ofertas-ame.giize.com Open in urlscan Pro
187.122.227.21 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ofertas-ame.giize.com:888/a30/
Submission Tags: 6696058
Submission: On July 25 via api (July 25th 2020, 9:23:40 pm UTC) from NL

Summary HTTP 7 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 187.122.227.21, located in Ananindeua, Brazil and belongs to CLARO S.A., BR. The main domain is ofertas-ame.giize.com.

This is the only time ofertas-ame.giize.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lojas Americanas (Retail)

Domain & IP information

	IP Address	AS Autonomous System
1	187.122.227.21 187.122.227.21	28573 (CLARO S.A.) (CLARO S.A.)
4	2a02:26f0:6c0... 2a02:26f0:6c00:19a::19fe	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	3

1 187.122.227.21 (Ananindeua, Brazil)

ASN28573 (CLARO S.A., BR)
PTR: bb7ae315.virtua.com.br

ofertas-ame.giize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:19a::19fe (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

statics-americanas.b2w.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	b2w.io statics-americanas.b2w.io	437 KB
1	giize.com ofertas-ame.giize.com	240 KB
7	2

	Domain	Requested by
4	statics-americanas.b2w.io	ofertas-ame.giize.com
1	ofertas-ame.giize.com
7	2

This site contains links to these domains. Also see Links.

Domain
www.americanas.com.br
www.youtube.com
www.facebook.com
www.instagram.com
twitter.com

Subject Issuer	Validity	Valid
b2wdigital.com DigiCert SHA2 Secure Server CA	`2020-07-14` - `2021-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://ofertas-ame.giize.com:888/a30/
Frame ID: D028FA499C0A52BE97AE2BAA1E92A3CB
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

57 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

699 kB
Transfer

2225 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.americanas.com.br/
Title: Americanas.com

Search URL Search Domain Scan URL

URL: https://www.americanas.com.br/mapa-do-site
Title: compre por departamentoAbrir menu

