# teltrservvisupprttttssystt.framer.website — MALICIOUS

> Stay safe from phishing by avoiding teltrservvisupprttttssystt.framer.website, a fake Telstra sign-in site. Never enter credentials on suspicious domains.

## Summary
PhishDestroy identifies teltrservvisupprttttssystt.framer.website as a high-risk phishing domain impersonating Telstra, a major telecommunications provider. Although currently offline, this domain was designed to trick users into believing they were signing into their genuine Telstra ID accounts, posing significant risk to personal data and account security.

This phishing campaign operated by hosting a fake login page titled "Sign in with your Telstra ID" to deceive users into submitting sensitive credentials. The domain was registered in late 2021 and flagged by multiple security vendors. It also appeared on at least one security blocklist and resolved to an IP address known for malicious activity, indicating its role in credential theft through brand impersonation.

If a user visited this domain and entered their Telstra credentials, they should immediately change their Telstra account password and enable multi-factor authentication if available. Monitoring bank and service accounts for unauthorized activity is also critical. Users are advised to never trust unfamiliar URLs claiming to be official brand login portals and to verify website authenticity before providing any personal information.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Target brand: Telstra
- Page title: Sign in with your Telstra ID

## Domain Intelligence
- Registered: 2021-11-19 00:00:00
- Expires: 2026-11-19 00:00:00
- Registrar: CSC Corporate Domains, Inc.
- Country: US
- IP: 35.71.142.77
- IP Country: US
- IP City: Seattle
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns-1243.awsdns-27.org ns-1818.awsdns-35.co.uk ns-336.awsdns-42.com ns-792.awsdns-35.net
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "MalwareURL", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b73c5-106b-70fd-b909-9ebfed039d3f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f4220028-693f-416c-932f-22afbfb47be5
- Wayback Machine: https://web.archive.org/web/https://teltrservvisupprttttssystt.framer.website
- PhishDestroy: https://phishdestroy.io/domain/teltrservvisupprttttssystt.framer.website/
- LLM endpoint: https://phishdestroy.io/domain/teltrservvisupprttttssystt.framer.website/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/teltrservvisupprttttssystt.framer.website/
Last updated: 2026-03-19