crm.naramaxx.com
Open in
urlscan Pro
193.36.63.250
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On August 21 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on August 2nd 2023. Valid for: 3 months.
This is the only time crm.naramaxx.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online) Amazon Japan (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 193.36.63.250 193.36.63.250 | 201086 (SERVERPLUS) (SERVERPLUS) | |
11 | 1 |
ASN201086 (SERVERPLUS, TR)
PTR: server.verimek.com
crm.naramaxx.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
naramaxx.com
crm.naramaxx.com |
230 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
11 | crm.naramaxx.com |
crm.naramaxx.com
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.crm.naramaxx.com R3 |
2023-08-02 - 2023-10-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://crm.naramaxx.com/?viewsss
Frame ID: 1073190C4894FADA998D0868133681F9
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
crm.naramaxx.com/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.26569d68.chunk.css
crm.naramaxx.com/static/css/ |
103 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.b341397e.chunk.js
crm.naramaxx.com/static/js/ |
247 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.04cccc3d.chunk.js
crm.naramaxx.com/static/js/ |
54 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
supply
crm.naramaxx.com/api/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pDxWAF1pBB0dzGB.2c1d70d6.woff2
crm.naramaxx.com/static/media/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
ping
crm.naramaxx.com/api/ |
2 B 133 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0.b3491ad5.chunk.js
crm.naramaxx.com/static/js/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
13.36fc15e3.chunk.js
crm.naramaxx.com/static/js/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.d33128ec.png
crm.naramaxx.com/static/media/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFPk-9IF4FqAqY-.4de52a40.woff2
crm.naramaxx.com/static/media/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online) Amazon Japan (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| webpackJsonpa2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
crm.naramaxx.com/ | Name: session Value: JQZDZcWgauQx7njFNOzt83F9TWvDIQUQ |
|
crm.naramaxx.com/ | Name: language Value: en |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
crm.naramaxx.com
193.36.63.250
029e6ab701ef269caf2dea15e78fd140cb1ef335e4fa9551e6bca3d3dc4d3824
3d88168c0f1a9c19180119fb533febc3b67a49553b3909bafa4fbd03fbe05bc0
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89
48c926fab7c2d2b712d29042337a98d989b152df861289a0fa14ea28357257df
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5afcf8fe0c76f4ed8b51a8d22d1232df8d15d924c1bf96b615ffa0a5efaf8f1c
c438bfc039c472b25def71834b4514a9dcb6a8c1497f08f93fbec0d630adc0fb
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821
ee58d4a92736a825248251164317d15e59e1270fff5635920c1bfd68b6ac5d6b
efd5665ac72bc88ce6ca054ab9da795d16b1f484a7f8f0ff1beba337991b720e