telus-help.org
Open in
urlscan Pro
2606:4700:30::681b:adc0
Malicious Activity!
Public Scan
Submission: On November 26 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on November 26th 2019. Valid for: 10 months.
This is the only time telus-help.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telus (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:30:... 2606:4700:30::681b:adc0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
7 | 152.70.24.16 152.70.24.16 | 393676 (ZENEDGE) (ZENEDGE - Oracle Corporation) | |
1 | 2600:9000:20e... 2600:9000:20eb:2c00:12:94b3:c380:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
12 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
telus-help.org |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
images.ctfassets.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
telus.com
partnerauth.telus.com |
35 KB |
4 |
telus-help.org
telus-help.org |
2 KB |
1 |
ctfassets.net
images.ctfassets.net |
1 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
7 | partnerauth.telus.com |
telus-help.org
|
4 | telus-help.org |
telus-help.org
|
1 | images.ctfassets.net |
telus-help.org
|
12 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
secure.telusmobility.com |
www.telus.com |
www.telusmobility.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-11-26 - 2020-10-09 |
10 months | crt.sh |
partnerauth.telus.com DigiCert SHA2 Secure Server CA |
2019-04-25 - 2020-04-25 |
a year | crt.sh |
images.contentful.com Amazon |
2019-04-06 - 2020-05-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://telus-help.org/
Frame ID: 63D37C67C02C38E532F168B7E3108985
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Contentful (CMS) ExpandDetected patterns
- html /<[^>]+(?:https?:)?\/\/(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: telus.com
Search URL Search Domain Scan URL
Title: telusmobility.com
Search URL Search Domain Scan URL
Title: browser requirements
Search URL Search Domain Scan URL
Title: terms and conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
telus-help.org/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otp-custom.css
partnerauth.telus.com/openam/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chk_submit.js
telus-help.org/openam/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth.js
telus-help.org/openam/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Logo_TELUS.svg
images.ctfassets.net/fikanzmkdlqn/3yUnySNpS8IS4CeyUeWgeg/5bcfa9c592acfe591f26d85f6820fa5f/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reg_now.gif
partnerauth.telus.com/openam/images/en/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forgot_password.gif
partnerauth.telus.com/openam/images/en/ |
898 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trouble_.gif
partnerauth.telus.com/openam/images/en/ |
719 B 973 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile.css
partnerauth.telus.com/openam/css/ |
348 B 508 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth.js
telus-help.org/openam/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flower.jpg
partnerauth.telus.com/openam/images/en/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whirlers.gif
partnerauth.telus.com/openam/images/ |
20 KB 21 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telus (Telecommunication)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| defaultBtn number| elmCount function| LoginSubmit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.telus-help.org/ | Name: __cfduid Value: d046949e13621af21689bf8d1b218e7231574796806 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
images.ctfassets.net
partnerauth.telus.com
telus-help.org
152.70.24.16
2600:9000:20eb:2c00:12:94b3:c380:93a1
2606:4700:30::681b:adc0
0408fb555c0cc8d3186197945bf229feac943c17f66e85bc3eb4388dac618b28
2653f087eea887b9bf71cc242744f62f9bc7c7b39784700848ed57b72c38f01e
2b0df1fe361f8d973e2853ed4eaef1d6329f89ba0e13e6b700804ef2f857fa76
3fbd169a4a1da85fcf033b201f953e50749ebc0c9cb890b20556bbae0892c356
48e5a6525aff2609146548798f5be10caebe42880e328988f560c5a2011e03c0
92a348270709b18868cd859801941bffafd3785328f4d7475328d913d4288f76
cbe1b0f1185a0b862a1e9ed248098ff59f79de8c00cd0ea2dd873023e704d3f4
cca84868f403650e637e6e51405e2d93a768028f8f0a1a83f5074b524046752c
e9fc4db606a5a5f273e62d608c94f076a8580a3548ee1ab3631569cdd80f0350