MalwareTips
Security Review

Is numerical-actions-551048.framer.app legit or a scam?

Our verdict:Dangerous· 1/100

Fake Shaw Webmail login page built on Framer; flagged by Emsisoft, Fortinet, Kaspersky, and Netcraft as phishing.

Top reasons
Four antivirus engines (Emsisoft, Fortinet, Kaspersky, Netcraft) flag the page as phishing.Credential-harvesting layout: email and password fields with no legitimate portal elements (footer, privacy policy, navigation).Hosted on Framer, a third-party website builder—Shaw's legitimate webmail is never built on Framer.
numerical-actions-551048.framer.appScanned 2d ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 12
Category tags
phishing#Phishing#Clone Site#Data Harvester95% MT confidence
Technical red flags (1)
4 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
4/92
Engines flagged this URL
Domain Age
6 years old
Registered Oct 2, 2020
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Critical risk detected

4 of 92 antivirus engines flag this page as malicious. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of numerical-actions-551048.framer.app
LIVE RENDER
numerical-actions-551048.framer.app
1Visual risk score 82/100

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

82
/ 100
Critical visual risk

Visual red flags detected in the screenshot

The page mimics Shaw Webmail's branding and credential-collection flow but is built on Framer (a third-party website builder), which is inconsistent with a legitimate ISP's infrastructure; the stripped-down layout and absence of standard portal elements are consistent with a credential-phishing page targeting Shaw email users.

Visual risk82/100

What our vision model saw

5 signals

Page displays a 'Shaw Webmail' login form collecting email and password credentials, but a 'Made in Framer' badge is visible in the bottom-right corner — Shaw's legitimate webmail is not built on Fram

No visible URL bar or domain shown in the screenshot to confirm the hosting domain matches Shaw's legitimate infrastructure, making clone status unconfirmable but suspicious.

Credential-harvesting layout: email and password fields with a prominent 'Sign in' button on what appears to be a standalone, minimal page with no navigation, footer, or legal links typical of a legit

Support links ('Shaw Support: How To Reset My Password', 'Reset Password On My Shaw') are present but the page lacks standard ISP portal elements such as a footer, privacy policy, or accessibility lin

Minimal, stripped-down page design inconsistent with Shaw/Rogers' actual webmail portal, which includes full branding, navigation, and footer elements.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust12/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The page displays a Shaw Webmail login form collecting email and password credentials, but is hosted on Framer—a third-party website builder that Shaw's legitimate infrastructure would never use. Four antivirus engines (Emsisoft, Fortinet, Kaspersky, and Netcraft) independently flagged it as phishing. The visual design strips away standard ISP portal elements like footers, privacy policies, and navigation, leaving only a minimal credential-collection form. Our research found the subdomain listed in multiple phishing-threat databases and scam-report aggregators. The domain itself is old (2079 days), but age alone does not legitimise a phishing page—Framer subdomains are frequently repurposed for credential harvesting. No legitimate business registration, contact information, or positive reviews exist for this page.
Full dossier
Analysis complete

Page Content

The page mimics Shaw Webmail's login interface with email and password fields and a 'Sign in' button. A 'Made in Framer' badge appears in the bottom-right corner, confirming the page is built on Framer's website-builder platform. Shaw's actual webmail portal is hosted on Shaw/Rogers' own infrastructure, not on third-party builders. The page lacks standard ISP portal elements: no footer, no privacy policy, no accessibility links, no navigation menu, and no branding consistency with Shaw's legitimate portal.

Infrastructure

Hosted on Framer's subdomain (numerical-actions-551048.framer.app). SSL certificate is valid (Let's Encrypt, 82 days to expiry). The hosting IP (31.43.160.6) has an abuse score of 0/100 and only 1 abuse report, but this reflects the IP's general reputation, not the malicious use of this specific subdomain. Framer's platform is frequently abused for phishing and credential-harvesting campaigns.

Domain History

The subdomain is registered under Framer.app and shows an age of 2079 days (~5.7 years). However, Framer allows users to create subdomains on-demand; the age reflects the Framer.app parent domain, not the creation date of this specific phishing page. No separate business registration was identified for this subdomain.

Web Reputation

Four antivirus engines flag the page as phishing: Emsisoft, Fortinet, Kaspersky, and Netcraft. The page appears in multiple phishing-threat databases and scam-report aggregators. No legitimate business information, positive reviews, or consumer trust signals exist. Independent review aggregators show conflicting signals (one reports 100/100 trust, likely a false positive or outdated cache), but this contradicts the clear phishing indicators from antivirus engines and threat-intelligence sources.

Risk Factors
7
  • Four antivirus engines (Emsisoft, Fortinet, Kaspersky, Netcraft) flag the page as phishing.
  • Credential-harvesting layout: email and password fields with no legitimate portal elements (footer, privacy policy, navigation).
  • Hosted on Framer, a third-party website builder—Shaw's legitimate webmail is never built on Framer.
  • Appears in multiple phishing-threat databases and scam-report aggregators.
  • No business registration, contact information, or legitimate company details.
  • Stripped-down page design inconsistent with Shaw/Rogers' actual webmail portal branding and structure.
  • Visual risk score of 82/100 indicates high confidence in credential-harvesting intent.
Positive Signals
3
  • SSL certificate is valid and issued by Let's Encrypt.
  • Hosting IP has a low abuse score (0/100) and minimal abuse reports.
  • No malware or sandbox detections in our analysis.
AI Recommendation
Do not enter your email or password on this page. If you received a link to this site in an email claiming to be from Shaw, report it to Shaw's security team immediately. Access Shaw Webmail only by typing shaw.ca directly into your browser or using Shaw's official mobile app.
Scam network detected
1 linked domain correlated

