maxcommunication.de Open in urlscan Pro
109.237.138.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.id/potatos1/
Effective URL:
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
Submission: On April 25 via manual (April 25th 2023, 9:01:57 pm UTC) from AU — Scanned from AU

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 109.237.138.11, located in Germany and belongs to CLOUDPIT, DE. The main domain is maxcommunication.de.
TLS certificate: Issued by R3 on April 18th 2023. Valid for: 3 months.

This is the only time maxcommunication.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.21.54.41 104.21.54.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	107.180.50.181 107.180.50.181	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
2 9	109.237.138.11 109.237.138.11	45012 (CLOUDPIT) (CLOUDPIT)
8	2

2 104.21.54.41 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

s.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.180.50.181 (Ashburn, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 181.50.180.107.host.secureserver.net

autopatcher.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 109.237.138.11 (Germany) 2 redirects

ASN45012 (CLOUDPIT, DE)
PTR: alfa3213.alfahosting-server.de

maxcommunication.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	maxcommunication.de 2 redirects maxcommunication.de	77 KB
2	s.id 2 redirects s.id — Cisco Umbrella Rank: 148980	728 B
1	autopatcher.info 1 redirects autopatcher.info	307 B
8	3

	Domain	Requested by
9	maxcommunication.de	2 redirects maxcommunication.de
2	s.id	2 redirects
1	autopatcher.info	1 redirects
8	3

This site contains no links.

Subject Issuer	Validity	Valid
antiviron.de R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
Frame ID: F21C3CB3F849899F8C5A39A575E2974A
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in with myGov - myGov

Page URL History Show full URLs

https://s.id/potatos1/ HTTP 302
http://autopatcher.info/atlantis/0.0.0.1/pack/ HTTP 302
https://s.id/1GFkD HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

76 kB
Transfer

324 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.id/potatos1/ HTTP 302
http://autopatcher.info/atlantis/0.0.0.1/pack/ HTTP 302
https://s.id/1GFkD HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request web.php Show response
maxcommunication.de/gm/properties/sls/index.php/home/las/
Redirect Chain

https://s.id/potatos1/
http://autopatcher.info/atlantis/0.0.0.1/pack/
https://s.id/1GFkD
https://maxcommunication.de/gm/properties/sls/index.php/home/
https://maxcommunication.de/gm/properties/sls/index.php/home/las/
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

6 KB
2 KB

413ms
413ms

Document
text/html

109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2172
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 21:01:51 GMT
Keep-Alive: timeout=5, max=198
Server: Apache
Strict-Transport-Security: max-age=31556926
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 25 Apr 2023 21:01:51 GMT
Keep-Alive: timeout=5, max=199
Location: ./web.php
Server: Apache
Strict-Transport-Security: max-age=31556926

GET css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 0
0

GET
H/1.1 200
OK mgv2-application.css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 123 KB
21 KB 411ms
410ms Stylesheet
text/css 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/mgv2-application.css

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 21:01:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 20 Apr 2023 13:31:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Content-Length: 21010
Expires: Thu, 25 May 2023 21:01:51 GMT

GET
H/1.1 200
OK blugov.css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 69 KB
10 KB 805ms
404ms Stylesheet
text/css 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov.css

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 21:01:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 20 Apr 2023 13:31:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Content-Length: 10007
Expires: Thu, 25 May 2023 21:01:52 GMT

GET
H/1.1 200
OK myGov-cobranded-logo-black.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 63 KB
21 KB 1172ms
404ms Image
image/svg+xml 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/myGov-cobranded-logo-black.svg

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 21:01:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 20 Apr 2023 13:31:35 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Content-Length: 20767
Expires: Thu, 25 May 2023 21:01:52 GMT

GET
H/1.1 200
OK myGov-cobranded-logo-white.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 63 KB
21 KB 1179ms
404ms Image
image/svg+xml 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/myGov-cobranded-logo-white.svg

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 21:01:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 20 Apr 2023 13:31:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Content-Length: 20766
Expires: Thu, 25 May 2023 21:01:52 GMT

GET
H/1.1 200
OK blugov-left-chevron-dark.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 256 B
642 B 398ms
397ms Image
image/svg+xml 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov-left-chevron-dark.svg

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Tue, 25 Apr 2023 21:01:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31556926
Last-Modified: Thu, 20 Apr 2023 13:31:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Content-Length: 199
Expires: Thu, 25 May 2023 21:01:52 GMT

GET
H/1.1 404
Not Found icon-blugov-info.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ 504 B
504 B 601ms
601ms Image
text/html 109.237.138.11
CLOUDPIT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/icon-blugov-info.svg

Requested by

Host: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.237.138.11 , Germany, ASN45012 (CLOUDPIT, DE),

Reverse DNS

alfa3213.alfahosting-server.de

Software

Apache /

Resource Hash

c1708e3b7d099fb0d67af16e39f095541274bf15ad0dede38b83599a8a997d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/blugov.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Apr 2023 21:01:52 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31556926
Server: Apache
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=5, max=199
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: maxcommunication.de
URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.maxcommunication.de/	1969-12-31 23:59:59	Name: GXsid_5bd3ef5de2c53028 Value: a224801ddc68612c2324d971d6e82bf5

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php Message: Refused to apply style from 'https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/css' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/icon-blugov-info.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

autopatcher.info
maxcommunication.de
s.id
maxcommunication.de
104.21.54.41
107.180.50.181
109.237.138.11
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388
6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d
af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc
c1708e3b7d099fb0d67af16e39f095541274bf15ad0dede38b83599a8a997d5c
ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a
f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc

maxcommunication.de Open in urlscan Pro 109.237.138.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

76 kBTransfer

324 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

maxcommunication.de Open in urlscan Pro
109.237.138.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

76 kB
Transfer

324 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!