saldao-ame-pascoa.vip Open in urlscan Pro
34.123.236.60  Malicious Activity! Public Scan

URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC...
Submission: On March 21 via api from BR

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 34.123.236.60, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is saldao-ame-pascoa.vip.
TLS certificate: Issued by R3 on March 18th 2021. Valid for: 3 months.
This is the only time saldao-ame-pascoa.vip was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lojas Americanas (Retail)

Domain & IP information

IP Address AS Autonomous System
9 34.123.236.60 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:710... 20940 (AKAMAI-ASN1)
16 5
Domain Requested by
9 saldao-ame-pascoa.vip saldao-ame-pascoa.vip
3 images-americanas.b2w.io saldao-ame-pascoa.vip
3 cdnjs.cloudflare.com saldao-ame-pascoa.vip
1 ajax.googleapis.com saldao-ame-pascoa.vip
16 4

This site contains links to these domains. Also see Links.

Domain
images-americanas.b2w.io
Subject Issuer Validity Valid
saldao-ame-pascoa.vip
R3
2021-03-18 -
2021-06-16
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-10-21 -
2021-10-20
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-02-23 -
2021-05-18
3 months crt.sh
b2wdigital.com
DigiCert SHA2 Secure Server CA
2021-02-02 -
2022-02-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Frame ID: 7BEE1D3F2A319347671BD050CF834322
Requests: 18 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

768 kB
Transfer

2207 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
saldao-ame-pascoa.vip/oferta/
2 MB
520 KB
Document
General
Full URL
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
76aac0cd2dc17dc7c2e86319f496cf53ff598ce6c7f32ca4f6c05dd22c64b9c3

Request headers

Host
saldao-ame-pascoa.vip
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:41 GMT
Server
Apache/2.4.29 (Ubuntu)
Set-Cookie
PHPSESSID=p4eci7ld72cs9m3te9s3to8tup; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
photoswipe.min.js
cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/
31 KB
11 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/photoswipe.min.js
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78fc260a16dbbd76ec3b4da56ccdc7a076d21d31c501e0a17a4175c4a25d95ea
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 21 Mar 2021 19:21:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
2147256
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10938
cf-request-id
08f7d57c0c000005dc5e369000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f8b-7ca0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Bm9KKTXn9ws%2BWkpy%2FfveJnaW3YT324yRrY7rHil9Wt1R9L8fu%2Bk4NxWzkBE%2BL9zRrklzEHD%2FHeEz7kuWvpSl6s051hj%2BNVY2DEizE1rmjN9Zl4oF9WIoLH7%2FJ84rhqgRag%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
63398b734a7105dc-FRA
expires
Fri, 11 Mar 2022 19:21:41 GMT
photoswipe-ui-default.min.js
cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/
10 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/photoswipe-ui-default.min.js
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50a9333a7ff0d660714662cb1ab49ec81e1ed716eba78c729600166f7338da95
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 21 Mar 2021 19:21:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
570286
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3275
cf-request-id
08f7d57c0c000005dc8083a000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f8b-2696"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=24T3wYFBUcItd0gYfPiSYIHE8QScm0ra5DMjxc%2FH4JBOxJdXc1X%2BSVOrZoUMd1egcx5oHShldf9wTqkBDDuoei6o6rqz2AGNdFNWn3a1WAjAEr5g6u6dZyhU4SrckGk8Yg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
63398b734a7705dc-FRA
expires
Fri, 11 Mar 2022 19:21:41 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 21 Mar 2021 14:33:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17319
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 21 Mar 2022 14:33:02 GMT
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/
8 KB
3 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 21 Mar 2021 19:21:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
655706
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3074
cf-request-id
08f7d57c0d000005dc71209000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-2087"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AOBW64cm7guaNO3ihv8swc6fls%2BxtK17kqWVAgsmVamt6dOFk5NjIDijBeaE482V6I5TUhp2kD0g7AadPkY5ed35ixDCxH9m%2BXs3HpKf%2BkFgGlkxsN16j4MQ28Nav5Lklw%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
63398b734a7a05dc-FRA
expires
Fri, 11 Mar 2022 19:21:41 GMT
brinquedos.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/brinquedos.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:42 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
celular.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/celular.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:42 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
truncated
/
151 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c61e7a26efabe9c33ee7f838ab7eeadc9ec3c5c8a422ddff6f6430eafe2272eb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
red.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/red.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:43 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
acom.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/acom.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:43 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
ban.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/ban.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:43 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
world.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/world.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:44 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
crono.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/crono.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:44 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
134409901_1GG.jpg
images-americanas.b2w.io/produtos/01/00/img/134409/9/
43 KB
44 KB
Image
General
Full URL
https://images-americanas.b2w.io/produtos/01/00/img/134409/9/134409901_1GG.jpg
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:7100:2be::19fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
BIS /
Resource Hash
5e4ac4d75693e825dbd726cf41b3fc31edd8caab6fe6b9daa2599c75f9ec9237

