spoc-portal.com Open in urlscan Pro
104.21.81.210 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://spoc-portal.com/
Effective URL:
https://spoc-portal.com/
Submission: On August 08 via manual (August 8th 2023, 1:08:48 am UTC) from CA — Scanned from CA

Summary HTTP 11 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 104.21.81.210, located in and belongs to CLOUDFLARENET, US. The main domain is spoc-portal.com.
TLS certificate: Issued by GTS CA 1P5 on August 7th 2023. Valid for: 3 months.

This is the only time spoc-portal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telus (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.164.156 172.67.164.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.81.210 104.21.81.210	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	18.67.76.128 18.67.76.128	16509 (AMAZON-02) (AMAZON-02)
4	107.162.139.198 107.162.139.198	55002 (DEFENSE-NET) (DEFENSE-NET)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	4

1 172.67.164.156 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spoc-portal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.81.210 (None, )

ASN13335 (CLOUDFLARENET, US)

spoc-portal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.67.76.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-76-128.iad89.r.cloudfront.net

cdn.telus.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.162.139.198 (United States)

ASN55002 (DEFENSE-NET, US)

partneridentity.telus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	telus.digital cdn.telus.digital — Cisco Umbrella Rank: 217952	101 KB
4	telus.com partneridentity.telus.com	747 KB
2	spoc-portal.com 1 redirects spoc-portal.com	3 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	11 KB
11	4

	Domain	Requested by
5	cdn.telus.digital	spoc-portal.com cdn.telus.digital
4	partneridentity.telus.com	spoc-portal.com partneridentity.telus.com
2	spoc-portal.com	1 redirects
1	cdnjs.cloudflare.com	spoc-portal.com
11	4

This site contains links to these domains. Also see Links.

Domain
secure.telusmobility.com
partnerauth.telus.com
www.telus.com

Subject Issuer	Validity	Valid
spoc-portal.com GTS CA 1P5	`2023-08-07` - `2023-11-05`	3 months	crt.sh
cdn.telus.digital DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-02` - `2024-05-01`	a year	crt.sh
partneridentity.telus.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-02` - `2024-03-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://spoc-portal.com/
Frame ID: 41C7C486F6624549FD87E12785FC1D2D
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TELUS Partner SSO

Page URL History Show full URLs

http://spoc-portal.com/ HTTP 301
https://spoc-portal.com/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

861 kB
Transfer

943 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.telusmobility.com/partners/im_preauth/validatePartner.jsp?language=EN
Title: First time visitor? REGISTER NOW!

Search URL Search Domain Scan URL

URL: https://partnerauth.telus.com/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=ForgotPassword&locale=en
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://secure.telusmobility.com/partners/securecontent/english/info/login_troubles.jsp
Title: Trouble logging in?

Search URL Search Domain Scan URL

URL: http://www.telus.com/

Search URL Search Domain Scan URL

URL: https://secure.telusmobility.com/partners/securecontent/english/info/browser_req.jsp
Title: browser requirements

Search URL Search Domain Scan URL

URL: https://secure.telusmobility.com/partners/termsAndConditions.jsp?language=EN
Title: terms and conditions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://spoc-portal.com/ HTTP 301
https://spoc-portal.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
spoc-portal.com/
Redirect Chain

http://spoc-portal.com/
https://spoc-portal.com/

8 KB
2 KB

165ms
111ms

Document
text/html

104.21.81.210
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spoc-portal.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.210 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1f2da6e84d0fbd44946c6427168d125afe1ec92100daf6feda1aeda968aa43a1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f33dea81d6139e4-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 08 Aug 2023 01:08:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgg96wzejd%2BpjA%2FR5ZqAetVjmEWsRoQZg1w43Yyjjc9aWH3VKJNMIAUjKN%2B5wgXYZ9vu10P3taCHNd8kqZmtOrY7WtFVMqsq2pBjKTsHSHmja%2BNF8iGeMDic2JQG4v%2FNmuM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Redirect headers

