maxcommunication.de
Open in
urlscan Pro
109.237.138.11
Malicious Activity!
Public Scan
Effective URL: https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
Submission: On April 25 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on April 18th 2023. Valid for: 3 months.
This is the only time maxcommunication.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Australian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 104.21.54.41 104.21.54.41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 107.180.50.181 107.180.50.181 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
2 9 | 109.237.138.11 109.237.138.11 | 45012 (CLOUDPIT) (CLOUDPIT) | |
8 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 181.50.180.107.host.secureserver.net
autopatcher.info |
ASN45012 (CLOUDPIT, DE)
PTR: alfa3213.alfahosting-server.de
maxcommunication.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
maxcommunication.de
2 redirects
maxcommunication.de |
77 KB |
2 |
s.id
2 redirects
s.id — Cisco Umbrella Rank: 148980 |
728 B |
1 |
autopatcher.info
1 redirects
autopatcher.info |
307 B |
8 | 3 |
Domain | Requested by | |
---|---|---|
9 | maxcommunication.de |
2 redirects
maxcommunication.de
|
2 | s.id | 2 redirects |
1 | autopatcher.info | 1 redirects |
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
antiviron.de R3 |
2023-04-18 - 2023-07-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php
Frame ID: F21C3CB3F849899F8C5A39A575E2974A
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Sign in with myGov - myGovPage URL History Show full URLs
-
https://s.id/potatos1/
HTTP 302
http://autopatcher.info/atlantis/0.0.0.1/pack/ HTTP 302
https://s.id/1GFkD HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.id/potatos1/
HTTP 302
http://autopatcher.info/atlantis/0.0.0.1/pack/ HTTP 302
https://s.id/1GFkD HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/ HTTP 302
https://maxcommunication.de/gm/properties/sls/index.php/home/las/web.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
web.php
maxcommunication.de/gm/properties/sls/index.php/home/las/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mgv2-application.css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
123 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blugov.css
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
69 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myGov-cobranded-logo-black.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
63 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myGov-cobranded-logo-white.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
63 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blugov-left-chevron-dark.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
256 B 642 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-blugov-info.svg
maxcommunication.de/gm/properties/sls/index.php/home/las/files/ |
504 B 504 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- maxcommunication.de
- URL
- https://maxcommunication.de/gm/properties/sls/index.php/home/las/files/css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Australian Government (Government)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.maxcommunication.de/ | Name: GXsid_5bd3ef5de2c53028 Value: a224801ddc68612c2324d971d6e82bf5 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
autopatcher.info
maxcommunication.de
s.id
maxcommunication.de
104.21.54.41
107.180.50.181
109.237.138.11
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388
6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d
af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc
c1708e3b7d099fb0d67af16e39f095541274bf15ad0dede38b83599a8a997d5c
ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a
f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc