www.tessellarte.mx
Open in
urlscan Pro
192.185.171.202
Malicious Activity!
Public Scan
Submission: On March 07 via api from JP — Scanned from JP
Summary
This is the only time www.tessellarte.mx was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telus (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 192.185.171.202 192.185.171.202 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 | 207.167.198.19 207.167.198.19 | 852 (TELUS Com...) (TELUS Communications) | |
3 | 2600:140b:2:9... 2600:140b:2:9ad::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2620:108:700f... 2620:108:700f::36d6:eee5 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 54.248.211.131 54.248.211.131 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 3.112.119.164 3.112.119.164 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 23.206.250.112 23.206.250.112 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 2 | 52.220.37.88 52.220.37.88 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.115.137.161 13.115.137.161 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 9 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-171-202.unifiedlayer.com
www.tessellarte.mx |
ASN852 (TELUS Communications, CA)
PTR: webmail2.telus.net
webmail.telus.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-248-211-131.ap-northeast-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-112-119-164.ap-northeast-1.compute.amazonaws.com
telus.demdex.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-206-250-112.deploy.static.akamaitechnologies.com
fast.telus.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-37-88.ap-southeast-1.compute.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-115-137-161.ap-northeast-1.compute.amazonaws.com
a.telus.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
tessellarte.mx
www.tessellarte.mx |
6 KB |
5 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 184 telus.demdex.net — Cisco Umbrella Rank: 321761 fast.telus.demdex.net |
10 KB |
3 |
telus.com
static.telus.com — Cisco Umbrella Rank: 800285 b.telus.com Failed a.telus.com |
5 KB |
3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 515 |
61 KB |
2 |
everesttech.net
2 redirects
cm.everesttech.net — Cisco Umbrella Rank: 878 |
772 B |
2 |
telus.net
webmail.telus.net |
|
20 | 6 |
Domain | Requested by | |
---|---|---|
6 | www.tessellarte.mx |
www.tessellarte.mx
|
3 | assets.adobedtm.com |
www.tessellarte.mx
assets.adobedtm.com |
2 | cm.everesttech.net | 2 redirects |
2 | telus.demdex.net |
assets.adobedtm.com
|
2 | dpm.demdex.net |
assets.adobedtm.com
|
2 | static.telus.com |
www.tessellarte.mx
|
2 | webmail.telus.net |
www.tessellarte.mx
|
1 | a.telus.com | |
1 | fast.telus.demdex.net |
assets.adobedtm.com
|
0 | b.telus.com Failed |
assets.adobedtm.com
|
20 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.telus.com |
pwm.telus.net |
forum.telus.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.telus.net Go Daddy Secure Certificate Authority - G2 |
2020-07-13 - 2022-09-09 |
2 years | crt.sh |
static.telus.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-03-29 - 2022-04-29 |
a year | crt.sh |
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-19 - 2022-11-19 |
a year | crt.sh |
a248.e.akamai.net DigiCert SHA2 Secure Server CA |
2021-07-15 - 2022-07-20 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.tessellarte.mx/
Frame ID: 4F76946ECF8D79B967BC6B679DF33699
Requests: 18 HTTP requests in this frame
Frame:
https://telus.demdex.net/dest5.html?d_nsid=0
Frame ID: 64731B54A4F9BE9FBCD38260B2244D00
Requests: 1 HTTP requests in this frame
Frame:
https://fast.telus.demdex.net/dest5.html?d_nsid=0
Frame ID: 8BBEF80A97BD88268DBB691477C3BC51
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
TELUS Webmail - log inTELUS Webmail - log inDetected technologies
YouTube (Video Players) ExpandDetected patterns
- <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Forgot?
