urlscan.io logo urlscan.io
SecurityTrails logo

www.zapempreendimentos.com Open in urlscan Pro
144.217.254.145  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://rimbapokerqq.com/nt/
Effective URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Submission Tags: falconsandbox
Submission: On January 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 5 countries across 6 domains to perform 10 HTTP transactions. The main IP is 144.217.254.145, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is www.zapempreendimentos.com.
This is the only time www.zapempreendimentos.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ørsted (Utility)

Domain & IP information

IP Address AS Autonomous System
1 103.146.63.70 139457 (IDNIC-ANT...)
4 144.217.254.145 16276 (OVH)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
10 6
1    103.146.63.70 (Indonesia)

ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID)
PTR: guppy.serverkita.web.id
rimbapokerqq.com
4    144.217.254.145 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: apolo.hostsrv.org
www.zapempreendimentos.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
4 zapempreendimentos.com
www.zapempreendimentos.com
10 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 680
35 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 584
30 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
1 KB
1 rimbapokerqq.com
rimbapokerqq.com
465 B
10 6
Domain Requested by
4 www.zapempreendimentos.com rimbapokerqq.com
www.zapempreendimentos.com
2 maxcdn.bootstrapcdn.com www.zapempreendimentos.com
1 fonts.gstatic.com fonts.googleapis.com
1 code.jquery.com www.zapempreendimentos.com
1 fonts.googleapis.com www.zapempreendimentos.com
1 rimbapokerqq.com
10 6

This site contains no links.

Subject Issuer Validity Valid
rimbapokerqq.com
cPanel, Inc. Certification Authority		 2021-12-05 -
2022-03-05		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://www.zapempreendimentos.com/img/dk102/ostred/
Frame ID: B010B6182CBAC61334A3B236FC4D4E72
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Posten

Page URL History Show full URLs

  1. https://rimbapokerqq.com/nt/ Page URL
  2. http://www.zapempreendimentos.com/img/dk102/ostred/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

60 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

5
Countries

89 kB
Transfer

303 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rimbapokerqq.com/nt/ Page URL
  2. http://www.zapempreendimentos.com/img/dk102/ostred/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
rimbapokerqq.com/nt/ 		404 B
465 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rimbapokerqq.com/nt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
103.146.63.70 , Indonesia, ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID),
Reverse DNS
guppy.serverkita.web.id
Software
LiteSpeed /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
content-length
222
content-encoding
br
vary
Accept-Encoding
date
Wed, 19 Jan 2022 12:11:28 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Primary Request /
www.zapempreendimentos.com/img/dk102/ostred/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.zapempreendimentos.com/img/dk102/ostred/
Requested by
Host: rimbapokerqq.com
URL: https://rimbapokerqq.com/nt/
Protocol
HTTP/1.1
Server
144.217.254.145 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
apolo.hostsrv.org
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2f19df02c1980748eeb017bd89006315c7aff55f694631ad2665218a248a0525

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Wed, 30 Jun 2021 03:19:16 GMT
Accept-Ranges
bytes
ETag
"052e5b45e6dd71:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
X-Powered-By-Plesk
PleskWin
Date
Wed, 19 Jan 2022 12:11:33 GMT
Content-Length
2266
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 12:11:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
23443579
cdn-cachedat
2021-04-23 05:58:16
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
484b4991016a320e1f92849c6c879584
cf-ray
6cfff741fa9f375c-MXP
cdn-requestcountrycode
EG
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e4693ae478e1e7aab4ad441a824430a2299d89c3354e388eb10f6ea8100f6b7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 19 Jan 2022 10:38:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 19 Jan 2022 12:11:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 19 Jan 2022 12:11:28 GMT
shoflhih.css
www.zapempreendimentos.com/img/dk102/ostred/src/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.zapempreendimentos.com/img/dk102/ostred/src/shoflhih.css
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
HTTP/1.1
Server
144.217.254.145 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
apolo.hostsrv.org
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
75ed46c8a615a1e11cc69a1cb1d6fce00a1ac8078e45b70b88d2233681487edd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/img/dk102/ostred/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Powered-By-Plesk
PleskWin
Date
Wed, 19 Jan 2022 12:11:33 GMT
Content-Encoding
gzip
Last-Modified
Wed, 30 Jun 2021 03:20:42 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"0e127e85e6dd71:0"
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
907
pn-blue.svg
www.zapempreendimentos.com/img/dk102/ostred/src/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.zapempreendimentos.com/img/dk102/ostred/src/pn-blue.svg
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
HTTP/1.1
Server
144.217.254.145 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
apolo.hostsrv.org
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
66c73d487251b87295a304e3eb505801761e6ef605435faa9cd8df8b4234e840

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/img/dk102/ostred/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Powered-By-Plesk
PleskWin
Date
Wed, 19 Jan 2022 12:11:33 GMT
Last-Modified
Wed, 30 Jun 2021 03:18:00 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"0a498875e6dd71:0"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
2357
ship.png
www.zapempreendimentos.com/img/dk102/ostred/src/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.zapempreendimentos.com/img/dk102/ostred/src/ship.png
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
HTTP/1.1
Server
144.217.254.145 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
apolo.hostsrv.org
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
cd1f7cb86ece6160385a44af8717572bd8e5a79c0a379bfdb1e07b49d9fc06af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/img/dk102/ostred/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Powered-By-Plesk
PleskWin
Date
Wed, 19 Jan 2022 12:11:33 GMT
Last-Modified
Wed, 30 Jun 2021 03:18:14 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
ETag
"0dff08f5e6dd71:0"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
3420
jquery-3.2.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 12:11:28 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
etag
W/"58d026fb-15283"
vary
Accept-Encoding
x-hw
1642594288.dop204.ml1.t,1642594288.cds201.ml1.hn,1642594288.cds202.ml1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30125
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: www.zapempreendimentos.com
URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://www.zapempreendimentos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 12:11:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
23443663
cdn-cachedat
2021-04-23 06:00:47
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
77815490524650412ad7e58bcfb30203
cf-ray
6cfff741faa4375c-MXP
cdn-requestcountrycode
EG
cdn-requestpullsuccess
True
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v21/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v21/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://www.zapempreendimentos.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 18 Jan 2022 19:29:50 GMT
x-content-type-options
nosniff
age
60099
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12648
x-xss-protection
0
last-modified
Tue, 11 Jan 2022 19:19:52 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 18 Jan 2023 19:29:50 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ørsted (Utility)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap

0 Cookies