CF-RAY: 7f33dea78adb3981-YYZ
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 08 Aug 2023 01:08:42 GMT
Expires: Tue, 08 Aug 2023 02:08:42 GMT
Location: https://spoc-portal.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIz%2FajVWa6RZ95oeZ%2FQzed5p7X4qncV%2FvEVC3pHRGiDnrwwYr0rp3IdrmWn47dan%2BNkyTg8tVfFUV3UB2YgggsQRznYY0B%2B7x7s47TEMoe%2FbZh2PxuX84e%2B9fXYMwPnn%2FPo%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK tds.min.css
cdn.telus.digital/thorium/core/v0.16.3/ 36 KB
7 KB 132ms
38ms Stylesheet
text/css 18.67.76.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Requested by: Host: spoc-portal.com
URL: https://spoc-portal.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-128.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a2e7c33fa437debb34fb84109a43e15769b9ed0c3c14aa27b15d5259f29b60a4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://spoc-portal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Thu, 25 May 2023 13:04:08 GMT
Content-Encoding: gzip
Via: 1.1 0dc81f450c72d91e34b5a0b41d441f28.cloudfront.net (CloudFront)
Last-Modified: Wed, 21 Jun 2017 00:04:27 GMT
Server: AmazonS3
X-Amz-Cf-Pop: IAD89-P2
Age: 6437076
ETag: W/"6d383839a4b6f44af1a8c127cc6d21cd"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: VEYzzqQrorHEp60BOLI3fMevzXoaKhSJS-SxmLtsbFplakaSV5Dapw==

GET
H/1.1 200
OK telus-sso-improvement.css
partneridentity.telus.com/assets/styles/ 7 KB
3 KB 325ms
97ms Stylesheet
text/css 107.162.139.198
DEFENSE-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://partneridentity.telus.com/assets/styles/telus-sso-improvement.css

Requested by

Host: spoc-portal.com
URL: https://spoc-portal.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

107.162.139.198 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

Resource Hash

0e117c1ffe3b549c3e95d70372c56eca65eaf5db8934a45c5d4f6fe5a705a35a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://spoc-portal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 08 Aug 2023 01:08:43 GMT
Via: 1.1 dca1-bit9014
Referrer-Policy: origin
Last-Modified: Sun, 13 Nov 2022 20:27:04 GMT
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
X-OneAgent-JS-Injection: true
Cache-Control: max-age=0, must-revalidate
Server-Timing: dtRpid;desc="-711434252", dtSInfo;desc="0"

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/ 57 KB
11 KB 82ms
31ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css

Requested by

Host: spoc-portal.com
URL: https://spoc-portal.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://spoc-portal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 08 Aug 2023 01:08:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 8837907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10301
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-e4d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3q86AO1bmgiwMHuLbi7I10TPEWkRXQOHHS8hl8%2Fzp60MUAOpmb%2B1W3Cl6XD%2FHBKmVg8%2FRpDrx65h%2BDxJFHb53TPbB4MHxuKRW9HAbWNaMPto3uHy%2BFRdRyHD4uXGG6CY%2B0i9NSLJ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f33dea92922a1e0-YYZ
expires: Sun, 28 Jul 2024 01:08:43 GMT

GET
H/1.1 200
OK telus-logo.svg
partneridentity.telus.com/assets/assets/ 4 KB
5 KB 63ms
63ms Image
image/svg+xml 107.162.139.198
DEFENSE-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://partneridentity.telus.com/assets/assets/telus-logo.svg

Requested by

Host: partneridentity.telus.com
URL: https://partneridentity.telus.com/assets/styles/telus-sso-improvement.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

107.162.139.198 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

Resource Hash

47593272e59aaeb5d5e88f6f453a8fe90569fbdbf54b6be214c733e2a1f4e92f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://partneridentity.telus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 08 Aug 2023 01:08:43 GMT
Via: 1.1 dca1-bit9014
Referrer-Policy: origin
Last-Modified: Sun, 13 Nov 2022 20:27:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-OneAgent-JS-Injection: true
Cache-Control: max-age=0, must-revalidate
Server-Timing: dtRpid;desc="1014753746", dtSInfo;desc="0"
Content-Length: 4025

