telushelpdesk.net Open in urlscan Pro
199.33.112.226 Malicious Activity! Public Scan

URL:
http://telushelpdesk.net/
Submission: On October 25 via manual (October 25th 2019, 2:40:26 pm UTC) from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 199.33.112.226, located in Canada and belongs to CDSI - COGECODATA, CA. The main domain is telushelpdesk.net.

This is the only time telushelpdesk.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telus (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1	199.33.112.226 199.33.112.226	23498 (CDSI) (CDSI - COGECODATA)
7	144.161.200.106 144.161.200.106	797 (AMERITECH-AS) (AMERITECH-AS - AT&T Services)
1	152.70.24.21 152.70.24.21	393676 (ZENEDGE) (ZENEDGE - Oracle Corporation)
9	3

1 199.33.112.226 (Canada)

ASN23498 (CDSI - COGECODATA, CA)

telushelpdesk.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 144.161.200.106 (United States)

ASN797 (AMERITECH-AS - AT&T Services, Inc., US)

opus.att.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.70.24.21 (United States)

ASN393676 (ZENEDGE - Oracle Corporation, US)

partnerauth.telus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	att.net opus.att.net	13 KB
1	telus.com partnerauth.telus.com	3 KB
1	telushelpdesk.net telushelpdesk.net	2 KB
9	3

	Domain	Requested by
7	opus.att.net	telushelpdesk.net
1	partnerauth.telus.com	telushelpdesk.net
1	telushelpdesk.net
9	3

This site contains no links.

Subject Issuer	Validity	Valid
opus.att.net DigiCert SHA2 Secure Server CA	`2018-07-16` - `2020-07-16`	2 years	crt.sh
partnerauth.telus.com DigiCert SHA2 Secure Server CA	`2019-04-25` - `2020-04-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://telushelpdesk.net/
Frame ID: 34AC9E73CC17BB2DEAD921D6552F4FAC
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

