zpcontents.biz
Open in
urlscan Pro
34.88.95.148
Malicious Activity!
Public Scan
Effective URL: https://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involutely=ekt
Submission: On May 24 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by R3 on May 13th 2022. Valid for: 3 months.
This is the only time zpcontents.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.11 67.199.248.11 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 34.206.195.225 34.206.195.225 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 34.88.95.148 34.88.95.148 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
21 | 2a06:98c1:312... 2a06:98c1:3121::a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 51.77.64.70 51.77.64.70 | 16276 (OVH) (OVH) | |
24 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-195-225.compute-1.amazonaws.com
v6ur9n22r9.execute-api.us-east-1.amazonaws.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 148.95.88.34.bc.googleusercontent.com
zpcontents.biz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
rootcdn.pro
rootcdn.pro — Cisco Umbrella Rank: 467050 |
732 KB |
1 |
ip-api.com
pro.ip-api.com — Cisco Umbrella Rank: 5979 |
243 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
28 KB |
1 |
zpcontents.biz
zpcontents.biz |
13 KB |
1 |
amazonaws.com
1 redirects
v6ur9n22r9.execute-api.us-east-1.amazonaws.com — Cisco Umbrella Rank: 891815 |
246 B |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 4032 |
425 B |
24 | 6 |
Domain | Requested by | |
---|---|---|
21 | rootcdn.pro |
zpcontents.biz
|
1 | pro.ip-api.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
zpcontents.biz
|
1 | zpcontents.biz | |
1 | v6ur9n22r9.execute-api.us-east-1.amazonaws.com | 1 redirects |
1 | bit.ly | 1 redirects |
24 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
treemercy.info |
Subject Issuer | Validity | Valid | |
---|---|---|---|
zpcontents.biz R3 |
2022-05-13 - 2022-08-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-02-21 - 2023-02-20 |
a year | crt.sh |
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-28 - 2022-11-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involutely=ekt
Frame ID: 75F0EC95849B15CA01930CE7A3CEF453
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Bill Gates On A Mission To Change The World And Help Ordinary People Get Out Of PovertyPage URL History Show full URLs
-
https://bit.ly/3sPMP91
HTTP 301
https://v6ur9n22r9.execute-api.us-east-1.amazonaws.com/production/?u=HttPS://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involute... HTTP 302
https://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involutely=ekt Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: mirror
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3sPMP91
HTTP 301
https://v6ur9n22r9.execute-api.us-east-1.amazonaws.com/production/?u=HttPS://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involutely=ekt&key=19979e1a3ce3d1fac91e43416a7c350f&type=FE&cuid=pe-W48&presorts=ber&miscoded=aadr HTTP 302
https://zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/?involutely=ekt Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
zpcontents.biz/qb/w1ha1apx1rw91ez/fhu/pu/tse/ Redirect Chain
|
89 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
rootcdn.pro/html/en/images/13/ |
700 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
41282b58cf85ddaf5d28df96ed91de98.png
rootcdn.pro/html/en/images/13/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
circle-twitter-2.png
rootcdn.pro/html/en/images/13/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pinterest-icon-image-53.png
rootcdn.pro/html/en/images/13/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
images.png
rootcdn.pro/html/en/images/13/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bga.jpg
rootcdn.pro/html/en/images/13/ |
32 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bgb.jpg
rootcdn.pro/html/en/images/13/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bgc.jpg
rootcdn.pro/html/en/images/13/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
signup_qt_desk.jpg
rootcdn.pro/html/en/images/13/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
deposit_qt_desk_laptop.jpg
rootcdn.pro/html/en/images/13/ |
39 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
start_gbp.jpg
rootcdn.pro/html/en/images/13/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gbp-2.jpg
rootcdn.pro/html/en/images/13/ |
48 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gbp-pp.jpg
rootcdn.pro/html/en/images/13/ |
27 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
call.png
rootcdn.pro/html/en/images/13/ |
90 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
odA9sNLrE86.jpg
rootcdn.pro/html/en/images/13/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
540562_430147157013818_32273000_n.jpg
rootcdn.pro/html/en/images/13/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c11.jpg
rootcdn.pro/html/en/images/13/ |
1008 B 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
26254_100854763287133_3441493_n.jpg
rootcdn.pro/html/en/images/13/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c9.jpg
rootcdn.pro/html/en/images/13/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
13417709_10156999054495156_89965319140675792_n.jpg
rootcdn.pro/html/en/images/13/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sidebar.png
rootcdn.pro/html/en/images/13/ |
159 KB 159 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
pro.ip-api.com/json/ |
88 B 243 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| replaceValueWithSymbol function| ipLookUp object| dayNames object| monthNames object| now1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bit.ly/ | Name: _bit Value: m4o8wX-177a99515ca2ec757c-00f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
cdnjs.cloudflare.com
pro.ip-api.com
rootcdn.pro
v6ur9n22r9.execute-api.us-east-1.amazonaws.com
zpcontents.biz
2606:4700::6811:190e
2a06:98c1:3121::a
34.206.195.225
34.88.95.148
51.77.64.70
67.199.248.11
08e45c4e07231dd63ceeacb0ab3c7bbb8d86d9228087e668f847ddaa6be6e256
1b07216e6a8af349bc5841c253dd7c0151bd677791734c394edbb2b531ad1658
2a24c2fa67a1b131e597c59792028b201ae850f8760364172471a001ad9504c4
2b40e638ff53a5dfaaf34917fd24db43bdfc7fa00cdac8a486820be9deed5438
2f9d37b7b46c8f723c86dbbc490e75c62d0f9e305aadddcc34fbd2ad9938b7f8
4a23ca4ccc821dc5aa84684ecf159d8247ecbd76c440a9441989c2ceb0bce2e9
4c8309fd3817b1d1372b1abcd36591f30d405e3e66105ca19073b0993e4eca57
565f50c114fc73f24d8d06ae10723550c13ceab3504ddba15a09a339fc4ec6da
6a06887d5762ecda17c5a8728b90e8fb9e806777f90d0d6a8a9693ed84c57632
6eaf5de671253229c0b99b3581bbe7332fa6f485f8287f2d6e1c72330b776054
759a75f78365ae447a91dc9a5349a6eefd25093184637f261269bff5b96434aa
86a4baf758d7e70355c2ca044f6bf5dd9b250bfe76a80158a9319a00dd4af0ae
8be68b007bdc73d3608ce3f350e75d509f53dc117b2b34ef95eabfd4b2ee9a93
973373859d28d6c3abc165ba2f901db2408c4f418064e73d04c998ad7ce504dc
97db498e73af80195c931d8044dbdf6d4d8aa47a134106c460adff05ef237b63
ab9efffeec8b90f29891659da9a76c3555f5f50b6a63ba302c2fd3036a1f8f47
b4e57609c88f59eda8f2d8ec2d06c2a5ef1788a62d3c5b9cbc2dae43ff8ea54b
d2a05fae59703fcecabc91bf2feb88d7f7cda64f52fcb29e3f41bb8e0db34065
d468c313e5b553257278d1e98bc04e22fc94a6f36fdbae545bb5e3fdc951a3ab
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b
e56cb5829de44d6497f0a126e160ed90fff91daa66eca02511ddf8fd5de078b9
e620b573d7cb8701b0ed12b9dfca9dc2e7a646faa706d8a09bd3cc1e8c6ba25a
ec245e73a504f55c92bd7742caf23361fdb4991bc9618bb6a04a19aa2e9d2637
fcc1625bb0f9e9fce3ac4ebb6a452608c8070aad218e8cd0b861084694cbb4be
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e