URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Submission: On January 11 via automatic , source phishtank

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions.
The main IP is 177.55.116.72, located in Brazil and belongs to RedeHost Internet Ltda., BR. The main domain is showdasmelhoresoferttts.com.
The TLS certificate was issued by Let's Encrypt Authority X3 on December 15th 2018 with a validity of 3 months.
This is the first time this domain was scanned on urlscan.io!
Potentially malicious content or behaviour on this page! Show Details

Domain & IP information

IP Address AS Autonomous System
1 177.55.116.72 53057 (RedeHost ...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2 2a03:2880:f01... 32934 (FACEBOOK)
3 3
Domain
Subdomains
Transfer
2 facebook.com
251 B
1 americanas.com.br
86 KB
1 showdasmelhoresoferttts.com
14 KB
3 3
Domain Requested by
2 staticxx.facebook.com 1 redirects showdasmelhoresoferttts.com
1 sacola.americanas.com.br showdasmelhoresoferttts.com
1 showdasmelhoresoferttts.com
3 3

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
showdasmelhoresoferttts.com
Let's Encrypt Authority X3
2018-12-15 -
2019-03-15
3 months
b2wdigital.com
DigiCert SHA2 Secure Server CA
2018-11-05 -
2020-02-04
a year
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2017-12-15 -
2019-03-22
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho
72 KB
14 KB
Document
General
Full URL
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
177.55.116.72 , Brazil, ASN53057 (RedeHost Internet Ltda., BR),
Reverse DNS
Software
Apache / PHP/5.6.30
Resource Hash
4fb94fd8f3eeda15d73d74cfe98bde78311a58d2267f2a55e4ffcffecee66453

Request headers

Host
showdasmelhoresoferttts.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:18:01 GMT
Server
Apache
X-Powered-By
PHP/5.6.30
Expires
Thu, 19 Nov 1981 08:52:00 GMT Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0 max-age=0, no-cache, no-store, must-revalidate
Pragma
no-cache no-cache
Set-Cookie
PHPSESSID=1tf1r1a5i8fu81fndr0odo2fr1; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
13852
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
main.85c257b9.css
sacola.americanas.com.br//simple-basket/static/css
608 KB
86 KB
Stylesheet
General
Full URL
https://sacola.americanas.com.br//simple-basket/static/css/main.85c257b9.css
Requested by
Host: showdasmelhoresoferttts.com
URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28f::19fe , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1fc45db9a7f060849294b2b4bcf861792e16a794d40b13d0d4a7303c392b9db7

Request headers

Referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:18:01 GMT
Content-Encoding
gzip
Last-Modified
Tue, 31 Jul 2018 14:00:46 GMT
Server
AmazonS3
x-amz-request-id
BAA0ACD17402DFA9
ETag
"39d6bf9d26635b2d1827461fb0a2a378"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Content-Length
87577
x-amz-id-2
ijDtGVPdtMsCsSxqrRp4Mk7BiPOstq9O75EWQDSXX65ZP/CL4g/cvl39gaR2NtYNF6uWw/bxQXs=
X-Amz-Cf-Id
hmO73kepFcikSkKhprKqSO11s1CprqZDt6Njmo3IciLWeFT1V_6-pg==
xd_arbiter.php?version=43
staticxx.facebook.com/connect
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
0
0
Document
General
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
Requested by
Host: showdasmelhoresoferttts.com
URL: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=43
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Thu, 02 Jan 2020 19:43:43 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
N8pFU4TfNs2KvI7JEBkGqU3E9ajzd7AE4Pt8fws2y2qQhv/0E3mLiVL5maXrar7i8X0Z3X1mWO+5pUyjvlPYUQ==
content-length
12108
date
Fri, 11 Jan 2019 19:18:01 GMT

Redirect headers

status
302
strict-transport-security
max-age=15552000; preload
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=43
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-content-type-options
nosniff
x-xss-protection
0
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
content-type
text/html; charset="utf-8"
x-fb-debug
9ZuBR+FrOPoiZ1HmxU3PpSm+uobWYNluHgB9ctFWEqxtMlfVIwCVxKq64LdIQdwcZzkpoDpbvuSGePXV7K4b5w==
content-length
0
date
Fri, 11 Jan 2019 19:18:01 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 2
  • https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=43

Malicious behaviour and content

Phishtank submission Was submitted from known phishing list

Type: url
Value: https://showdasmelhoresoferttts.com/tel//PROMOCAO/PRODUTOf12a6a7477077af66212ef0813bcf332MRBT/Carrinho/ (Main page)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Domain/Path Name / Value
showdasmelhoresoferttts.com/ Name: PHPSESSID
Value: 1tf1r1a5i8fu81fndr0odo2fr1