Search URL Search Domain Scan URL

URL: https://www.youtube.com/CanalAmericanas
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AmericanasCom
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/americanascom
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/americanascom
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.americanas.com.br/central-de-atendimento
Title: atendimento.acom@americanas.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ofertas-ame.giize.com/a30/	240 KB 240 KB	875ms 286ms	Document text/html	187.122.227.21 CLARO S.A.
General Check archive.org Show headers Download Go to Full URL http://ofertas-ame.giize.com:888/a30/ Protocol HTTP/1.1 Server 187.122.227.21 Ananindeua, Brazil, ASN28573 (CLARO S.A., BR), Reverse DNS bb7ae315.virtua.com.br Software Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8 / PHP/7.4.8 Resource Hash `36791af89cf67a9684f898052d3f9c24e5518d7c010c11b12358aac35278b74b` Request headers Host ofertas-ame.giize.com:888 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 25 Jul 2020 21:22:12 GMT Server Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8 X-Powered-By PHP/7.4.8 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	theme.css statics-americanas.b2w.io/zion/1.1.43.3-3357-production/theme/stylesheets/	470 KB 75 KB	85ms 32ms	Stylesheet text/css	2a02:26f0:6c00:19a::19fe AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/theme/stylesheets/theme.css Requested by Host: ofertas-ame.giize.com URL: http://ofertas-ame.giize.com:888/a30/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software B2W-CDN / Resource Hash `583046299bd277a063ba594e830216d145e4280e870b6dbc6c7dbe7dc86276d4` Request headers Referer http://ofertas-ame.giize.com:888/a30/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 25 Jul 2020 21:23:05 GMT content-encoding gzip vary Accept-Encoding x-cache-status HIT status 200 content-length 76298 last-modified Tue, 03 Jul 2018 19:51:40 GMT server B2W-CDN etag W/"5b3bd3cc-758d5" access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/css access-control-allow-origin * cache-control max-age=604800 access-control-allow-credentials false warning 34852 access-control-allow-headers * expires Sat, 01 Aug 2020 21:23:05 GMT
GET H2	200	658c0ba01ca149c8d0437ad00632d9aa.main.css statics-americanas.b2w.io/zion/stylesheets/	9 KB 2 KB	78ms 26ms	Stylesheet text/css	2a02:26f0:6c00:19a::19fe AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://statics-americanas.b2w.io/zion/stylesheets/658c0ba01ca149c8d0437ad00632d9aa.main.css Requested by Host: ofertas-ame.giize.com URL: http://ofertas-ame.giize.com:888/a30/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software B2W-CDN / Resource Hash `9f3c3f223c22dfb63abd004baa9231372817204e91040871b4d1ac39eb9acc0f` Request headers Referer http://ofertas-ame.giize.com:888/a30/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 25 Jul 2020 21:23:05 GMT content-encoding gzip vary Accept-Encoding x-cache-status HIT status 200 content-length 2160 last-modified Tue, 03 Jul 2018 19:51:43 GMT server B2W-CDN etag W/"5b3bd3cf-2501" access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/css access-control-allow-origin * cache-control max-age=604800 access-control-allow-credentials false warning 34852 access-control-allow-headers * expires Sat, 01 Aug 2020 21:23:05 GMT
GET H2	200	vendor.js Show response statics-americanas.b2w.io/zion/1.1.43.3-3357-production/	868 KB 192 KB	96ms 44ms	Script application/javascript	2a02:26f0:6c00:19a::19fe AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/vendor.js Requested by Host: ofertas-ame.giize.com URL: http://ofertas-ame.giize.com:888/a30/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software B2W-CDN / Resource Hash `1f50ae8b8a2c896989c6a57ef720a58a3b6ed9df684cba3e5475eb29fb7f9c90` Request headers Referer http://ofertas-ame.giize.com:888/a30/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 25 Jul 2020 21:23:05 GMT content-encoding gzip vary Accept-Encoding x-cache-status MISS status 200 x-haproxy-ip x-public true content-length 195490 last-modified Tue, 03 Jul 2018 19:51:37 GMT server B2W-CDN etag "d917c-5701da455c4d3-gzip" access-control-max-age 86400 access-control-allow-methods GET,POST content-type application/javascript access-control-allow-origin * cache-control max-age=604800 access-control-allow-credentials false warning 34852 access-control-allow-headers * expires Sat, 01 Aug 2020 21:23:05 GMT
GET H2	200	main.js Show response statics-americanas.b2w.io/zion/1.1.43.3-3357-production/	615 KB 168 KB	16ms 15ms	Script application/javascript	2a02:26f0:6c00:19a::19fe AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://statics-americanas.b2w.io/zion/1.1.43.3-3357-production/main.js Requested by Host: ofertas-ame.giize.com URL: http://ofertas-ame.giize.com:888/a30/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:19a::19fe , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software B2W-CDN / Resource Hash `50a1fdaede403d68d7545afb141d1de07a83d727b270c9371c30370f06c5c142` Request headers Referer http://ofertas-ame.giize.com:888/a30/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 25 Jul 2020 21:23:05 GMT content-encoding gzip vary Accept-Encoding x-cache-status HIT status 200 content-length 170898 last-modified Tue, 03 Jul 2018 19:51:37 GMT server B2W-CDN etag "5b3bd3c9-99b6d" access-control-max-age 86400 access-control-allow-methods GET,POST content-type application/javascript access-control-allow-origin * cache-control max-age=604800 access-control-allow-credentials false warning 34852 accept-ranges bytes access-control-allow-headers * expires Sat, 01 Aug 2020 21:23:05 GMT
GET		header.min.js statics-americanas.b2w.io/statics-header/1.23.13.1343/	0 0

GET DATA	200 OK	truncated /	22 KB 22 KB		Image img/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bf91fe8cbc4f2d9ef41e522b3d4917a4d2dad4cbb1f133be1119fb3ea1bb6221` Request headers Referer http://ofertas-ame.giize.com:888/a30/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type img/png
GET		footer.min.js statics-americanas.b2w.io/statics-footer/1.23.13.1343/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: statics-americanas.b2w.io
URL: http://statics-americanas.b2w.io/statics-header/1.23.13.1343/header.min.js

Domain: statics-americanas.b2w.io
URL: http://statics-americanas.b2w.io/statics-footer/1.23.13.1343/footer.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lojas Americanas (Retail)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ofertas-ame.giize.com
statics-americanas.b2w.io
statics-americanas.b2w.io
187.122.227.21
2a02:26f0:6c00:19a::19fe
1f50ae8b8a2c896989c6a57ef720a58a3b6ed9df684cba3e5475eb29fb7f9c90
36791af89cf67a9684f898052d3f9c24e5518d7c010c11b12358aac35278b74b
50a1fdaede403d68d7545afb141d1de07a83d727b270c9371c30370f06c5c142
583046299bd277a063ba594e830216d145e4280e870b6dbc6c7dbe7dc86276d4
9f3c3f223c22dfb63abd004baa9231372817204e91040871b4d1ac39eb9acc0f
bf91fe8cbc4f2d9ef41e522b3d4917a4d2dad4cbb1f133be1119fb3ea1bb6221

ofertas-ame.giize.com Open in urlscan Pro 187.122.227.21 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

57 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

699 kBTransfer

2225 kBSize

0 Cookies

7 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

ofertas-ame.giize.com Open in urlscan Pro
187.122.227.21 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

57 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

699 kB
Transfer

2225 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!