account-api.grupozap.com Open in urlscan Pro
104.18.39.228 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://account-api.grupozap.com/
Effective URL:
https://account-api.grupozap.com/
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On December 18 via api (December 18th 2023, 6:36:47 pm UTC) from IT — Scanned from IT

Summary HTTP 17 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 17 HTTP transactions. The main IP is 104.18.39.228, located in and belongs to CLOUDFLARENET, US. The main domain is account-api.grupozap.com.
TLS certificate: Issued by E1 on December 2nd 2023. Valid for: 3 months.

This is the only time account-api.grupozap.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.64.148.28 172.64.148.28	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 16	104.18.39.228 104.18.39.228	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.217.48.188 52.217.48.188	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.136 142.250.186.136	15169 (GOOGLE) (GOOGLE)
1	18.214.139.226 18.214.139.226	14618 (AMAZON-AES) (AMAZON-AES)
17	4

1 172.64.148.28 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

account-api.grupozap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.18.39.228 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

account-api.grupozap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gzuis.grupozap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.48.188 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

zap-site.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.139.226 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-139-226.compute-1.amazonaws.com

tracking.vivareal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	grupozap.com 3 redirects account-api.grupozap.com gzuis.grupozap.com — Cisco Umbrella Rank: 825934	217 KB
1	vivareal.com tracking.vivareal.com — Cisco Umbrella Rank: 653197	346 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	54 KB
1	amazonaws.com zap-site.s3.amazonaws.com	179 KB
17	4

	Domain	Requested by
12	account-api.grupozap.com	2 redirects account-api.grupozap.com
5	gzuis.grupozap.com	1 redirects account-api.grupozap.com gzuis.grupozap.com
1	tracking.vivareal.com	account-api.grupozap.com
1	www.googletagmanager.com	account-api.grupozap.com
1	zap-site.s3.amazonaws.com	account-api.grupozap.com
17	5

This site contains links to these domains. Also see Links.

Domain
www.grupozap.com

Subject Issuer	Validity	Valid
grupozap.com E1	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tracking.olx.com.br Amazon RSA 2048 M03	`2023-12-06` - `2025-01-04`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://account-api.grupozap.com/
Frame ID: 222F3365AAEC2012E52ACABA605DB62F
Requests: 11 HTTP requests in this frame

Frame: https://gzuis.grupozap.com/
Frame ID: 368E73674847B4199D5D02F00AE648E2
Requests: 2 HTTP requests in this frame

Frame: https://gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 64BC2001839946A7FE674869E020EA97
Requests: 2 HTTP requests in this frame

Frame: https://account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
Frame ID: 5679C692DB29814D00DC8C409F38C2A5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Viva Real - Login

Page URL History Show full URLs

http://account-api.grupozap.com/ HTTP 301
https://account-api.grupozap.com/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Page Statistics

17
Requests

88 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

449 kB
Transfer

1076 kB
Size

8
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.grupozap.com/v2/terms.html
Title: Termos de uso

Search URL Search Domain Scan URL

URL: https://www.grupozap.com/v2/privacy.html
Title: Política de privacidade

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://account-api.grupozap.com/ HTTP 301
https://account-api.grupozap.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://gzuis.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Request Chain 13

https://account-api.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
account-api.grupozap.com/
Redirect Chain

http://account-api.grupozap.com/
https://account-api.grupozap.com/

3 KB
2 KB

500ms
446ms

Document
text/html

104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb027c5e08da82678286d2a19e1e8c9847957d521c2c2dc346ea0786fd31ac5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 837983448c5174ec-FCO
content-encoding: br
content-language: it-IT
content-type: text/html
date: Mon, 18 Dec 2023 18:36:41 GMT
expires: 0
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15724800
vary: Accept-Encoding
x-application-context: account-api:prod:1
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 83798343ff8074e2-FCO
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 18 Dec 2023 18:36:40 GMT
Expires: Mon, 18 Dec 2023 19:36:40 GMT
Location: https://account-api.grupozap.com/
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 styles.css
account-api.grupozap.com/ 51 KB
5 KB 443ms
442ms Stylesheet
text/css 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/styles.css

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dca61440b798a7d8f3138b266d31759d7d1ee41c6d4f730b4480d124574d3a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:41 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 83798347582d74ec-FCO
expires: 0

