![](/screenshots/8f819d07-fc3e-48da-8ea9-30d60bebf22c.png)
www.zapempreendimentos.com
Open in
urlscan Pro
144.217.254.145
Malicious Activity!
Public Scan
Effective URL: http://www.zapempreendimentos.com/img/dk102/ostred/
Submission Tags: falconsandbox
Submission: On January 19 via api from US — Scanned from DE
Summary
This is the only time www.zapempreendimentos.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ørsted (Utility)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 103.146.63.70 103.146.63.70 | 139457 (IDNIC-ANT...) (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia) | |
4 | 144.217.254.145 144.217.254.145 | 16276 (OVH) (OVH) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:811::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::2003 | 15169 (GOOGLE) (GOOGLE) | |
10 | 6 |
ASN139457 (IDNIC-ANTMEDIAHOST-AS-ID PT Semut Data Indonesia, ID)
PTR: guppy.serverkita.web.id
rimbapokerqq.com |
ASN16276 (OVH, FR)
PTR: apolo.hostsrv.org
www.zapempreendimentos.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
zapempreendimentos.com
www.zapempreendimentos.com |
10 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 680 |
35 KB |
1 |
gstatic.com
fonts.gstatic.com |
13 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 584 |
30 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47 |
1 KB |
1 |
rimbapokerqq.com
rimbapokerqq.com |
465 B |
10 | 6 |
Domain | Requested by | |
---|---|---|
4 | www.zapempreendimentos.com |
rimbapokerqq.com
www.zapempreendimentos.com |
2 | maxcdn.bootstrapcdn.com |
www.zapempreendimentos.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | code.jquery.com |
www.zapempreendimentos.com
|
1 | fonts.googleapis.com |
www.zapempreendimentos.com
|
1 | rimbapokerqq.com | |
10 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rimbapokerqq.com cPanel, Inc. Certification Authority |
2021-12-05 - 2022-03-05 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-01 - 2022-02-28 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.zapempreendimentos.com/img/dk102/ostred/
Frame ID: B010B6182CBAC61334A3B236FC4D4E72
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/8f819d07-fc3e-48da-8ea9-30d60bebf22c.png)
Page Title
PostenPage URL History Show full URLs
- https://rimbapokerqq.com/nt/ Page URL
- http://www.zapempreendimentos.com/img/dk102/ostred/ Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://rimbapokerqq.com/nt/ Page URL
- http://www.zapempreendimentos.com/img/dk102/ostred/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
rimbapokerqq.com/nt/ |
404 B 465 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
www.zapempreendimentos.com/img/dk102/ostred/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shoflhih.css
www.zapempreendimentos.com/img/dk102/ostred/src/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pn-blue.svg
www.zapempreendimentos.com/img/dk102/ostred/src/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ship.png
www.zapempreendimentos.com/img/dk102/ostred/src/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v21/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ørsted (Utility)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
rimbapokerqq.com
www.zapempreendimentos.com
103.146.63.70
144.217.254.145
2001:4de0:ac18::1:a:1a
2606:4700::6812:bcf
2a00:1450:4001:808::2003
2a00:1450:4001:811::200a
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2f19df02c1980748eeb017bd89006315c7aff55f694631ad2665218a248a0525
66c73d487251b87295a304e3eb505801761e6ef605435faa9cd8df8b4234e840
75ed46c8a615a1e11cc69a1cb1d6fce00a1ac8078e45b70b88d2233681487edd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb
cd1f7cb86ece6160385a44af8717572bd8e5a79c0a379bfdb1e07b49d9fc06af
e4693ae478e1e7aab4ad441a824430a2299d89c3354e388eb10f6ea8100f6b7f
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b