ofertas-ame.giize.com Open in urlscan Pro
187.122.227.21  Malicious Activity! Public Scan

URL: http://ofertas-ame.giize.com:888/a30/
Submission Tags: 6696058
Submission: On July 25 via api from NL

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 187.122.227.21, located in Ananindeua, Brazil and belongs to CLARO S.A., BR. The main domain is ofertas-ame.giize.com.
This is the only time ofertas-ame.giize.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lojas Americanas (Retail)

Domain & IP information

IP Address AS Autonomous System
1 187.122.227.21 28573 (CLARO S.A.)
4 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
7 3
Apex Domain
Subdomains
Transfer
4 b2w.io
statics-americanas.b2w.io
437 KB
1 giize.com
ofertas-ame.giize.com
240 KB
7 2
Domain Requested by
4 statics-americanas.b2w.io ofertas-ame.giize.com
1 ofertas-ame.giize.com
7 2

This site contains links to these domains. Also see Links.

Domain
www.americanas.com.br
www.youtube.com
www.facebook.com
www.instagram.com
twitter.com
Subject Issuer Validity Valid
b2wdigital.com
DigiCert SHA2 Secure Server CA
2020-07-14 -
2021-07-14
a year crt.sh

This page contains 1 frames:

Primary Page: http://ofertas-ame.giize.com:888/a30/
Frame ID: D028FA499C0A52BE97AE2BAA1E92A3CB
Requests: 8 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /Win32|Win64/i

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

57 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

699 kB
Transfer

2225 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ofertas-ame.giize.com/a30/
240 KB
240 KB
Document
General
Full URL
http://ofertas-ame.giize.com:888/a30/
Protocol
HTTP/1.1
Server
187.122.227.21 Ananindeua, Brazil, ASN28573 (CLARO S.A., BR),
Reverse DNS
bb7ae315.virtua.com.br
Software
Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8 / PHP/7.4.8
Resource Hash
36791af89cf67a9684f898052d3f9c24e5518d7c010c11b12358aac35278b74b

Request headers

Host
ofertas-ame.giize.com:888
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 25 Jul 2020 21:22:12 GMT
Server
Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8
X-Powered-By
PHP/7.4.8
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
theme.css
statics-americanas.b2w.io/zion/1.1.43.3-3357-production/theme/stylesheets/
470 KB
75 KB
Stylesheet
General
Full URL
https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/theme/stylesheets/theme.css
Requested by
Host: ofertas-ame.giize.com
URL: http://ofertas-ame.giize.com:888/a30/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
B2W-CDN /
Resource Hash
583046299bd277a063ba594e830216d145e4280e870b6dbc6c7dbe7dc86276d4

Request headers

Referer
http://ofertas-ame.giize.com:888/a30/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 25 Jul 2020 21:23:05 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cache-status
HIT
status
200
content-length
76298
last-modified
Tue, 03 Jul 2018 19:51:40 GMT
server
B2W-CDN
etag
W/"5b3bd3cc-758d5"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
warning
34852
access-control-allow-headers
*
expires
Sat, 01 Aug 2020 21:23:05 GMT
658c0ba01ca149c8d0437ad00632d9aa.main.css
statics-americanas.b2w.io/zion/stylesheets/
9 KB
2 KB
Stylesheet
General
Full URL
https://statics-americanas.b2w.io/zion/stylesheets/658c0ba01ca149c8d0437ad00632d9aa.main.css
Requested by
Host: ofertas-ame.giize.com
URL: http://ofertas-ame.giize.com:888/a30/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
B2W-CDN /
Resource Hash
9f3c3f223c22dfb63abd004baa9231372817204e91040871b4d1ac39eb9acc0f

Request headers

Referer
http://ofertas-ame.giize.com:888/a30/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 25 Jul 2020 21:23:05 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cache-status
HIT
status
200
content-length
2160
last-modified
Tue, 03 Jul 2018 19:51:43 GMT
server
B2W-CDN
etag
W/"5b3bd3cf-2501"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
warning
34852
access-control-allow-headers
*
expires
Sat, 01 Aug 2020 21:23:05 GMT
vendor.js
statics-americanas.b2w.io/zion/1.1.43.3-3357-production/
868 KB
192 KB
Script
General
Full URL
https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/vendor.js
Requested by
Host: ofertas-ame.giize.com
URL: http://ofertas-ame.giize.com:888/a30/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
B2W-CDN /
Resource Hash
1f50ae8b8a2c896989c6a57ef720a58a3b6ed9df684cba3e5475eb29fb7f9c90

Request headers

Referer
http://ofertas-ame.giize.com:888/a30/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 25 Jul 2020 21:23:05 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cache-status
MISS
status
200
x-haproxy-ip
x-public
true
content-length
195490
last-modified
Tue, 03 Jul 2018 19:51:37 GMT
server
B2W-CDN
etag
"d917c-5701da455c4d3-gzip"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
warning
34852
access-control-allow-headers
*
expires
Sat, 01 Aug 2020 21:23:05 GMT
main.js
statics-americanas.b2w.io/zion/1.1.43.3-3357-production/
615 KB
168 KB
Script
General
Full URL
https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/main.js
Requested by
Host: ofertas-ame.giize.com
URL: http://ofertas-ame.giize.com:888/a30/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
B2W-CDN /
Resource Hash
50a1fdaede403d68d7545afb141d1de07a83d727b270c9371c30370f06c5c142

Request headers

Referer
http://ofertas-ame.giize.com:888/a30/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 25 Jul 2020 21:23:05 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cache-status
HIT
status
200
content-length
170898
last-modified
Tue, 03 Jul 2018 19:51:37 GMT
server
B2W-CDN
etag
"5b3bd3c9-99b6d"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
access-control-allow-credentials
false
warning
34852
accept-ranges
bytes
access-control-allow-headers
*
expires
Sat, 01 Aug 2020 21:23:05 GMT
header.min.js
statics-americanas.b2w.io/statics-header/1.23.13.1343/
0
0

truncated
/
22 KB
22 KB
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf91fe8cbc4f2d9ef41e522b3d4917a4d2dad4cbb1f133be1119fb3ea1bb6221

Request headers

Referer
http://ofertas-ame.giize.com:888/a30/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
img/png
footer.min.js
statics-americanas.b2w.io/statics-footer/1.23.13.1343/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
statics-americanas.b2w.io
URL
http://statics-americanas.b2w.io/statics-header/1.23.13.1343/header.min.js
Domain
statics-americanas.b2w.io
URL
http://statics-americanas.b2w.io/statics-footer/1.23.13.1343/footer.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lojas Americanas (Retail)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| featherRenderConfig string| __PRELOADED_STATE__ function| loadCSS object| React object| ReactDOM object| VenusDebug object| __core-js_shared__ object| venusRadioGroups function| setImmediate function| clearImmediate

0 Cookies