urlscan.io logo urlscan.io
SecurityTrails logo

ultimas-oferta.com Open in urlscan Pro
199.250.219.17  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ultimas-oferta.com/aplicativo/
Submission: On January 11 via manual from CA — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 199.250.219.17, located in United States and belongs to IMH-IAD, US. The main domain is ultimas-oferta.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 5th 2023. Valid for: 3 months.
This is the only time ultimas-oferta.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Serasa (Financial)

Domain & IP information

IP Address AS Autonomous System
1 3 199.250.219.17 54641 (IMH-IAD)
1 104.16.86.20 13335 (CLOUDFLAR...)
2 45.60.13.174 19551 (INCAPSULA)
3 142.250.185.195 15169 (GOOGLE)
8 4
Apex Domain
Subdomains		 Transfer
3 gstatic.com
fonts.gstatic.com
86 KB
3 ultimas-oferta.com
ultimas-oferta.com
34 KB
2 serasa.com.br
www.serasa.com.br — Cisco Umbrella Rank: 887818
5 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 438
7 KB
8 4
Domain Requested by
3 fonts.gstatic.com ultimas-oferta.com
3 ultimas-oferta.com 1 redirects ultimas-oferta.com
2 www.serasa.com.br ultimas-oferta.com
1 cdn.jsdelivr.net ultimas-oferta.com
8 4

This site contains no links.

Subject Issuer Validity Valid
ultimas-oferta.com
cPanel, Inc. Certification Authority		 2023-12-05 -
2024-03-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.serasaexperian.com.br
GlobalSign RSA OV SSL CA 2018		 2023-08-01 -
2024-09-01		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ultimas-oferta.com/aplicativo/
Frame ID: EB8A7280B6577476FD475A40E3C5C287
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fazer login - Serasa

Page URL History Show full URLs

  1. https://ultimas-oferta.com/aplicativo HTTP 301
    https://ultimas-oferta.com/aplicativo/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

133 kB
Transfer

220 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ultimas-oferta.com/aplicativo HTTP 301
    https://ultimas-oferta.com/aplicativo/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ultimas-oferta.com/aplicativo/
Redirect Chain
  • https://ultimas-oferta.com/aplicativo
  • https://ultimas-oferta.com/aplicativo/
44 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.250.219.17 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
13dd82c5194e731ac899a17121c7331078cf27964f8e9d2a90a3770e9332ab54

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Thu, 11 Jan 2024 16:42:02 GMT
last-modified
Thu, 04 Jan 2024 13:48:47 GMT
server
nginx/1.25.3
vary
Accept-Encoding
x-proxy-cache
DISABLED

Redirect headers

content-length
246
content-type
text/html; charset=iso-8859-1
date
Thu, 11 Jan 2024 16:42:02 GMT
location
https://ultimas-oferta.com/aplicativo/
server
nginx/1.25.3
x-proxy-cache
DISABLED
disable-devtool@latest
cdn.jsdelivr.net/npm/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/disable-devtool@latest
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://ultimas-oferta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 16:42:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
33802
x-jsd-version
0.3.7
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230055-FRA, cache-lga21963-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtSwGc2Cs9qKewjiz85tCyBdsZhWYQI8jlmlfuXAv%2BxLyGKXqOEbFxtTkXUpRy7kpyW2QMnNDHCF3v4BqJzJTnOpULNNkXMO3cvVvu25upj8mG6KOulcfo1%2FDeU4jUWBWTw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
843e9c5868cc0e53-MXP
serasa-logo-full-004a91d5ce87257d803b0516311e112c.svg
www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/ 		11 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/serasa-logo-full-004a91d5ce87257d803b0516311e112c.svg
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.174 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
85e0bc0b7974d457c038971216b1b1c87b83cfb9360f6dd50bb9916a20429189
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://ultimas-oferta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 16:42:04 GMT
content-encoding
br
via
1.1 195b923a1c82c96d843c757f80ce2a18.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cdn
Imperva
x-amz-cf-pop
MXP53-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-iinfo
12-189743259-189743270 NNNN CT(13 9 0) RT(1704991322265 79) q(0 0 0 3) r(0 4) U24
last-modified
Mon, 13 Nov 2023 15:00:26 GMT
server
AmazonS3
etag
W/"83803d4bd0e700626e211939a9cd699b"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=7776000, stale-while-revalidate=86400
x-incap-sess-cookie-hdr
tO7rHHbJswQNSnlRqobbFVoaoGUAAAAAKq9eZVflQreStlpxBwW8Rg==
x-amz-cf-id
wvBr-KiLKwS2TdE6_jwzpg5gUtp9bChbHpIfbDHhhUM1WIb3XgKPzw==
application.js
ultimas-oferta.com/aplicativo/ 		61 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ultimas-oferta.com/aplicativo/application.js
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.250.219.17 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
823d7f58d1995c9039f34654cb920578aa443cb2eea20c1fe3ce4f7d4fbfb4c6