18 kB
Transfer

18 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response telushelpdesk.net/	4 KB 2 KB	354ms 158ms	Document text/html	199.33.112.226 COGECODATA
General Check archive.org Show headers Download Go to Full URL http://telushelpdesk.net/ Protocol HTTP/1.1 Server 199.33.112.226 , Canada, ASN23498 (CDSI - COGECODATA, CA), Reverse DNS Software Apache / Resource Hash `a4741fb4151188eaa747eaa9a8a7116d63358fd953f0c013af1749cb3cfbf176` Request headers Host telushelpdesk.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:10 GMT Server Apache Content-Encoding gzip Vary Accept-Encoding Keep-Alive timeout=2, max=750 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	login.css opus.att.net/opus/newlnf/common/css/	4 KB 4 KB	1128ms 261ms	Stylesheet text/css	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://opus.att.net/opus/newlnf/common/css/login.css Requested by Host: telushelpdesk.net URL: http://telushelpdesk.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `fa5436f6541f9f66aba15e61bad0e69d9e11b8e76b3b82fe79acb0be76022071` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Tue, 22 Oct 2019 23:38:44 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4044
GET H2	200	telusmobility_logo.gif partnerauth.telus.com/openam/images/en/	2 KB 3 KB	502ms 142ms	Image image/gif	152.70.24.21 Oracle Corporation
General Check archive.org Show headers Download Go to Show image Full URL https://partnerauth.telus.com/openam/images/en/telusmobility_logo.gif Requested by Host: telushelpdesk.net URL: http://telushelpdesk.net/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 152.70.24.21 , United States, ASN393676 (ZENEDGE - Oracle Corporation, US), Reverse DNS Software ZENEDGE / Servlet/3.0 JSP/2.2 Resource Hash `55932e53eb5ffa215bbb192d67f82f99c364077d59b090d3be9463601af9040a` Request headers Sec-Fetch-Mode no-cors Referer http://telushelpdesk.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-zen-fury aea10f29617ae3e8929a21c7efbab122e8ad9468 date Fri, 25 Oct 2019 14:40:10 GMT last-modified Sun, 20 Oct 2019 19:16:48 GMT server ZENEDGE x-powered-by Servlet/3.0 JSP/2.2 x-cache-status NOTCACHED content-type image/gif status 200 accept-ranges bytes content-length 2401 x-cdn Served-By-Zenedge
GET H/1.1	200 OK	buttons.css opus.att.net/opus/newlnf/common/css/	2 KB 2 KB	1080ms 212ms	Stylesheet text/css	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://opus.att.net/opus/newlnf/common/css/buttons.css Requested by Host: telushelpdesk.net URL: http://telushelpdesk.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `684a7fbf6aade434db61528ea38da5605c50ae361ce650291f03fccd7eb76799` Request headers Sec-Fetch-Mode no-cors Referer http://telushelpdesk.net/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Tue, 22 Oct 2019 23:38:44 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2248
GET H/1.1	200 OK	login_box.gif opus.att.net/opus/newlnf/common/images/login/	1 KB 2 KB	133ms 132ms	Image image/gif	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://opus.att.net/opus/newlnf/common/images/login/login_box.gif Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `7b5d643e0bd4d6d012ce9ee12b90376ab42b5ee9f07fd1f2c918185768d88862` Request headers Sec-Fetch-Mode no-cors Referer https://opus.att.net/opus/newlnf/common/css/login.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Wed, 23 Oct 2019 00:38:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1461
GET H/1.1	200 OK	login_hdrRight.gif opus.att.net/opus/newlnf/common/images/login/	2 KB 2 KB	260ms 259ms	Image image/gif	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://opus.att.net/opus/newlnf/common/images/login/login_hdrRight.gif Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `46ba56c15f0971a5a0853079cb584bf89aa18f4679d4aa971f4d70b5347f333c` Request headers Sec-Fetch-Mode no-cors Referer https://opus.att.net/opus/newlnf/common/css/login.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Tue, 22 Oct 2019 23:38:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1979
GET H/1.1	200 OK	login_hdrLeft.gif opus.att.net/opus/newlnf/common/images/login/	884 B 1 KB	132ms 132ms	Image image/gif	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://opus.att.net/opus/newlnf/common/images/login/login_hdrLeft.gif Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `a80aa647835daff153b7c9743c1740de76611f41b60c8c8a10cc2e00e6631a7d` Request headers Sec-Fetch-Mode no-cors Referer https://opus.att.net/opus/newlnf/common/css/login.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Wed, 23 Oct 2019 00:38:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 884
GET H/1.1	200 OK	btn_orange_left.gif opus.att.net/opus/newlnf/common/images/btn/	394 B 636 B	266ms 136ms	Image image/gif	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://opus.att.net/opus/newlnf/common/images/btn/btn_orange_left.gif Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `f66938aa3ce5a8b3988fa3e433c70de530c7a50fea10f276654b25b3174569ba` Request headers Sec-Fetch-Mode no-cors Referer https://opus.att.net/opus/newlnf/common/css/buttons.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Wed, 23 Oct 2019 00:38:44 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 394
GET H/1.1	200 OK	btn_orange_right.gif opus.att.net/opus/newlnf/common/images/btn/	1 KB 1 KB	262ms 133ms	Image image/gif	144.161.200.106 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://opus.att.net/opus/newlnf/common/images/btn/btn_orange_right.gif Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.161.200.106 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US), Reverse DNS Software Apache / Resource Hash `964b84ec9e395a1036983047510d5ce3ab4577597bbfa4f41037cc3f69718122` Request headers Sec-Fetch-Mode no-cors Referer https://opus.att.net/opus/newlnf/common/css/buttons.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 25 Oct 2019 14:40:11 GMT Last-Modified Wed, 23 Oct 2019 00:38:44 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1040

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telus (Telecommunication)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

opus.att.net
partnerauth.telus.com
telushelpdesk.net
144.161.200.106
152.70.24.21
199.33.112.226
46ba56c15f0971a5a0853079cb584bf89aa18f4679d4aa971f4d70b5347f333c
55932e53eb5ffa215bbb192d67f82f99c364077d59b090d3be9463601af9040a
684a7fbf6aade434db61528ea38da5605c50ae361ce650291f03fccd7eb76799
7b5d643e0bd4d6d012ce9ee12b90376ab42b5ee9f07fd1f2c918185768d88862
964b84ec9e395a1036983047510d5ce3ab4577597bbfa4f41037cc3f69718122
a4741fb4151188eaa747eaa9a8a7116d63358fd953f0c013af1749cb3cfbf176
a80aa647835daff153b7c9743c1740de76611f41b60c8c8a10cc2e00e6631a7d
f66938aa3ce5a8b3988fa3e433c70de530c7a50fea10f276654b25b3174569ba
fa5436f6541f9f66aba15e61bad0e69d9e11b8e76b3b82fe79acb0be76022071

telushelpdesk.net Open in urlscan Pro 199.33.112.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

18 kBTransfer

18 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

telushelpdesk.net Open in urlscan Pro
199.33.112.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

18 kB
Transfer

18 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!