pages.deskera.com Open in urlscan Pro
2600:9000:223e:1e00:d:6efa:7c80:93a1  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 27bf53d644ff409f709519c9761231fd.html Show response pages.deskera.com/a/uv4d8sxazm/campaign/	4 KB 2 KB	1178ms 710ms	Document text/html	2600:9000:223e:1e00:d:6efa:7c80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://pages.deskera.com/a/uv4d8sxazm/campaign/27bf53d644ff409f709519c9761231fd.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:1e00:d:6efa:7c80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8e0c6936a0b00755861e5b4b25f00d7cf427fc67903434a90c20a67a9ba4d328 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers content-encoding gzip content-type text/html date Fri, 22 Nov 2024 18:20:21 GMT etag W/"d21ba0b991c8c4850bae3f3322277e41" last-modified Sat, 27 Aug 2022 03:37:04 GMT server AmazonS3 vary accept-encoding via 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront) x-amz-cf-id wBtkMm-9ERgEZT3jmCynk0QSjvXS5QA2TxugwaTD-u2UXmYAFE88OA== x-amz-cf-pop FRA56-P4 x-cache Miss from cloudfront
GET H/1.1	200 OK	FormSubmission.js Show response js-bucketnew.s3.ap-southeast-1.amazonaws.com/	12 KB 12 KB	1423ms 389ms	Script application/javascript	3.5.146.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js-bucketnew.s3.ap-southeast-1.amazonaws.com/FormSubmission.js Requested by Host: pages.deskera.com URL: https://pages.deskera.com/a/uv4d8sxazm/campaign/27bf53d644ff409f709519c9761231fd.html Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 3.5.146.16 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS s3-ap-southeast-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash b15b00901ae5ee959f5f2f06a058eabce2d12067e0167d6f0eb5ffe068244dba Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pages.deskera.com/ Response headers x-amz-id-2 rPTjv7QxLDbprsbFiAbVxmjbNWaKqKJSXP0tYDIsyjv/mKwuZfoAtUt3ApVXOS4YWkbE3a4frUI7vHGV9xcgWg== ETag "9bf26f4b342e1f70e3f4503d7a7821f2" x-amz-version-id LfNmCVlfc3ZVTImzf5X1WWHKXV1kGddL x-amz-request-id YTSH9ZQ7DYB78EX2 Accept-Ranges bytes Content-Length 12125 Date Fri, 22 Nov 2024 18:20:22 GMT Last-Modified Tue, 18 Oct 2022 15:48:17 GMT Content-Type application/javascript Server AmazonS3 x-amz-server-side-encryption AES256
GET H/1.1	200 OK	LoadScript.js Show response js-bucketnew.s3.ap-southeast-1.amazonaws.com/	11 KB 12 KB	1832ms 408ms	Script application/javascript	3.5.146.16 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js-bucketnew.s3.ap-southeast-1.amazonaws.com/LoadScript.js Requested by Host: pages.deskera.com URL: https://pages.deskera.com/a/uv4d8sxazm/campaign/27bf53d644ff409f709519c9761231fd.html Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 3.5.146.16 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS s3-ap-southeast-1-r-w.amazonaws.com Software AmazonS3 / Resource Hash a8bfda056106604a79d6709e90aeb1f6b547d10c8df1e0bfaa167cbef80b4f00 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pages.deskera.com/ Response headers ETag "7a58baf349fc00e51546f055d4733e8e" x-amz-version-id LvbHVynBMOt6p1JtCpAeUmC2IK0TznCn x-amz-request-id YTSVX29RV9995MAG Accept-Ranges bytes Content-Length 11437 Date Fri, 22 Nov 2024 18:20:22 GMT Last-Modified Fri, 30 Sep 2022 11:19:15 GMT Content-Type application/javascript Server AmazonS3 x-amz-id-2 70a3vKZn7BauD29VmKzR7H1jDNz2O9Bg9zqSFxm0VJT5OXxFDnsIicZhmHhDUlMOg+nYDlqGbxjYPUGWUaMntw==
GET H/1.1	200 OK	1661571323487_logo-c4bq-2018.png s3.us-west-2.amazonaws.com/cdn-crm-produs-env/report/thumbnail/268076/	11 KB 12 KB	654ms 242ms	Image image/png	52.218.182.32 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.us-west-2.amazonaws.com/cdn-crm-produs-env/report/thumbnail/268076/1661571323487_logo-c4bq-2018.png Requested by Host: pages.deskera.com URL: https://pages.deskera.com/a/uv4d8sxazm/campaign/27bf53d644ff409f709519c9761231fd.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.218.182.32 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2.amazonaws.com Software AmazonS3 / Resource Hash 328424b4d4ec7381b0e3a2ecf900f8823fb06a06be1771ddcb724e29cd93e70b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pages.deskera.com/ Response headers ETag "eff371101037a3d647cac703b98ca5d3" x-amz-request-id 7DW9A1RBYBWF4DRS Accept-Ranges bytes Content-Length 11513 Date Fri, 22 Nov 2024 18:20:21 GMT Last-Modified Sat, 27 Aug 2022 03:35:24 GMT Content-Type image/png Server AmazonS3 x-amz-id-2 Yg2UkwVfPdo4lWI0hBpRMVhwdC4D+ok3X9d9m81DrH/NCZawEB078p4xxgFTJDgr/twqo7J+DHI=