GET
H2 200 app.js Show response
account-api.grupozap.com/ 544 KB
173 KB 542ms
542ms Script
application/javascript 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/app.js

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78782c10e981aee291d567787bb49cef17bc926c0355dd92305ba2ca8f4e8d1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 83798347583374ec-FCO
expires: 0

GET
H2 200 / Show response
gzuis.grupozap.com/ Frame 368E 1 KB
935 B 69ms
40ms Document
text/html 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gzuis.grupozap.com/
Requested by: Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 161e860a0b15be2024f6e6edbd435f8e066b2c246c30fd7c09551b737f68aaaa

Request headers

Referer: https://account-api.grupozap.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

age: 2243
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 83798347888774ec-FCO
content-encoding: br
content-type: text/html
date: Mon, 18 Dec 2023 18:36:41 GMT
expires: Mon, 18 Dec 2023 22:36:41 GMT
last-modified: Fri, 25 Aug 2023 17:29:43 GMT
server: cloudflare
vary: Accept-Encoding
via: 1.1 99cbca0951645f2779e512baf9721780.cloudfront.net (CloudFront)
x-amz-cf-id: bQUIFp4c__W57jNzeZEI42EhPn6vpsYRQobSE-sbWbZEIKepPSVYvA==
x-amz-cf-pop: MXP63-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront

GET
H3 200 main.js Show response
gzuis.grupozap.com/ Frame 368E 2 KB
1 KB 54ms
54ms Script
text/javascript 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gzuis.grupozap.com/main.js
Requested by: Host: gzuis.grupozap.com
URL: https://gzuis.grupozap.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 597823ba6d598915364a69d043c9c85eae4ecf37b1fee71a8ae60e57a93f5a92

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://gzuis.grupozap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:41 GMT
via: 1.1 1e6f860154964b13d36047df7cb2b1a2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-cf-pop: BAH52-C1
age: 2243
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 25 Aug 2023 17:29:43 GMT
server: cloudflare
etag: W/"6654899a7c34d8d626cfe275e9e5dcc3"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=14400
cf-ray: 83798347cfd0a319-FCO
x-amz-cf-id: LWgBjOn_RgaF4Z-N9T2OFJsGBSawzCEriNeHZLygcp1Ip3TIs3oOyQ==
expires: Mon, 18 Dec 2023 22:36:41 GMT

GET
H3

200

main.js Show response
gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 64BC
Redirect Chain

https://gzuis.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

7 KB
3 KB

42ms
42ms

Script
application/javascript

104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/

Protocol

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4e4de7c03b40f976d76e48b8b4aa20246a3f2f0806bcdffb6d59bd1f246ef8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8379834868baa319-FCO
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 18 Dec 2023 18:36:41 GMT
server: cloudflare
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
cache-control: max-age=300, public
cf-ray: 83798348286ca319-FCO
alt-svc: h3=":443"; ma=86400

POST
H3 200 83798347888774ec Show response
gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 64BC 0
269 B 55ms
54ms XHR
text/plain 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gzuis.grupozap.com/cdn-cgi/challenge-platform/h/g/jsd/r/83798347888774ec
Requested by: Host: gzuis.grupozap.com
URL: https://gzuis.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Dec 2023 18:36:41 GMT
content-encoding: br
server: cloudflare
cf-ray: 8379834919eca319-FCO
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

GET
H/1.1 200
OK prebid7.28.0.js Show response
zap-site.s3.amazonaws.com/ 178 KB
179 KB 445ms
157ms Script
application/javascript 52.217.48.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zap-site.s3.amazonaws.com/prebid7.28.0.js
Requested by: Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/app.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.48.188 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: ebcd4461674c46e4cad1a6e93c5920abb8ecec91117f7cfb1c71a1c351471210

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Mon, 18 Dec 2023 18:36:43 GMT
x-amz-version-id: EK.j9zmeO07Fh7UnO0nVhUqMFZGZzFFj
Last-Modified: Mon, 03 Jul 2023 15:19:59 GMT
Server: AmazonS3
x-amz-request-id: JR4B02DV4CFKGZE0
ETag: "11c0e94059a10c6b0cdede313338abe8"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 182591
x-amz-id-2: WQIwoag0gbezuYd1U+BDc6xuwn3xpX1cjXFNoD05Oif8OFq3Y5XAdhBwaXWm20ObdL/Ybj5d1OM=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 250 KB
54 KB 197ms
100ms Script
application/javascript 142.250.186.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TRGML4R&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9399e40d364cbac3b40c68a127b3c5f534221e488871c0010cf711a1e38a347c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55280
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 18 Dec 2023 18:36:42 GMT