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://ultimas-oferta.com/aplicativo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

content-type
application/javascript
date
Thu, 11 Jan 2024 16:42:02 GMT
content-encoding
br
last-modified
Thu, 11 Jan 2024 08:34:26 GMT
server
nginx/1.25.3
vary
Accept-Encoding
x-proxy-cache
DISABLED
modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg
www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/ 		666 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.serasa.com.br/assets/web/authorization-front/2.15.4/_next/static/images/modal-close-74f0df029374a2c330a1b9c1073e5ef4.svg
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.13.174 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d31f9d5556b380238e3bd058bab4d687cf313bfa6ee863d3975482350636634f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://ultimas-oferta.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 16:42:04 GMT
via
1.1 17b2ff7512ed9850cc0a04fb1e929c42.cloudfront.net (CloudFront)
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cdn
Imperva
x-amz-cf-pop
MXP53-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-iinfo
12-189743259-189743271 NNYN CT(10 8 0) RT(1704991322265 80) q(0 0 0 5) r(0 5) U24
last-modified
Mon, 13 Nov 2023 15:00:26 GMT
server
AmazonS3
etag
"e237b7cdcbd2db46744dd49b70e78c28"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=7776000, stale-while-revalidate=86400
x-incap-sess-cookie-hdr
fTm0J1Z/9i4NSnlRqobbFVoaoGUAAAAAufo87/wcq3NamrieFOI9Tw==
accept-ranges
bytes
x-amz-cf-id
zNc3yIgB48vqg93uCNcLnahvTeaoaC698y0gbvipaUFD1cmm9I8mbQ==
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v30/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultimas-oferta.com/
Origin
https://ultimas-oferta.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 17:16:33 GMT
x-content-type-options
nosniff
age
257130
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11028
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Jan 2025 17:16:33 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v30/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultimas-oferta.com/
Origin
https://ultimas-oferta.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 09:00:31 GMT
x-content-type-options
nosniff
age
200492
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11040
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jan 2025 09:00:31 GMT
KFOmCnqEu92Fr1Me5g.woff
fonts.gstatic.com/s/roboto/v30/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff
Requested by
Host: ultimas-oferta.com
URL: https://ultimas-oferta.com/aplicativo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ultimas-oferta.com/
Origin
https://ultimas-oferta.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 02:28:24 GMT
x-content-type-options
nosniff
age
224019
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65456
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:25:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jan 2025 02:28:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Serasa (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| DisableDevtool function| _0x2155 function| _0x152633 function| _0x485fa8 function| _0x5be09c function| _0x31f338 function| _0x2e64 function| formatCPF function| validateCPF function| _0xabc777

3 Cookies

Domain/Path Name / Value
.serasa.com.br/ Name: visid_incap_1911258
Value: jhw73VFHTZiU2yzP6np5SloaoGUAAAAAQUIPAAAAAACw4oZFjq/UQRxkN2vXa6Yc
.serasa.com.br/ Name: nlbi_1911258
Value: sjSTcu9Sw1P987W3WmyRoAAAAAA2qsitkilsnLeBOiXxq50m
.serasa.com.br/ Name: incap_ses_1575_1911258
Value: RxCgIhwy9FYNSnlRqobbFVoaoGUAAAAAPep6EfLVqbouoDzaaMyxSA==