03numberguru.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 104.28.1.228, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 03numberguru.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on February 22nd 2018. Valid for: 6 months.

This is the only time 03numberguru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	104.28.1.228 104.28.1.228	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	52.222.166.250 52.222.166.250	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	2

2 104.28.1.228 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

03numberguru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.222.166.250 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-166-250.fra54.r.cloudfront.net

images-na.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ssl-images-amazon.com images-na.ssl-images-amazon.com	139 KB
2	03numberguru.com 1 redirects 03numberguru.com	8 KB
1	media-amazon.com m.media-amazon.com	26 KB
6	3

	Domain	Requested by
4	images-na.ssl-images-amazon.com	03numberguru.com
2	03numberguru.com	1 redirects
1	m.media-amazon.com	03numberguru.com
6	3

This site contains no links.

Subject Issuer	Validity	Valid
sni185342.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-02-22` - `2018-08-31`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://03numberguru.com/sms.html
Frame ID: D6F1465C9326DD9A78F7F7EC576CB847
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://03numberguru.com/login.php HTTP 302
https://03numberguru.com/sms.html Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Zepto$/i

Page Statistics

6
Requests

17 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

172 kB
Transfer

605 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://03numberguru.com/login.php HTTP 302
https://03numberguru.com/sms.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request sms.html Show response 03numberguru.com/ Redirect Chain https://03numberguru.com/login.php https://03numberguru.com/sms.html	27 KB 7 KB	73ms 72ms	Document text/html	104.28.1.228 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://03numberguru.com/sms.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.28.1.228 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `cb1682971fa9d6010acc5395bab0171d8e53cb029c157b3089ae7af4189637ff` Request headers :path /sms.html pragma no-cache accept-encoding gzip, deflate upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 cache-control no-cache :authority 03numberguru.com cookie __cfduid=da6bc3c6dcecb051a8c41b07898490d4c1522293593 :scheme https :method GET User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Thu, 29 Mar 2018 03:19:54 GMT content-encoding gzip last-modified Thu, 01 Mar 2018 07:14:37 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html status 200 x-turbo-charged-by LiteSpeed cf-ray 402f3292cc729be7-AMS Redirect headers date Thu, 29 Mar 2018 03:19:53 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" status 302 content-type text/html; charset=UTF-8 location sms.html cache-control no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed set-cookie __cfduid=da6bc3c6dcecb051a8c41b07898490d4c1522293593; expires=Fri, 29-Mar-19 03:19:53 GMT; path=/; domain=.03numberguru.com; HttpOnly accept-ranges bytes cf-ray 402f328fbad29be7-AMS
GET S	200	61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css images-na.ssl-images-amazon.com/images/I/	136 KB 23 KB	30ms 8ms	Stylesheet text/css	52.222.166.250 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css Requested by Host: 03numberguru.com URL: https://03numberguru.com/sms.html Protocol SPDY Server 52.222.166.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-166-250.fra54.r.cloudfront.net Software Server / Resource Hash `b06058dda50252e2ff430d60f9d799d44e0dbbad47006ea169aa9abd90146459` Request headers Referer https://03numberguru.com/sms.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 17 Mar 2017 07:20:24 GMT content-encoding gzip last-modified Thu, 16 Mar 2017 06:31:45 GMT server Server age 14744786 status 200 x-cache Hit from cloudfront content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id d6e10c41-76e6-478e-a5c1-01b80d43c8ff x-amz-cf-id VHIFIO4hr_ZaZFMihasmIuDSUx_pq0RU5LX_SSYnNVNYPMtDYkqEPw== via 1.1 edee3ff8f335740e0ea86cf9f62b5ae9.cloudfront.net (CloudFront) expires Wed, 18 May 2033 03:33:20 GMT
GET S	200	AuthenticationPortalAssets-92bdcb014495140f8aca9d91e6f2d7091fe1850f._V2_.css images-na.ssl-images-amazon.com/images/G/01/AUIClients/	32 KB 7 KB	34ms 12ms	Stylesheet text/css	52.222.166.250 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AuthenticationPortalAssets-92bdcb014495140f8aca9d91e6f2d7091fe1850f._V2_.css Requested by Host: 03numberguru.com URL: https://03numberguru.com/sms.html Protocol SPDY Server 52.222.166.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-166-250.fra54.r.cloudfront.net Software Server / Resource Hash `a35ce523d97474b43694a6e33939edeaa7fda55c4626c1fa0af4321e533cd98d` Request headers Referer https://03numberguru.com/sms.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Fri, 01 Dec 2017 02:20:33 GMT content-encoding gzip last-modified Tue, 28 Nov 2017 18:36:17 GMT server Server age 10266845 status 200 x-cache Hit from cloudfront content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 1e624475-c562-43f7-9fa1-0219e9c12baf timing-allow-origin https://www.amazon.com x-amz-cf-id PfvJhA789v8galzSbuUVhxYVuLMcj0Hew5n-_QDILWtdSFvTQv_1gw== via 1.1 edee3ff8f335740e0ea86cf9f62b5ae9.cloudfront.net (CloudFront) expires Mon, 23 Nov 2037 22:50:39 GMT