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 21 Mar 2021 19:21:43 GMT
last-modified
Thu, 03 Dec 2020 21:03:52 GMT
server
BIS
etag
850a0fc308fe214055c75669d58d9a03958517db86102cdf6a0ccba089ddb0ee
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
cache-control
public, max-age=604800
warning
55742
content-disposition
inline; filename="134409901_1GG.webp"
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
content-length
44344
x-request-id
H2dnTWkMGYg1_m66YGFKE
expires
Sun, 28 Mar 2021 19:21:43 GMT
134409901_2GG.jpg
images-americanas.b2w.io/produtos/01/00/img/134409/9/
118 KB
119 KB
Image
General
Full URL
https://images-americanas.b2w.io/produtos/01/00/img/134409/9/134409901_2GG.jpg
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:7100:2be::19fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
BIS /
Resource Hash
65f7a8a4cbc65331a575bc8a27b185415c4e5266fd6501bc08a2959f34ade2a0

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
204
date
Sun, 21 Mar 2021 19:21:43 GMT
x-edgeconnect-midmile-rtt
113
content-disposition
inline; filename="134409901_2GG.webp"
content-length
120594
x-request-id
mzU5bTEwa1_-58ggKNobU
last-modified
Tue, 08 Dec 2020 20:03:20 GMT
server
BIS
etag
2d3c3402eac6bf524e733a8c585cf5c377065d09a6e3ca425c787887d0109ca7
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
cache-control
public, max-age=604800
warning
43764
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
expires
Sun, 28 Mar 2021 19:21:43 GMT
134409901_3GG.jpg
images-americanas.b2w.io/produtos/01/00/img/134409/9/
34 KB
35 KB
Image
General
Full URL
https://images-americanas.b2w.io/produtos/01/00/img/134409/9/134409901_3GG.jpg
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:7100:2be::19fe Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
BIS /
Resource Hash
bd06e938fd2363b98d758d1f76190d3cdea8c86f98e67e6370323f55087823a3

Request headers

Referer
https://saldao-ame-pascoa.vip/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
200
date
Sun, 21 Mar 2021 19:21:43 GMT
x-edgeconnect-midmile-rtt
114
content-disposition
inline; filename="134409901_3GG.webp"
content-length
34944
x-request-id
Usfdv_jOZ-qPu3qAzLVRI
last-modified
Mon, 14 Dec 2020 01:25:51 GMT
server
BIS
etag
b974017b4dd87077ab22fc6b0139364b897c55489c6d027e3ede03568a8f7f9f
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
cache-control
public, max-age=604800
warning
43764
access-control-allow-headers
DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, charset, Content-Encoding, Location, Allow, X-TID, WWW-Authenticate, X-Access-Control-Realm, internalId, Accept-Encoding, Accept-Language, Access-Control-Request-Headers, Access-Control-Request-Method, Connection, Host, Origin, Pragma, Referer, X-Preview, log
expires
Sun, 28 Mar 2021 19:21:43 GMT
sbara.png
saldao-ame-pascoa.vip/oferta/ame/img/
284 B
284 B
Image
General
Full URL
https://saldao-ame-pascoa.vip/oferta/ame/img/sbara.png
Requested by
Host: saldao-ame-pascoa.vip
URL: https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.123.236.60 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
60.236.123.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
8cc65dc7aac3904a3dbfd2289dc5009218a4caaccfe39afd58e3b4290ad65b5b

Request headers

Referer
https://saldao-ame-pascoa.vip/oferta/?COMON/=INDEX&id=5&cp23,2021,31,78,78,3,03,PM,Saturday,2021,2021,Saturday&fbclid=IwAR2GOC-0OUqDZ4OWQ9_5IKN03ue5K-LD-528POcRO71579Dm7_RdzEgCwmo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 21 Mar 2021 19:21:44 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
284
Content-Type
text/html; charset=iso-8859-1
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2787068b8e08596bdff9a69821d0132dbd3d7fa3d04bea790994252442846f7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lojas Americanas (Retail)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| PhotoSwipe function| PhotoSwipeUI_Default function| $ function| jQuery object| $jscomp function| limpa_formulario_cep function| response function| pesquisacep function| validarPass function| valida function| sendForm function| validaCPF function| dataNs function| login function| loginface function| cadastro function| address function| comprar function| ccredito function| sonumb function| passwd function| Swiper object| _$_2fae object| swiper1 object| swiper2 function| setCounter function| getTimeRemaining function| initializeClock function| frete function| removeRes function| ExibirMenu function| iFrameResize object| last

1 Cookies

Domain/Path Name / Value
saldao-ame-pascoa.vip/ Name: PHPSESSID
Value: p4eci7ld72cs9m3te9s3to8tup