerqjwpfidelity.cyou/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/kerqjwpfidelity.cyou/
Last updated: 2026-03-19