GET
H3 200 logo-vivareal.svg
account-api.grupozap.com/static/images/ 7 KB
3 KB 474ms
474ms Image
image/svg+xml 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://account-api.grupozap.com/static/images/logo-vivareal.svg

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/vivareal/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b927efa27af6ba72a19a33aaa74e12439832868cd94ae6e4e8145c5d9325bb84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/vivareal/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 8379834b6de2a319-FCO
expires: 0

GET
H3 200 facebook.svg
account-api.grupozap.com/static/images/ 1 KB
891 B 451ms
451ms Image
image/svg+xml 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://account-api.grupozap.com/static/images/facebook.svg

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a55adeebef83c09fc1c4000ce7059da9c8c67f4b44fc4e22b32e551648afd23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 8379834b6de6a319-FCO
expires: 0

GET
H3 200 google.svg
account-api.grupozap.com/static/images/ 2 KB
1 KB 449ms
449ms Image
image/svg+xml 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://account-api.grupozap.com/static/images/google.svg

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

befb8dd5c7828ed6c62bd8e1503655b5b513e570f80e8d6cd3cf178fdb923bff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://account-api.grupozap.com/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 8379834b6deca319-FCO
expires: 0

GET
H3 200 Open_Sans_400.woff2
account-api.grupozap.com/static/fonts/ 10 KB
10 KB 474ms
474ms Font
application/font-woff2 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/static/fonts/Open_Sans_400.woff2

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

732d5765c33eff81c7825dcc5e8cd1eda32dc04f39da7cae66accf9580b1e3a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://account-api.grupozap.com/styles.css
Origin: https://account-api.grupozap.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 10352
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
vary: Origin
x-frame-options: DENY
content-type: application/font-woff2
access-control-allow-origin: https://account-api.grupozap.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8379834b6df0a319-FCO
expires: 0

GET
H3 200 Open_Sans_600.woff2
account-api.grupozap.com/static/fonts/ 10 KB
10 KB 451ms
451ms Font
application/font-woff2 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/static/fonts/Open_Sans_600.woff2

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

417e156e282af4b7d146d16b8fc9505255de2d8d085d40e37afe5089b8fe9b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://account-api.grupozap.com/styles.css
Origin: https://account-api.grupozap.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
strict-transport-security: max-age=15724800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 10328
x-xss-protection: 1; mode=block
x-application-context: account-api:prod:1
pragma: no-cache
last-modified: Thu, 09 Nov 2023 14:12:32 GMT
server: cloudflare
vary: Origin
x-frame-options: DENY
content-type: application/font-woff2
access-control-allow-origin: https://account-api.grupozap.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8379834b6df2a319-FCO
expires: 0

GET
H3

200

main.js Show response
account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/ Frame 5679
Redirect Chain

https://account-api.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

7 KB
3 KB

33ms
32ms

Script
application/javascript

104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js

Requested by

Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/vivareal/

Protocol

Server

104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38d31bfbb419ce026ce54986e97e3eee0febf8c75c2f5f89d9191c1b76598626

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8379834bae3ea319-FCO
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 18 Dec 2023 18:36:42 GMT
server: cloudflare
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/74bd6362/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 8379834b7dfda319-FCO
alt-svc: h3=":443"; ma=86400

POST
H3 200 837983448c5174ec Show response
account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 5679 0
270 B 52ms
51ms XHR
text/plain 104.18.39.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account-api.grupozap.com/cdn-cgi/challenge-platform/h/g/jsd/r/837983448c5174ec
Requested by: Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.39.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Dec 2023 18:36:42 GMT
content-encoding: br
server: cloudflare
cf-ray: 8379834c4f4da319-FCO
alt-svc: h3=":443"; ma=86400
content-type: text/plain; charset=UTF-8

