zpcontents.biz
Open in
urlscan Pro
34.88.95.148
Malicious Activity!
Public Scan
Effective URL: https://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz
Submission: On May 26 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by R3 on May 13th 2022. Valid for: 3 months.
This is the only time zpcontents.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 34.226.235.47 34.226.235.47 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 34.88.95.148 34.88.95.148 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
21 | 2a06:98c1:312... 2a06:98c1:3120::a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 51.77.64.70 51.77.64.70 | 16276 (OVH) (OVH) | |
24 | 5 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-235-47.compute-1.amazonaws.com
sherlock.scribblelive.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 148.95.88.34.bc.googleusercontent.com
zpcontents.biz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
rootcdn.pro
rootcdn.pro |
732 KB |
1 |
ip-api.com
pro.ip-api.com — Cisco Umbrella Rank: 5985 |
238 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 206 |
28 KB |
1 |
zpcontents.biz
zpcontents.biz — Cisco Umbrella Rank: 419805 |
13 KB |
1 |
scribblelive.com
1 redirects
sherlock.scribblelive.com — Cisco Umbrella Rank: 336014 |
241 B |
1 |
bit.ly
1 redirects
bit.ly — Cisco Umbrella Rank: 4394 |
406 B |
24 | 6 |
Domain | Requested by | |
---|---|---|
21 | rootcdn.pro |
zpcontents.biz
|
1 | pro.ip-api.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
zpcontents.biz
|
1 | zpcontents.biz | |
1 | sherlock.scribblelive.com | 1 redirects |
1 | bit.ly | 1 redirects |
24 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
harboradvice.info |
Subject Issuer | Validity | Valid | |
---|---|---|---|
zpcontents.biz R3 |
2022-05-13 - 2022-08-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-02-21 - 2023-02-20 |
a year | crt.sh |
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA |
2021-10-28 - 2022-11-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz
Frame ID: 5070254CA2C2B5D77CE15822F77E23A0
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
Bill Gates On A Mission To Change The World And Help Ordinary People Get Out Of PovertyPage URL History Show full URLs
-
https://bit.ly/3wHv6lq
HTTP 301
https://sherlock.scribblelive.com/r?u=httPS://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz&p=bd2... HTTP 301
https://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: mirror
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/3wHv6lq
HTTP 301
https://sherlock.scribblelive.com/r?u=httPS://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz&p=bd274340-95e0-11e8-9b44-c94b7653a9ee&c=9983&e=1144816&alphabetize=tfeu&consecratory=v HTTP 301
https://zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/?megalopic=qzz Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
zpcontents.biz/f/t1nm1q19dagxhd1a/kt/aby/tn/ Redirect Chain
|
84 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
rootcdn.pro/html/en/images/13/ |
700 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
41282b58cf85ddaf5d28df96ed91de98.png
rootcdn.pro/html/en/images/13/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
circle-twitter-2.png
rootcdn.pro/html/en/images/13/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pinterest-icon-image-53.png
rootcdn.pro/html/en/images/13/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
images.png
rootcdn.pro/html/en/images/13/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bga.jpg
rootcdn.pro/html/en/images/13/ |
32 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bgb.jpg
rootcdn.pro/html/en/images/13/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bgc.jpg
rootcdn.pro/html/en/images/13/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
signup_qt_desk.jpg
rootcdn.pro/html/en/images/13/ |
50 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
deposit_qt_desk_laptop.jpg
rootcdn.pro/html/en/images/13/ |
39 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
start_gbp.jpg
rootcdn.pro/html/en/images/13/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gbp-2.jpg
rootcdn.pro/html/en/images/13/ |
48 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gbp-pp.jpg
rootcdn.pro/html/en/images/13/ |
27 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
call.png
rootcdn.pro/html/en/images/13/ |
90 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
odA9sNLrE86.jpg
rootcdn.pro/html/en/images/13/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
540562_430147157013818_32273000_n.jpg
rootcdn.pro/html/en/images/13/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c11.jpg
rootcdn.pro/html/en/images/13/ |
1008 B 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
26254_100854763287133_3441493_n.jpg
rootcdn.pro/html/en/images/13/ |
8 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c9.jpg
rootcdn.pro/html/en/images/13/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
13417709_10156999054495156_89965319140675792_n.jpg
rootcdn.pro/html/en/images/13/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sidebar.png
rootcdn.pro/html/en/images/13/ |
159 KB 159 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
pro.ip-api.com/json/ |
83 B 238 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery function| replaceValueWithSymbol function| ipLookUp object| dayNames object| monthNames object| now1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bit.ly/ | Name: _bit Value: m4q6wI-0cfafd216d37886b52-00G |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
cdnjs.cloudflare.com
pro.ip-api.com
rootcdn.pro
sherlock.scribblelive.com
zpcontents.biz
2606:4700::6811:190e
2a06:98c1:3120::a
34.226.235.47
34.88.95.148
51.77.64.70
67.199.248.10
08e45c4e07231dd63ceeacb0ab3c7bbb8d86d9228087e668f847ddaa6be6e256
1b07216e6a8af349bc5841c253dd7c0151bd677791734c394edbb2b531ad1658
2a24c2fa67a1b131e597c59792028b201ae850f8760364172471a001ad9504c4
2b40e638ff53a5dfaaf34917fd24db43bdfc7fa00cdac8a486820be9deed5438
2f9d37b7b46c8f723c86dbbc490e75c62d0f9e305aadddcc34fbd2ad9938b7f8
4a23ca4ccc821dc5aa84684ecf159d8247ecbd76c440a9441989c2ceb0bce2e9
4c8309fd3817b1d1372b1abcd36591f30d405e3e66105ca19073b0993e4eca57
565f50c114fc73f24d8d06ae10723550c13ceab3504ddba15a09a339fc4ec6da
666334f59bb3ae68643fe350a1c3594d61062362e867aa10844d63c1fef1c284
6a06887d5762ecda17c5a8728b90e8fb9e806777f90d0d6a8a9693ed84c57632
6c6e7f987fcc575099af7aec347fdec12b816550b2cd367ec51b7cd6633e68bc
6eaf5de671253229c0b99b3581bbe7332fa6f485f8287f2d6e1c72330b776054
759a75f78365ae447a91dc9a5349a6eefd25093184637f261269bff5b96434aa
86a4baf758d7e70355c2ca044f6bf5dd9b250bfe76a80158a9319a00dd4af0ae
8be68b007bdc73d3608ce3f350e75d509f53dc117b2b34ef95eabfd4b2ee9a93
973373859d28d6c3abc165ba2f901db2408c4f418064e73d04c998ad7ce504dc
97db498e73af80195c931d8044dbdf6d4d8aa47a134106c460adff05ef237b63
b4e57609c88f59eda8f2d8ec2d06c2a5ef1788a62d3c5b9cbc2dae43ff8ea54b
d468c313e5b553257278d1e98bc04e22fc94a6f36fdbae545bb5e3fdc951a3ab
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b
e56cb5829de44d6497f0a126e160ed90fff91daa66eca02511ddf8fd5de078b9
e620b573d7cb8701b0ed12b9dfca9dc2e7a646faa706d8a09bd3cc1e8c6ba25a
ec245e73a504f55c92bd7742caf23361fdb4991bc9618bb6a04a19aa2e9d2637
fcc1625bb0f9e9fce3ac4ebb6a452608c8070aad218e8cd0b861084694cbb4be
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e