GET H/1.1	200 OK	1661571386518_CARREFOUR-BANQUE.png s3.us-west-2.amazonaws.com/cdn-crm-produs-env/report/thumbnail/268076/	12 KB 12 KB	893ms 235ms	Image image/png	52.218.182.32 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.us-west-2.amazonaws.com/cdn-crm-produs-env/report/thumbnail/268076/1661571386518_CARREFOUR-BANQUE.png Requested by Host: pages.deskera.com URL: https://pages.deskera.com/a/uv4d8sxazm/campaign/27bf53d644ff409f709519c9761231fd.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.218.182.32 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2.amazonaws.com Software AmazonS3 / Resource Hash 49ae1d478b42dcc3529041ad94c5d9337b924f781362c59ac1b6e62af0d7d6f4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pages.deskera.com/ Response headers ETag "8f4ffd23c139ec98b4cb1ff3719d8ffc" x-amz-request-id YTSX05H0T0CRVZV6 Accept-Ranges bytes Content-Length 12267 Date Fri, 22 Nov 2024 18:20:22 GMT Last-Modified Sat, 27 Aug 2022 03:36:27 GMT Content-Type image/png Server AmazonS3 x-amz-id-2 Xn3eKGWj9CrphaYTu/V30S5uOrSuhVeZJjjc4WHYy1tkJ969rTYEoZpzpBkeGdL9A0l98XghWg0=
GET H2	200	favicon.ico crm-ui-dev.deskera.xyz/	15 KB 15 KB	884ms 196ms	Other image/x-icon	139.59.55.141 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://crm-ui-dev.deskera.xyz/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 139.59.55.141 Bengaluru, India, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash 33a4b601185c2e2ca9127014668d3ed8c103fade61ad1cc68890ed6fd02648b2 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://pages.deskera.com/ Response headers strict-transport-security max-age=15724800; includeSubDomains etag "67405380-3c2e" proxy_pass_request_headers on proxy_set_header X-Forwarded-For 146.70.74.118, 10.244.5.200, 146.70.74.118, add_header Access-Control-Allow-Headers _csrf_token accept-ranges bytes content-length 15406 date Fri, 22 Nov 2024 18:20:22 GMT content-type image/x-icon last-modified Fri, 22 Nov 2024 09:48:48 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Carrefour (Financial)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| addDKCRMFormSubmitEventListener function| handleFileInputClick function| handleSubmitAction function| resetFormData function| isEmpty function| getDKCRMFormRequestObj function| getDKCRMFormRequestOptions function| onSuccessfulSubmission function| getUploadFileURL function| checkFileUploadValidation function| onDKCRMFormSubmit function| submitCall object| stopper function| checkEmailUnsubscribe function| runTimerCounter function| showTimer function| setDKTimerTimeOut function| idSplit function| setStyleForActive function| setGalleryTimeOut function| onMouseOver function| onMouseLeave function| imageGalleryThumbnail function| imageGallery function| trackVisit function| addScripts function| addScriptToHTML function| appendScriptElement function| appendNoScriptElement function| addMetaData function| setDocumentTitle function| setMetaDescription function| setCanonicalLink

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

crm-ui-dev.deskera.xyz
js-bucketnew.s3.ap-southeast-1.amazonaws.com
pages.deskera.com
s3.us-west-2.amazonaws.com
139.59.55.141
2600:9000:223e:1e00:d:6efa:7c80:93a1
3.5.146.16
52.218.182.32
328424b4d4ec7381b0e3a2ecf900f8823fb06a06be1771ddcb724e29cd93e70b
33a4b601185c2e2ca9127014668d3ed8c103fade61ad1cc68890ed6fd02648b2
49ae1d478b42dcc3529041ad94c5d9337b924f781362c59ac1b6e62af0d7d6f4
8e0c6936a0b00755861e5b4b25f00d7cf427fc67903434a90c20a67a9ba4d328
a8bfda056106604a79d6709e90aeb1f6b547d10c8df1e0bfaa167cbef80b4f00
b15b00901ae5ee959f5f2f06a058eabce2d12067e0167d6f0eb5ffe068244dba