painel.maxximassa.com

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3030::6818:765e, located in United States and belongs to CLOUDFLARENET, US. The main domain is painel.maxximassa.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 15th 2020. Valid for: 9 months.

This is the only time painel.maxximassa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Venmo (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4 10	2606:4700:303... 2606:4700:3030::6818:765e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20e... 2600:9000:20eb:6400:f:32b9:d500:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2

10 2606:4700:3030::6818:765e (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

painel.maxximassa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:6400:f:32b9:d500:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn1.venmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	maxximassa.com 4 redirects painel.maxximassa.com	143 KB
1	venmo.com cdn1.venmo.com	2 KB
7	2

	Domain	Requested by
10	painel.maxximassa.com	4 redirects painel.maxximassa.com
1	cdn1.venmo.com	painel.maxximassa.com
7	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-01-15` - `2020-10-09`	9 months	crt.sh
*.venmo.com Go Daddy Secure Certificate Authority - G2	`2018-10-23` - `2020-12-22`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://painel.maxximassa.com/app/sz/account/sign-in/
Frame ID: 112E1CBA28852B0521372E55BF6C1689
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://painel.maxximassa.com/app/sz/?process=YnJhc292MTk3NEB5YWhvby5jb20 HTTP 302
https://painel.maxximassa.com/app/sz/account HTTP 301
https://painel.maxximassa.com/app/sz/account/ HTTP 302
https://painel.maxximassa.com/app/sz/account/sign-in HTTP 301
https://painel.maxximassa.com/app/sz/account/sign-in/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

