URL: https://crm.naramaxx.com/?viewsss
Submission Tags: @phish_report
Submission: On August 21 via api from FI — Scanned from FI

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 193.36.63.250, located in Bursa, Turkey and belongs to SERVERPLUS, TR. The main domain is crm.naramaxx.com.
TLS certificate: Issued by R3 on August 2nd 2023. Valid for: 3 months.
This is the only time crm.naramaxx.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online) Amazon Japan (Online)

Domain & IP information

IP Address AS Autonomous System
11 193.36.63.250 201086 (SERVERPLUS)
11 1
Apex Domain
Subdomains
Transfer
11 naramaxx.com
crm.naramaxx.com
230 KB
11 1
Domain Requested by
11 crm.naramaxx.com crm.naramaxx.com
11 1

This site contains no links.

Subject Issuer Validity Valid
www.crm.naramaxx.com
R3
2023-08-02 -
2023-10-31
3 months crt.sh

This page contains 1 frames:

Primary Page: https://crm.naramaxx.com/?viewsss
Frame ID: 1073190C4894FADA998D0868133681F9
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Amazon Sign-in

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

230 kB
Transfer

536 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
crm.naramaxx.com/
3 KB
2 KB
Document
General
Full URL
https://crm.naramaxx.com/?viewsss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/ PHP/8.1.17
Resource Hash
c438bfc039c472b25def71834b4514a9dcb6a8c1497f08f93fbec0d630adc0fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
POST, OPTIONS, GET
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
public, max-age=3600
content-encoding
br
content-length
1651
content-type
text/html; charset=UTF-8
date
Mon, 21 Aug 2023 02:32:36 GMT
expires
Mon, 21 Aug 2023 03:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
PHP/8.1.17
x-xss-protection
1; mode=block
main.26569d68.chunk.css
crm.naramaxx.com/static/css/
103 KB
23 KB
Stylesheet
General
Full URL
https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/?viewsss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
48c926fab7c2d2b712d29042337a98d989b152df861289a0fa14ea28357257df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/?viewsss
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
23565
x-xss-protection
1; mode=block
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
text/css
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Tue, 20 Aug 2024 02:32:36 GMT
3.b341397e.chunk.js
crm.naramaxx.com/static/js/
247 KB
80 KB
Script
General
Full URL
https://crm.naramaxx.com/static/js/3.b341397e.chunk.js
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/?viewsss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
029e6ab701ef269caf2dea15e78fd140cb1ef335e4fa9551e6bca3d3dc4d3824
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/?viewsss
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
81773
x-xss-protection
1; mode=block
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Tue, 20 Aug 2024 02:32:36 GMT
main.04cccc3d.chunk.js
crm.naramaxx.com/static/js/
54 KB
19 KB
Script
General
Full URL
https://crm.naramaxx.com/static/js/main.04cccc3d.chunk.js
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/?viewsss
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
efd5665ac72bc88ce6ca054ab9da795d16b1f484a7f8f0ff1beba337991b720e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/?viewsss
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
19333
x-xss-protection
1; mode=block
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Tue, 20 Aug 2024 02:32:36 GMT
supply
crm.naramaxx.com/api/
1 KB
1 KB
XHR
General
Full URL
https://crm.naramaxx.com/api/supply
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/static/js/3.b341397e.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/ PHP/8.1.17
Resource Hash
5afcf8fe0c76f4ed8b51a8d22d1232df8d15d924c1bf96b615ffa0a5efaf8f1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://crm.naramaxx.com/?viewsss
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
PHP/8.1.17
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
709
x-xss-protection
1; mode=block
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=3600
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Mon, 21 Aug 2023 03:32:36 GMT
pDxWAF1pBB0dzGB.2c1d70d6.woff2
crm.naramaxx.com/static/media/
16 KB
16 KB
Font
General
Full URL
https://crm.naramaxx.com/static/media/pDxWAF1pBB0dzGB.2c1d70d6.woff2
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Origin