POST
H2 202 v2 Show response
tracking.vivareal.com/events/ 0
346 B 395ms
124ms XHR
text/html 18.214.139.226
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.vivareal.com/events/v2
Requested by: Host: account-api.grupozap.com
URL: https://account-api.grupozap.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.214.139.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-139-226.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://account-api.grupozap.com/
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://account-api.grupozap.com
date: Mon, 18 Dec 2023 18:36:42 GMT
access-control-allow-credentials: true
server: nginx
content-type: text/html;charset=utf-8

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.grupozap.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 7ByHg8rQlgqsRnWyT_ProtpYPDkF05h8i.hDf804oiY-1702924600966-0-604800000
.grupozap.com/	1970-01-20 17:02:06	Name: __cf_bm Value: Yx6X.HaF8SxL4qkUTSZpB9h271RbzyJ.yPvgDIkvV4k-1702924601-1-AbxlKSd8mU+VnQMpsxmfe11G4FPdVTnXZxFNHcZ2dkWCDewBMFEcoH06aweha0anrYXcy6vk9wtTc6mrfE1nKQ8=
gzuis.grupozap.com/	1969-12-31 23:59:59	Name: GZUID Value: NDI1OTU1Mjg4ODI1MjQ1ODcxNzAyOTI0NjAxNjEyMTcwMjk=
.grupozap.com/	1970-01-20 19:11:40	Name: _xdvc Value: clqb9c8i900003c71j4owkh21
.grupozap.com/	1970-01-20 19:11:40	Name: _xcf Value: 1
.grupozap.com/	1970-01-20 19:11:40	Name: new_vivareal_user_id_generation_date Value: Mon%20Dec%2018%202023%2019:36:42%20GMT+0100%20(Central%20European%20Standard%20Time)
.grupozap.com/	1970-01-20 19:11:40	Name: z_user_id Value: clqb9c8ib00013c71en4abm7d
.grupozap.com/	1970-01-21 01:47:40	Name: cf_clearance Value: GL4fRzpLYLxTpkkimmImnrOdu.mSc.vPIP4ewZjcff4-1702924602-0-1-76ea96af.5d119be4.aba5885-0.2.1702924602

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account-api.grupozap.com
gzuis.grupozap.com
tracking.vivareal.com
www.googletagmanager.com
zap-site.s3.amazonaws.com
104.18.39.228
142.250.186.136
172.64.148.28
18.214.139.226
52.217.48.188
161e860a0b15be2024f6e6edbd435f8e066b2c246c30fd7c09551b737f68aaaa
38d31bfbb419ce026ce54986e97e3eee0febf8c75c2f5f89d9191c1b76598626
417e156e282af4b7d146d16b8fc9505255de2d8d085d40e37afe5089b8fe9b77
597823ba6d598915364a69d043c9c85eae4ecf37b1fee71a8ae60e57a93f5a92
5a55adeebef83c09fc1c4000ce7059da9c8c67f4b44fc4e22b32e551648afd23
732d5765c33eff81c7825dcc5e8cd1eda32dc04f39da7cae66accf9580b1e3a7
78782c10e981aee291d567787bb49cef17bc926c0355dd92305ba2ca8f4e8d1b
9399e40d364cbac3b40c68a127b3c5f534221e488871c0010cf711a1e38a347c
a4e4de7c03b40f976d76e48b8b4aa20246a3f2f0806bcdffb6d59bd1f246ef8c
b927efa27af6ba72a19a33aaa74e12439832868cd94ae6e4e8145c5d9325bb84
befb8dd5c7828ed6c62bd8e1503655b5b513e570f80e8d6cd3cf178fdb923bff
dca61440b798a7d8f3138b266d31759d7d1ee41c6d4f730b4480d124574d3a81
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebcd4461674c46e4cad1a6e93c5920abb8ecec91117f7cfb1c71a1c351471210
fb027c5e08da82678286d2a19e1e8c9847957d521c2c2dc346ea0786fd31ac5f

account-api.grupozap.com Open in urlscan Pro 104.18.39.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

88 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

4 IPs

2 Countries

449 kBTransfer

1076 kBSize

8 Cookies

2 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

8 Cookies

Security Headers

Indicators

account-api.grupozap.com Open in urlscan Pro
104.18.39.228 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

449 kB
Transfer

1076 kB
Size

8
Cookies

17 HTTP transactions
0 data transactions