# gchjnjhjhjhjjk.framer.website — MALICIOUS

> Avoid the phishing site gchjnjhjhjhjjk.framer.website impersonating Telstra. It’s taken offline after high-risk detection. Stay vigilant online.

## Summary
PhishDestroy identifies gchjnjhjhjhjjk.framer.website as a high-risk phishing domain impersonating Telstra. This site aimed to steal user credentials by mimicking Telstra's login page.

The phishing page displayed a fake "Sign in with your Telstra ID" prompt to trick users into submitting their login details. The domain resolved to IP 52.223.52.2 and was flagged by multiple security vendors before being taken offline.

Users should never enter credentials on suspicious URLs, verify official site addresses, and report phishing attempts immediately. Using updated security software and enabling multi-factor authentication can provide additional protection.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Telstra
- Page title: Sign in with your Telstra ID

## Domain Intelligence
- Registered: 2021-11-19 00:00:00
- Expires: 2026-11-19 00:00:00
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 52.223.52.2
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns-1243.awsdns-27.org ns-1818.awsdns-35.co.uk ns-336.awsdns-42.com ns-792.awsdns-35.net
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "Gridinsoft", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b50a8-574b-75ce-bea5-37ed10c15192.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/56b03c02-f8ef-4bce-a691-100c580b1b6c
- Wayback Machine: https://web.archive.org/web/https://gchjnjhjhjhjjk.framer.website
- PhishDestroy: https://phishdestroy.io/domain/gchjnjhjhjhjjk.framer.website/
- LLM endpoint: https://phishdestroy.io/domain/gchjnjhjhjhjjk.framer.website/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gchjnjhjhjhjjk.framer.website/
Last updated: 2026-03-19