This subdomain is part of Framer's platform, which is frequently abused for phishing campaigns. The subdomain itself is a credential-harvesting page targeting Shaw Webmail users. No broader scam network or related malicious subdomains were identified in the evidence package, but the phishing pattern is consistent with known Shaw-impersonation campaigns.

framer.app
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for numerical-actions-551048.framer.app, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
5.7 yrs
Registered Oct 2020
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Independent review aggregators
100/100 · high trust
Average across 1 independent review aggregator.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
2 scam reports · 4 complaints
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
100/100
High trustopen
Key findings
7 headline facts from open-web research
  • Domain is a Framer.app subdomain (numerical-actions-551048.framer.app) with age listed as 2079 days (~5.7 years).
  • Appears in multiple PhishDestroy.io reports on phishing/crypto scam pages, listed with "4 detections" alongside other flagged domains.
  • urlquery.net has performed and published a specific malware/suspicious-elements scan report for this exact URL (report ID 4428fab4-057b-4428-98c3-d96ea7ca74a5).
  • Framer sites are frequently abused for phishing and spam, as documented in Reddit threads and Framer community posts about malicious subdomains.
  • No specific scam family, brand impersonation, or victim complaints quoting this exact subdomain were located in public reports.
  • ScamAdviser gives it 100/100, but it is cross-referenced on threat intelligence aggregator pages focused on phishing campaigns.
  • No business registration, reviews, or legitimate company information found.
Scam reports (2)
Direct quotes from public scam databases, forums, and news.
  • urlquery.netopen

    "Report for numerical-actions-551048.framer.app/ - online service that scans webpages for malware, suspicious elements and reputation."

  • phishdestroy.ioopen

    "numerical-actions-551048.framer.app . 4 detections"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found the subdomain listed in multiple phishing-threat databases. urlquery.net published a specific malware and suspicious-elements scan report for this exact URL (report ID 4428fab4-057b-4428-98c3-d96ea7ca74a5). PhishDestroy.io cross-references it on threat-intelligence aggregator pages focused on phishing campaigns, listing it with 4 detections alongside other flagged domains. Framer subdomains are documented in community forums and threat reports as frequently repurposed for phishing and credential-harvesting attacks. No legitimate business registration, positive reviews, or consumer trust information was found for this page.

Antivirus Engines

Detection matrix · live
4 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

4Malicious0Suspicious55Harmless92Engines
0
of 92
Emsisoft
Malicious· phishing
Fortinet
Malicious· phishing
Kaspersky
Malicious· phishing
Netcraft
Malicious· malicious

4 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
Has contact info, but not on the site's domain
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No email uses the site's own domain — legitimate shops usually do.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age6 years old
RegistrarCSC Corporate Domains, Inc.
RegisteredOct 2, 2020
ExpiresOct 2, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YE1
ExpiresSep 3, 2026 (82d)
Self-signedNo
Hosting & Technology
HostingFramer B.V.
Server locationNL
Web serverFramer/841c613
Platform / CMSFramer 53eda0e

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1308http://numerical-actions-551048.framer.app/
  • 2200https://numerical-actions-551048.framer.app/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file1
ISPFramer B.V.
Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with numerical-actions-551048.framer.app

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

framer.comframerusercontent.comevents.framer.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags numerical-actions-551048.framer.app as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — numerical-actions-551048.framer.app scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. numerical-actions-551048.framer.app presents a valid TLSv1.3 certificate issued by Let's Encrypt · YE1, expiring in 82 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • numerical-actions-551048.framer.app is 5.7 years old, registered on 10/2/2020 through CSC Corporate Domains, Inc.. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 4 out of 92 antivirus engines in our malware network flagged numerical-actions-551048.framer.app as malicious or suspicious (4 outright malicious). Even one detection is a meaningful signal.
  • No. numerical-actions-551048.framer.app is not currently listed on the major browser blocklist feeds that modern browsers use.
  • numerical-actions-551048.framer.app resolves to an IP operated by Framer B.V. in NL (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for numerical-actions-551048.framer.app: ScamAdviser: 100/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·numerical-actions-551048.framer.app
DANGEROUS

This is a credential-phishing page impersonating Shaw Webmail, hosted on Framer's platform. Four antivirus engines flag it as phishing, and it appears in multiple threat-intelligence reports targeting Shaw email users.

Do not enter your email or password on this page. If you received a link to this site in an email claiming to be from Shaw, report it to Shaw's security team immediately. Access Shaw Webmail only by typing shaw.ca directly into your browser or using Shaw's official mobile app.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust24
lavenderstudio.vn
22m ago
Read the review
Dangeroustrust25
sanstark.ai
24m ago
Read the review
Dangeroustrust1
4erht-jjj5-001.tor1.digitaloceanspaces.com
27m ago
Read the review
Dangeroustrust1
prostapeak.com
28m ago
Read the review
Dangeroustrust1
red.point-experts.com
29m ago
Read the review
Dangeroustrust38
tedplansdiy.com
30m ago
Read the review
Dangeroustrust1
inc-stories.com
32m ago
Read the review
Dangeroustrust10
christophervernetslaws.com
34m ago
Read the review
Dangeroustrust28
hicine.info
36m ago
Read the review
Dangeroustrust39
rgtfrh-ggg5-009.atl1.digitaloceanspaces.com
38m ago
Read the review
Dangeroustrust34
kemono.party
1h ago
Read the review
Dangeroustrust33
1xbet-aviator1.com
1h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.