https://crm.naramaxx.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
x-frame-options
DENY
access-control-allow-methods
POST, OPTIONS, GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=604800
vary
User-Agent
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
16616
x-xss-protection
1; mode=block
expires
Mon, 28 Aug 2023 02:32:36 GMT
ping
crm.naramaxx.com/api/
2 B
133 B
XHR
General
Full URL
https://crm.naramaxx.com/api/ping
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/static/js/3.b341397e.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/ PHP/8.1.17
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://crm.naramaxx.com/ap/signin?session=avgl69o9jn7wi1ldnkfmcch0br2qfmk5gv134wwi2tduzx6ahcp1jg3gsvirczz6
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 21 Aug 2023 02:32:37 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-powered-by
PHP/8.1.17
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=3600
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
6
x-xss-protection
1; mode=block
expires
Mon, 21 Aug 2023 03:32:37 GMT
0.b3491ad5.chunk.js
crm.naramaxx.com/static/js/
22 KB
8 KB
Script
General
Full URL
https://crm.naramaxx.com/static/js/0.b3491ad5.chunk.js
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/?viewsss
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
ee58d4a92736a825248251164317d15e59e1270fff5635920c1bfd68b6ac5d6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/ap/signin?session=avgl69o9jn7wi1ldnkfmcch0br2qfmk5gv134wwi2tduzx6ahcp1jg3gsvirczz6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
8084
x-xss-protection
1; mode=block
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Tue, 20 Aug 2024 02:32:36 GMT
13.36fc15e3.chunk.js
crm.naramaxx.com/static/js/
12 KB
3 KB
Script
General
Full URL
https://crm.naramaxx.com/static/js/13.36fc15e3.chunk.js
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/?viewsss
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
3d88168c0f1a9c19180119fb533febc3b67a49553b3909bafa4fbd03fbe05bc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/ap/signin?session=avgl69o9jn7wi1ldnkfmcch0br2qfmk5gv134wwi2tduzx6ahcp1jg3gsvirczz6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3081
x-xss-protection
1; mode=block
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
DENY
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
POST, OPTIONS, GET
cache-control
public, max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
expires
Tue, 20 Aug 2024 02:32:36 GMT
main.d33128ec.png
crm.naramaxx.com/static/media/
60 KB
61 KB
Image
General
Full URL
https://crm.naramaxx.com/static/media/main.d33128ec.png
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
x-frame-options
DENY
access-control-allow-methods
POST, OPTIONS, GET
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
vary
User-Agent
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
61917
x-xss-protection
1; mode=block
expires
Wed, 20 Sep 2023 02:32:36 GMT
KFPk-9IF4FqAqY-.4de52a40.woff2
crm.naramaxx.com/static/media/
16 KB
16 KB
Font
General
Full URL
https://crm.naramaxx.com/static/media/KFPk-9IF4FqAqY-.4de52a40.woff2
Requested by
Host: crm.naramaxx.com
URL: https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
193.36.63.250 Bursa, Turkey, ASN201086 (SERVERPLUS, TR),
Reverse DNS
server.verimek.com
Software
/
Resource Hash
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://crm.naramaxx.com/static/css/main.26569d68.chunk.css
Origin
https://crm.naramaxx.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Mon, 21 Aug 2023 02:32:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 20 Aug 2023 21:30:16 GMT
x-frame-options
DENY
access-control-allow-methods
POST, OPTIONS, GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=604800
vary
User-Agent
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
16460
x-xss-protection
1; mode=block
expires
Mon, 28 Aug 2023 02:32:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Amazon Japan (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackJsonpa

2 Cookies

Domain/Path Name / Value
crm.naramaxx.com/ Name: session
Value: JQZDZcWgauQx7njFNOzt83F9TWvDIQUQ
crm.naramaxx.com/ Name: language
Value: en

1 Console Messages

Source Level URL
Text
rendering warning URL: https://crm.naramaxx.com/static/js/main.04cccc3d.chunk.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block