partner-identity.ca
Open in
urlscan Pro
172.67.199.156
Malicious Activity!
Public Scan
Effective URL: http://partner-identity.ca/idp/startSSO.ping?PartnerSpId=ChannelPortal
Submission: On September 24 via automatic, source certstream-suspicious — Scanned from CA
Summary
This is the only time partner-identity.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telus (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.21.36.211 104.21.36.211 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 172.67.199.156 172.67.199.156 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 18.155.1.94 18.155.1.94 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-18-155-1-94.atl59.r.cloudfront.net
cdn.telus.digital |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
partner-identity.ca
1 redirects
partner-identity.ca |
755 KB |
4 |
telus.digital
cdn.telus.digital — Cisco Umbrella Rank: 420668 |
94 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
7 | partner-identity.ca |
1 redirects
partner-identity.ca
|
4 | cdn.telus.digital |
partner-identity.ca
|
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
secure.telusmobility.com |
partnerauth.telus.com |
www.telus.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cdn.telus.digital DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://partner-identity.ca/idp/startSSO.ping?PartnerSpId=ChannelPortal
Frame ID: 259BDFF010FD917CE51927902B281C56
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
TELUS Partner SSOPage URL History Show full URLs
-
https://partner-identity.ca/
HTTP 303
http://partner-identity.ca/idp/startSSO.ping?PartnerSpId=ChannelPortal Page URL
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: First time visitor? REGISTER NOW!
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Trouble logging in?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: browser requirements
Search URL Search Domain Scan URL
Title: terms and conditions
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://partner-identity.ca/
HTTP 303
http://partner-identity.ca/idp/startSSO.ping?PartnerSpId=ChannelPortal Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
startSSO.ping
partner-identity.ca/idp/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tds.min.css
partner-identity.ca/public/css/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telus-sso-improvement.css
partner-identity.ca/public/css/ |
7 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telus-logo.svg
partner-identity.ca/public/img/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
leaves-retina-web.png
partner-identity.ca/public/img/ |
704 KB 705 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wave-header-default.png
partner-identity.ca/public/img/ |
34 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core-icons.woff2
cdn.telus.digital/thorium/core/v0.4.0/ |
4 KB 5 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b8765d4b-d9a3-48b9-ac65-560e7517cf0e.woff2
cdn.telus.digital/thorium/core/fonts/etext/ |
19 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3e8a8b56-3cb0-4347-b670-eaaf06b76e9b.woff2
cdn.telus.digital/thorium/core/fonts/etext/ |
19 KB 19 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aff68211-86bb-476d-882e-f7a3face144c.woff2
cdn.telus.digital/thorium/core/fonts/ |
49 KB 50 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telus (Telecommunication)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.telus.digital
partner-identity.ca
104.21.36.211
172.67.199.156
18.155.1.94
47593272e59aaeb5d5e88f6f453a8fe90569fbdbf54b6be214c733e2a1f4e92f
47c53c7249528d9c0b23f0b62c635b11833a7d3938fbd8c815e727c7c2c6e018
56b0625243f403285df4a6ec2b3bb68b17501a6a95ba30252a917c06d4395f58
726b4339c7bca67dbba88d1f121857e2130d7ac194df7a512461ae621cfc2ff1
815051e8b4979a7a5a20376772b08da82a8ffe4620592398748cf9f9c7c4da7d
8fabef7055aa20f5033d7df021c027128feb0757af2cab181412cdc8644d3662
a2e7c33fa437debb34fb84109a43e15769b9ed0c3c14aa27b15d5259f29b60a4
d8985cae9eda7ce2bb937053b26c94a391b53c4e2563ed77c6527db0e41a16e4
e9bd7a2422b44ed7329fb3ece73c00f386d18b33ea9472f1811731c824c9cd80
f776d0dfb485629c7351534355429068fd43071b7613e3d2042986fd5b5bf46c