143 kB
Transfer

332 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://painel.maxximassa.com/app/sz/?process=YnJhc292MTk3NEB5YWhvby5jb20 HTTP 302
https://painel.maxximassa.com/app/sz/account HTTP 301
https://painel.maxximassa.com/app/sz/account/ HTTP 302
https://painel.maxximassa.com/app/sz/account/sign-in HTTP 301
https://painel.maxximassa.com/app/sz/account/sign-in/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response painel.maxximassa.com/app/sz/account/sign-in/ Redirect Chain https://painel.maxximassa.com/app/sz/?process=YnJhc292MTk3NEB5YWhvby5jb20 https://painel.maxximassa.com/app/sz/account https://painel.maxximassa.com/app/sz/account/ https://painel.maxximassa.com/app/sz/account/sign-in https://painel.maxximassa.com/app/sz/account/sign-in/	10 KB 2 KB	203ms 203ms	Document text/html	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.6.40 Resource Hash `ae2537b2e4ab78135331376002e6981fc1c98889697198d84385954aa7e2ab1c` Request headers :method GET :authority painel.maxximassa.com :scheme https :path /app/sz/account/sign-in/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=dcc5c7483f53184805e37a1f50b6a93b71592152158; PHPSESSID=668a96e10667b5576a636b9692dc89b5 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Sun, 14 Jun 2020 16:29:20 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/5.6.40 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache cf-cache-status DYNAMIC cf-request-id 0355430f8f0000d6e5728c1200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5a356df8ecf5d6e5-FRA content-encoding br Redirect headers status 301 date Sun, 14 Jun 2020 16:29:20 GMT content-type text/html; charset=iso-8859-1 location https://painel.maxximassa.com/app/sz/account/sign-in/ cf-cache-status DYNAMIC cf-request-id 0355430eef0000d6e5728b8200000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5a356df7e9bad6e5-FRA
GET H2	200	auth.compiled.css painel.maxximassa.com/app/sz/account/lib/css/	282 KB 105 KB	909ms 908ms	Stylesheet text/css	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://painel.maxximassa.com/app/sz/account/lib/css/auth.compiled.css Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a886c52189cd5c900bc6a8f65d46d87ddbde4020a83a4095a3f002ee01f9f01f` Request headers Referer https://painel.maxximassa.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 16:29:21 GMT content-encoding br cf-cache-status MISS last-modified Tue, 04 Feb 2020 15:52:34 GMT server cloudflare etag W/"466df-59dc20739d480" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control max-age=14400 cf-ray 5a356dfa3834d6e5-FRA cf-request-id 03554310600000d6e5728d4200000001
GET H2	200	AppStore.png painel.maxximassa.com/app/sz/account/lib/img/	4 KB 4 KB	467ms 466ms	Image image/png	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://painel.maxximassa.com/app/sz/account/lib/img/AppStore.png Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0e27ab38ac4f6481ffa0245da05e945f35a20101e129dc77cd138e77816974ca` Request headers Referer https://painel.maxximassa.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 16:29:20 GMT cf-cache-status MISS last-modified Mon, 03 Feb 2020 19:34:40 GMT server cloudflare etag "113c-59db103ad1400" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5a356dfa3838d6e5-FRA content-length 4412 cf-request-id 03554310610000d6e5728d5200000001
GET H2	200	PlayStore.png painel.maxximassa.com/app/sz/account/lib/img/	8 KB 8 KB	471ms 470ms	Image image/png	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://painel.maxximassa.com/app/sz/account/lib/img/PlayStore.png Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b60518371d223bc39cc7c62e5e54914aaed211eb8d5748b321323d7cd4b55743` Request headers Referer https://painel.maxximassa.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 16:29:20 GMT cf-cache-status MISS last-modified Mon, 03 Feb 2020 19:34:34 GMT server cloudflare etag "20bf-59db103518680" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5a356dfa3840d6e5-FRA content-length 8383 cf-request-id 03554310610000d6e5728d7200000001
GET H2	200	LucasCircular.png painel.maxximassa.com/app/sz/account/lib/img/	21 KB 21 KB	616ms 615ms	Image image/png	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://painel.maxximassa.com/app/sz/account/lib/img/LucasCircular.png Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b3813ab6b8bd554116330f38f83ce6f12674a4497c81ca04cc1f8ba733a4879e` Request headers Referer https://painel.maxximassa.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 16:29:20 GMT cf-cache-status MISS last-modified Mon, 03 Feb 2020 19:34:28 GMT server cloudflare etag "53ee-59db102f5f900" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control max-age=14400 accept-ranges bytes cf-ray 5a356dfa3843d6e5-FRA content-length 21486 cf-request-id 03554310610000d6e5728d8200000001
GET H2	200	login.js Show response painel.maxximassa.com/app/sz/account/lib/js/	5 KB 1 KB	470ms 469ms	Script application/javascript	2606:4700:3030::6818:765e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://painel.maxximassa.com/app/sz/account/lib/js/login.js Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6818:765e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6aa6f75c9db878e2e6bbfef8128a5d6d913d34565049b31ed2d0614be21b76db` Request headers Referer https://painel.maxximassa.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 16:29:20 GMT content-encoding br cf-cache-status MISS last-modified Sun, 24 May 2020 17:07:46 GMT server cloudflare etag W/"15ed-5a667e6b4bc80" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=14400 cf-ray 5a356dfa383dd6e5-FRA cf-request-id 03554310610000d6e5728d6200000001
GET H2	200	venmo-logo-blue.svg cdn1.venmo.com/production/images/assets/	1 KB 2 KB	72ms 23ms	Image image/svg+xml	2600:9000:20eb:6400:f:32b9:d500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn1.venmo.com/production/images/assets/venmo-logo-blue.svg Requested by Host: painel.maxximassa.com URL: https://painel.maxximassa.com/app/sz/account/sign-in/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:9000:20eb:6400:f:32b9:d500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `201846346a7e06da7554b4ecd99f14bdbb011257abf42bc61bdaa8a91f122fff` Request headers Referer https://painel.maxximassa.com/app/sz/account/lib/css/auth.compiled.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sun, 14 Jun 2020 14:56:11 GMT via 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront) last-modified Thu, 04 Jun 2020 13:33:32 GMT server AmazonS3 age 5591 etag "5728ed0c733b0e96062b1415eb42b3fa" x-cache Hit from cloudfront content-type image/svg+xml status 200 x-amz-cf-pop FRA2-C1 accept-ranges bytes content-length 1249 x-amz-cf-id 0Z5ioRlja5pIplmt8Gq9uqC3cMXIRaZd5Mxoqpk3IMdV5y7X8thJXA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Venmo (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			painel.maxximassa.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 668a96e10667b5576a636b9692dc89b5
			.maxximassa.com/	1970-01-19 10:59:04	Name: __cfduid Value: dcc5c7483f53184805e37a1f50b6a93b71592152158

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn1.venmo.com
painel.maxximassa.com
2600:9000:20eb:6400:f:32b9:d500:93a1
2606:4700:3030::6818:765e
0e27ab38ac4f6481ffa0245da05e945f35a20101e129dc77cd138e77816974ca
201846346a7e06da7554b4ecd99f14bdbb011257abf42bc61bdaa8a91f122fff
6aa6f75c9db878e2e6bbfef8128a5d6d913d34565049b31ed2d0614be21b76db
a886c52189cd5c900bc6a8f65d46d87ddbde4020a83a4095a3f002ee01f9f01f
ae2537b2e4ab78135331376002e6981fc1c98889697198d84385954aa7e2ab1c
b3813ab6b8bd554116330f38f83ce6f12674a4497c81ca04cc1f8ba733a4879e
b60518371d223bc39cc7c62e5e54914aaed211eb8d5748b321323d7cd4b55743

painel.maxximassa.com Open in urlscan Pro 2606:4700:3030::6818:765e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

143 kBTransfer

332 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

Indicators

painel.maxximassa.com Open in urlscan Pro
2606:4700:3030::6818:765e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

143 kB
Transfer

332 kB
Size

2
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!