URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Submission: On January 11 via automatic , source phishtank

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions.
The main IP is 177.55.116.72, located in Brazil and belongs to RedeHost Internet Ltda., BR. The main domain is showdasmelhoresoferttts.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 15th 2018. Valid for: 3 months.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 10/100) Show Details

  • urlscan - Score: 0
  • phishtank - Score: 10 (URL submitted from phishtank) -
    phishing

Domain & IP information

IP Address AS Autonomous System
1 177.55.116.72 53057 (RedeHost ...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2 2a03:2880:f01... 32934 (FACEBOOK)
3 3
Domain
Subdomains
Transfer
2 facebook.com
251 B
1 americanas.com.br
86 KB
1 showdasmelhoresoferttts.com
14 KB
3 3
Domain Requested by
2 staticxx.facebook.com 1 redirects showdasmelhoresoferttts.com
1 sacola.americanas.com.br showdasmelhoresoferttts.com
1 showdasmelhoresoferttts.com
3 3

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
showdasmelhoresoferttts.com
Let's Encrypt Authority X3
2018-12-15 -
2019-03-15
3 months
b2wdigital.com
DigiCert SHA2 Secure Server CA
2018-11-05 -
2020-02-04
a year
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2017-12-15 -
2019-03-22
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho
72 KB
14 KB
Document
General
Full URL
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
177.55.116.72 , Brazil, ASN53057 (RedeHost Internet Ltda., BR),
Reverse DNS
Software
Apache / PHP/5.6.30
Resource Hash
4fb94fd8f3eeda15d73d74cfe98bde78311a58d2267f2a55e4ffcffecee66453

Request headers

Host
showdasmelhoresoferttts.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:18:01 GMT
Server
Apache
X-Powered-By
PHP/5.6.30
Expires
Thu, 19 Nov 1981 08:52:00 GMT Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0 max-age=0, no-cache, no-store, must-revalidate
Pragma
no-cache no-cache
Set-Cookie
PHPSESSID=1tf1r1a5i8fu81fndr0odo2fr1; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
13852
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
main.85c257b9.css
sacola.americanas.com.br//simple-basket/static/css
608 KB
86 KB
Stylesheet
General
Full URL
https://sacola.americanas.com.br//simple-basket/static/css/main.85c257b9.css
Requested by
Host: showdasmelhoresoferttts.com
URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28f::19fe , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1fc45db9a7f060849294b2b4bcf861792e16a794d40b13d0d4a7303c392b9db7

Request headers

Referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:18:01 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jul 2018 14:00:46 GMT
Server
AmazonS3
x-amz-request-id
BAA0ACD17402DFA9
ETag
"39d6bf9d26635b2d1827461fb0a2a378"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Content-Length
87577
x-amz-id-2
ijDtGVPdtMsCsSxqrRp4Mk7BiPOstq9O75EWQDSXX65ZP/CL4g/cvl39gaR2NtYNF6uWw/bxQXs=
X-Amz-Cf-Id
hmO73kepFcikSkKhprKqSO11s1CprqZDt6Njmo3IciLWeFT1V_6-pg==
xd_arbiter.php?version=43
staticxx.facebook.com/connect
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
0
0
Document
General
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
Requested by
Host: showdasmelhoresoferttts.com
URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=43
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Thu, 02 Jan 2020 19:43:43 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
N8pFU4TfNs2KvI7JEBkGqU3E9ajzd7AE4Pt8fws2y2qQhv/0E3mLiVL5maXrar7i8X0Z3X1mWO+5pUyjvlPYUQ==
content-length
12108
date
Fri, 11 Jan 2019 19:18:01 GMT

Redirect headers

status
302
strict-transport-security
max-age=15552000; preload
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-content-type-options
nosniff
x-xss-protection
0
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
content-type
text/html; charset="utf-8"
x-fb-debug
9ZuBR+FrOPoiZ1HmxU3PpSm+uobWYNluHgB9ctFWEqxtMlfVIwCVxKq64LdIQdwcZzkpoDpbvuSGePXV7K4b5w==
content-length
0
date
Fri, 11 Jan 2019 19:18:01 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 2
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Domain/Path Name / Value
showdasmelhoresoferttts.com/ Name: PHPSESSID
Value: 1tf1r1a5i8fu81fndr0odo2fr1