GET
H/1.1 200
OK leaves-retina-web.png
partneridentity.telus.com/assets/assets/ 704 KB
705 KB 133ms
69ms Image
image/png 107.162.139.198
DEFENSE-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://partneridentity.telus.com/assets/assets/leaves-retina-web.png

Requested by

Host: partneridentity.telus.com
URL: https://partneridentity.telus.com/assets/styles/telus-sso-improvement.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

107.162.139.198 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

Resource Hash

8fabef7055aa20f5033d7df021c027128feb0757af2cab181412cdc8644d3662

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://partneridentity.telus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 08 Aug 2023 01:08:43 GMT
Via: 1.1 dca1-bit9014
Referrer-Policy: origin
Last-Modified: Sun, 13 Nov 2022 20:27:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-OneAgent-JS-Injection: true
Cache-Control: max-age=0, must-revalidate
Server-Timing: dtRpid;desc="999052782", dtSInfo;desc="0"
Content-Length: 721016

GET
H/1.1 200
OK wave-header-default.png
partneridentity.telus.com/assets/assets/ 34 KB
35 KB 491ms
391ms Image
image/png 107.162.139.198
DEFENSE-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://partneridentity.telus.com/assets/assets/wave-header-default.png

Requested by

Host: partneridentity.telus.com
URL: https://partneridentity.telus.com/assets/styles/telus-sso-improvement.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

107.162.139.198 , United States, ASN55002 (DEFENSE-NET, US),

Reverse DNS

Software

Resource Hash

e9bd7a2422b44ed7329fb3ece73c00f386d18b33ea9472f1811731c824c9cd80

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://partneridentity.telus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 08 Aug 2023 01:08:43 GMT
Via: 1.1 dca1-bit9014
Referrer-Policy: origin
Last-Modified: Sun, 13 Nov 2022 20:27:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-OneAgent-JS-Injection: true
Cache-Control: max-age=0, must-revalidate
Server-Timing: dtRpid;desc="2096207901", dtSInfo;desc="0"
Content-Length: 35096

GET
H/1.1 200
OK core-icons.woff2
cdn.telus.digital/thorium/core/v0.4.0/ 4 KB
5 KB 114ms
39ms Font
binary/octet-stream 18.67.76.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.telus.digital/thorium/core/v0.4.0/core-icons.woff2
Requested by: Host: cdn.telus.digital
URL: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-128.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d8985cae9eda7ce2bb937053b26c94a391b53c4e2563ed77c6527db0e41a16e4

Request headers

Referer: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Origin: https://spoc-portal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 23:30:51 GMT
Via: 1.1 9c6666844f92bfc6b8685747b641abc6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD89-P2
Age: 5873
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 4036
Last-Modified: Mon, 08 Jan 2018 20:08:10 GMT
Server: AmazonS3
ETag: "6a61e48747de876a912bcaa556dacd23"
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: wX1AmMak4DOVhCv0rx6-VsBon477qwxsMGZecRcxJDV7Nqr2mjv9Lg==

GET
H/1.1 200
OK b8765d4b-d9a3-48b9-ac65-560e7517cf0e.woff2
cdn.telus.digital/thorium/core/fonts/etext/ 19 KB
20 KB 113ms
38ms Font
font/woff2 18.67.76.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.telus.digital/thorium/core/fonts/etext/b8765d4b-d9a3-48b9-ac65-560e7517cf0e.woff2
Requested by: Host: cdn.telus.digital
URL: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-128.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 726b4339c7bca67dbba88d1f121857e2130d7ac194df7a512461ae621cfc2ff1

Request headers

Referer: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Origin: https://spoc-portal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 23:30:51 GMT
Via: 1.1 dfbe3a6f5b354f9a5f95a5a6814ce14e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD89-P2
Age: 5873
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 19848
Last-Modified: Thu, 20 Feb 2020 23:49:39 GMT
Server: AmazonS3
ETag: "ad426bec3984966214cc48ece827907e"
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: C1NJXWA0WvhazuQIK6-eX1b4gsfkq0A14KPsrfLLjTwUvZoR4PUc5g==