GET S	200	CVFAssets-e91ba5c6e67c58c7f9c4c413fa67697feade389e._V2_.css images-na.ssl-images-amazon.com/images/G/01/AUIClients/	2 KB 1 KB	30ms 9ms	Stylesheet text/css	52.222.166.250 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/CVFAssets-e91ba5c6e67c58c7f9c4c413fa67697feade389e._V2_.css Requested by Host: 03numberguru.com URL: https://03numberguru.com/sms.html Protocol SPDY Server 52.222.166.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-166-250.fra54.r.cloudfront.net Software Server / Resource Hash `ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7` Request headers Referer https://03numberguru.com/sms.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Tue, 17 Oct 2017 19:50:46 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 21:31:50 GMT server Server age 14096989 status 200 x-cache Hit from cloudfront content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id b5d6dfa5-80df-4ce0-97d3-333b663a48f7 x-amz-cf-id lFAvhFJGDv0iNgeIy_d0_M-ZXFQAdOiPJMbVjTmHVjp89gKda-_U6w== via 1.1 edee3ff8f335740e0ea86cf9f62b5ae9.cloudfront.net (CloudFront) expires Sun, 11 Oct 2037 23:30:05 GMT
GET S	200	fwcim._CB513229088_.js Show response images-na.ssl-images-amazon.com/images/G/03/x-locale/common/login/	383 KB 108 KB	30ms 9ms	Script application/x-javascript	52.222.166.250 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/G/03/x-locale/common/login/fwcim._CB513229088_.js Requested by Host: 03numberguru.com URL: https://03numberguru.com/sms.html Protocol SPDY Server 52.222.166.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-166-250.fra54.r.cloudfront.net Software Server / Resource Hash `c854c61bda66041aa3f86a791e9606bddcd87ad170a6476c25207f27b966d8e9` Request headers Referer https://03numberguru.com/sms.html Origin https://03numberguru.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Mon, 16 Oct 2017 20:19:30 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 16:18:16 GMT server Server age 14108424 status 200 x-cache Hit from cloudfront content-type application/x-javascript access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 74c85784-a151-42a7-b240-953a9b7f1761 x-amz-cf-id NFuLbXffFePP4oL2vvsDZwcpD1vxhIJAsFjPYZ_6VfqWHELO4qxF9A== via 1.1 908aa9ee313ac50f6968b1dda0d184c6.cloudfront.net (CloudFront) expires Sun, 11 Oct 2037 20:19:30 GMT
GET S	200	AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png m.media-amazon.com/images/G/01/AUIClients/	26 KB 26 KB	25ms 8ms	Image image/png	52.222.166.250 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png Requested by Host: 03numberguru.com URL: https://03numberguru.com/sms.html Protocol SPDY Server 52.222.166.250 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-52-222-166-250.fra54.r.cloudfront.net Software Server / Resource Hash `e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d` Request headers Referer https://images-na.ssl-images-amazon.com/images/I/61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sun, 28 May 2017 08:19:33 GMT via 1.1 420810dc8ca5cb74b64cae9e4b264cc9.cloudfront.net (CloudFront) last-modified Thu, 15 Sep 2016 00:28:49 GMT server Server age 26347279 status 200 x-cache Hit from cloudfront content-type image/png; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 4e14741e-31e8-4f82-bd4c-2f14af88551d timing-allow-origin https://www.amazon.com content-length 26119 x-amz-cf-id AEW0n2K3M7xemdBtdsXvJZ6pVcPCGbSIc8UsvqcxA764Mz37xucguQ== expires Wed, 18 May 2033 03:33:20 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.03numberguru.com/	1970-01-18 23:37:09	Name: __cfduid Value: da6bc3c6dcecb051a8c41b07898490d4c1522293593

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

03numberguru.com
images-na.ssl-images-amazon.com
m.media-amazon.com
104.28.1.228
52.222.166.250
a35ce523d97474b43694a6e33939edeaa7fda55c4626c1fa0af4321e533cd98d
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b06058dda50252e2ff430d60f9d799d44e0dbbad47006ea169aa9abd90146459
c854c61bda66041aa3f86a791e9606bddcd87ad170a6476c25207f27b966d8e9
cb1682971fa9d6010acc5395bab0171d8e53cb029c157b3089ae7af4189637ff
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d

03numberguru.com Open in urlscan Pro 104.28.1.228 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

17 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

172 kBTransfer

605 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

Indicators

03numberguru.com Open in urlscan Pro
104.28.1.228 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

17 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

172 kB
Transfer

605 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!