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: Need help?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://fast.telus.demdex.net/dest5.html?d_nsid=0 HTTP 307
- https://fast.telus.demdex.net/dest5.html?d_nsid=0
- http://cm.everesttech.net/cm/dd?d_uuid=36010452766390554960705813836133324959 HTTP 301
- https://cm.everesttech.net/cm/dd?d_uuid=36010452766390554960705813836133324959 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=YiWE4wAAACAS5AQm
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.tessellarte.mx/ |
16 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
webmail.telus.net//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
passwordStrength.css
webmail.telus.net//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satelliteLib-a52ff1846227cd72b8a68d1e0351f08aba274184.js
assets.adobedtm.com/6462022b939758565769298a6393ed7a46ee6817/ |
114 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.tessellarte.mx/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icheck.min.js
www.tessellarte.mx/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pStrength.jquery.js
www.tessellarte.mx/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.clientsidecaptcha.js
www.tessellarte.mx/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TELUS-logo.svg
static.telus.com/common/images/header/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
refresh.png
www.tessellarte.mx/img/ |
0 195 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
TELUS-logo-white.svg
static.telus.com/common/images/footer/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dil-contents-5ee0fe83b2600884b99ed28f6109168105d2fb52.js
assets.adobedtm.com/6462022b939758565769298a6393ed7a46ee6817/ |
31 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-code-contents-2f65f9fccbc156c9f9a3f54fbbc01651dc6a39a4.js
assets.adobedtm.com/6462022b939758565769298a6393ed7a46ee6817/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
telus.demdex.net/ Frame 6473 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
fast.telus.demdex.net/ Frame 8BBE Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
id
b.telus.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=411&dpuuid=YiWE4wAAACAS5AQm
dpm.demdex.net/ Redirect Chain
|
42 B 943 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
event
telus.demdex.net/ |
2 B 843 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s5293084955484
a.telus.com/b/ss/teluswebmail/1/JS-2.3.0-D7QN/ |
43 B 598 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- b.telus.com
- URL
- http://b.telus.com/id?d_visid_ver=2.3.0&d_fieldgroup=A&mcorgid=67A50FC0539F0BBD0A490D45%40AdobeOrg&mid=35988124630960454140703540891024198001&ts=1646626019334
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telus (Telecommunication)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored function| Visitor object| _satellite object| s_c_il number| s_c_in object| link function| bichange function| clientChange function| showWhatsThis function| onLoad function| captchainit function| toggle_password function| DIL function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s_i_teluswebmail6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.tessellarte.mx/ | Name: AMCVS_67A50FC0539F0BBD0A490D45%40AdobeOrg Value: 1 |
|
.demdex.net/ | Name: demdex Value: 86304466873456579431255874348587053274 |
|
.tessellarte.mx/ | Name: s_cc Value: true |
|
.everesttech.net/ | Name: everest_g_v2 Value: g_surferid~YiWE4wAAACAS5AQm |
|
.dpm.demdex.net/ | Name: dpm Value: 86304466873456579431255874348587053274 |
|
.tessellarte.mx/ | Name: AMCV_67A50FC0539F0BBD0A490D45%40AdobeOrg Value: -894706358%7CMCIDTS%7C19059%7CMCMID%7C35988124630960454140703540891024198001%7CMCAAMLH-1647230819%7C11%7CMCAAMB-1647230819%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1646633219s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19066%7CvVersion%7C2.3.0 |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.telus.com
assets.adobedtm.com
b.telus.com
cm.everesttech.net
dpm.demdex.net
fast.telus.demdex.net
static.telus.com
telus.demdex.net
webmail.telus.net
www.tessellarte.mx
b.telus.com
13.115.137.161
192.185.171.202
207.167.198.19
23.206.250.112
2600:140b:2:9ad::1e80
2620:108:700f::36d6:eee5
3.112.119.164
52.220.37.88
54.248.211.131
1a77dd6fa9e6ed0f9e4a6409136b2a8cdadb487349403896ca9a85672179675f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
517fd6dd3c44b0dc6390330673883e9a345b6b57e449ab5a4fb6bf59328da0c5
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7fdf04ebfa2ed1d7b88d8c8c6000f2c906bc3a58a9a361a876844c3014f1a6d2
8c0b230f7dcf65e2f232a2825bc769fb4dcff96982af865b1f6e72a86f196d2b
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c4374a0d15e0d271fb8a0113fd31e4eb4a15d8c255a509fe534c16f43024a3dc
c80222e63b82472ac739234bd849c6672735e1f97ac38ec2c7f660ab35dd237a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e822673ef5c826a33358969138490871efeae176f4e3ccdb8c2a0ca4159d29fc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629