GET
H/1.1 200
OK 3e8a8b56-3cb0-4347-b670-eaaf06b76e9b.woff2
cdn.telus.digital/thorium/core/fonts/etext/ 19 KB
19 KB 132ms
57ms Font
font/woff2 18.67.76.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.telus.digital/thorium/core/fonts/etext/3e8a8b56-3cb0-4347-b670-eaaf06b76e9b.woff2
Requested by: Host: cdn.telus.digital
URL: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-128.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 56b0625243f403285df4a6ec2b3bb68b17501a6a95ba30252a917c06d4395f58

Request headers

Referer: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Origin: https://spoc-portal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 23:30:51 GMT
Via: 1.1 ec18462cf9d88c8bdb0cd5e50dbe442a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD89-P2
Age: 5873
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 19304
Last-Modified: Thu, 20 Feb 2020 23:49:48 GMT
Server: AmazonS3
ETag: "42691fb7a4691282f7e00bbdcc87c467"
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: yyZsxS6_v7GYuGfeX2CFjCJdZB0gjl2YYRKULGdbZ-a8vlr050_Njw==

GET
H/1.1 200
OK aff68211-86bb-476d-882e-f7a3face144c.woff2
cdn.telus.digital/thorium/core/fonts/ 49 KB
50 KB 124ms
44ms Font
font/woff2 18.67.76.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.telus.digital/thorium/core/fonts/aff68211-86bb-476d-882e-f7a3face144c.woff2
Requested by: Host: cdn.telus.digital
URL: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.76.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-76-128.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f776d0dfb485629c7351534355429068fd43071b7613e3d2042986fd5b5bf46c

Request headers

Referer: https://cdn.telus.digital/thorium/core/v0.16.3/tds.min.css
Origin: https://spoc-portal.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Mon, 07 Aug 2023 23:30:51 GMT
Via: 1.1 122cd39a473c6e4835362753fc929a08.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD89-P2
Age: 5873
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 50428
Last-Modified: Thu, 20 Feb 2020 23:41:56 GMT
Server: AmazonS3
ETag: "929eac69416d11a543cee859bd33f1bc"
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: KGjvZwAA5mAumkRK9wHUlFPxt5xiywSIa4crB2by_OfWG-IMgg2vpQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telus (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.telus.digital
cdnjs.cloudflare.com
partneridentity.telus.com
spoc-portal.com
104.17.25.14
104.21.81.210
107.162.139.198
172.67.164.156
18.67.76.128
0e117c1ffe3b549c3e95d70372c56eca65eaf5db8934a45c5d4f6fe5a705a35a
1f2da6e84d0fbd44946c6427168d125afe1ec92100daf6feda1aeda968aa43a1
47593272e59aaeb5d5e88f6f453a8fe90569fbdbf54b6be214c733e2a1f4e92f
56b0625243f403285df4a6ec2b3bb68b17501a6a95ba30252a917c06d4395f58
726b4339c7bca67dbba88d1f121857e2130d7ac194df7a512461ae621cfc2ff1
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
8fabef7055aa20f5033d7df021c027128feb0757af2cab181412cdc8644d3662
a2e7c33fa437debb34fb84109a43e15769b9ed0c3c14aa27b15d5259f29b60a4
d8985cae9eda7ce2bb937053b26c94a391b53c4e2563ed77c6527db0e41a16e4
e9bd7a2422b44ed7329fb3ece73c00f386d18b33ea9472f1811731c824c9cd80
f776d0dfb485629c7351534355429068fd43071b7613e3d2042986fd5b5bf46c

spoc-portal.com Open in urlscan Pro 104.21.81.210 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

861 kBTransfer

943 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

spoc-portal.com Open in urlscan Pro
104.21.81.210 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

861 kB
Transfer

943 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!