![](/screenshots/33607c88-95aa-406e-af54-e65cb624d509.png)
03numberguru.com
Open in
urlscan Pro
104.28.1.228
Malicious Activity!
Public Scan
Effective URL: https://03numberguru.com/sms.html
Submission: On March 29 via automatic, source phishtank
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on February 22nd 2018. Valid for: 6 months.
This is the only time 03numberguru.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 104.28.1.228 104.28.1.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
5 | 52.222.166.250 52.222.166.250 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
6 | 2 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
03numberguru.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-166-250.fra54.r.cloudfront.net
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
139 KB |
2 |
03numberguru.com
1 redirects
03numberguru.com |
8 KB |
1 |
media-amazon.com
m.media-amazon.com |
26 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
4 | images-na.ssl-images-amazon.com |
03numberguru.com
|
2 | 03numberguru.com | 1 redirects |
1 | m.media-amazon.com |
03numberguru.com
|
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni185342.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-02-22 - 2018-08-31 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://03numberguru.com/sms.html
Frame ID: D6F1465C9326DD9A78F7F7EC576CB847
Requests: 6 HTTP requests in this frame
Screenshot
![](/screenshots/33607c88-95aa-406e-af54-e65cb624d509.png)
Page URL History Show full URLs
-
https://03numberguru.com/login.php
HTTP 302
https://03numberguru.com/sms.html Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /cloudflare/i
![](/vendor/wappa/icons/Zepto.png)
Detected patterns
- env /^Zepto$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://03numberguru.com/login.php
HTTP 302
https://03numberguru.com/sms.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
sms.html
03numberguru.com/ Redirect Chain
|
27 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
136 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AuthenticationPortalAssets-92bdcb014495140f8aca9d91e6f2d7091fe1850f._V2_.css
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
32 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
CVFAssets-e91ba5c6e67c58c7f9c4c413fa67697feade389e._V2_.css
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
fwcim._CB513229088_.js
images-na.ssl-images-amazon.com/images/G/03/x-locale/common/login/ |
383 KB 108 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| m string| d function| cf boolean| __fwcimLoaded object| fwcim function| Zepto function| $ boolean| __fwcimShimProfileReady undefined| ue_mbl undefined| ue_pty undefined| ue_adb1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.03numberguru.com/ | Name: __cfduid Value: da6bc3c6dcecb051a8c41b07898490d4c1522293593 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
03numberguru.com
images-na.ssl-images-amazon.com
m.media-amazon.com
104.28.1.228
52.222.166.250
a35ce523d97474b43694a6e33939edeaa7fda55c4626c1fa0af4321e533cd98d
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b06058dda50252e2ff430d60f9d799d44e0dbbad47006ea169aa9abd90146459
c854c61bda66041aa3f86a791e9606bddcd87ad170a6476c25207f27b966d8e9
cb1682971fa9d6010acc5395bab0171d8e53cb029c157b3089ae7af4189637ff
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d