![](/screenshots/7502848b-37ca-4f4c-9747-e068e48dbf50.png)
cz-binance.com
Open in
urlscan Pro
104.27.186.36
Malicious Activity!
Public Scan
Effective URL: https://cz-binance.com/
Submission: On April 01 via manual from GB
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 1st 2018. Valid for: 6 months.
This is the only time cz-binance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Binance (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.27.187.36 104.27.187.36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 104.27.186.36 104.27.186.36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
8 | 52.222.171.72 52.222.171.72 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 172.217.23.168 172.217.23.168 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 52.222.171.66 52.222.171.66 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
3 | 172.217.23.174 172.217.23.174 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
17 | 5 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cz-binance.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cz-binance.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-171-72.fra54.r.cloudfront.net
resource.binance.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f8.1e100.net
www.googletagmanager.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-171-66.fra54.r.cloudfront.net
www.binance.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f174.1e100.net
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
binance.com
resource.binance.com www.binance.com |
315 KB |
4 |
cz-binance.com
1 redirects
cz-binance.com |
4 KB |
3 |
google-analytics.com
www.google-analytics.com |
15 KB |
2 |
googletagmanager.com
www.googletagmanager.com |
44 KB |
17 | 4 |
Domain | Requested by | |
---|---|---|
8 | resource.binance.com |
cz-binance.com
resource.binance.com |
4 | cz-binance.com |
1 redirects
cz-binance.com
|
3 | www.google-analytics.com |
www.googletagmanager.com
cz-binance.com |
2 | www.googletagmanager.com |
cz-binance.com
|
1 | www.binance.com |
cz-binance.com
|
17 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.binance.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni254663.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-04-01 - 2018-10-08 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cz-binance.com/
Frame ID: 60F73F601D6FB2EBE843270F5AB43899
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/7502848b-37ca-4f4c-9747-e068e48dbf50.png)
Page URL History Show full URLs
-
http://cz-binance.com/
HTTP 301
https://cz-binance.com/ Page URL
Detected technologies
Detected patterns
- env /^angular$/i
Detected patterns
- headers server /cloudflare/i
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- env /^google_tag_manager$/i
Detected patterns
- env /^jQuery$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: {{'Login' | T}}
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://cz-binance.com/
HTTP 301
https://cz-binance.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cz-binance.com/ Redirect Chain
|
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global.css
cz-binance.com/resources/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vn.js
cz-binance.com/resources/js/i18n/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
verifyLayout.min.js
resource.binance.com/resources/minjs/ |
247 KB 247 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
sensorsdata2.js
resource.binance.com/resources/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
js
www.googletagmanager.com/gtag/ |
63 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo-en.svg
www.binance.com/resources/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Validform_v5.3.2_min.js
resource.binance.com/resources/plus/Validform_v5.3.2/ |
29 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
style.css
resource.binance.com/resources/plus/Validform_v5.3.2/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
register.js
resource.binance.com/resources/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
gt.js
resource.binance.com/resources/js/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
js
www.googletagmanager.com/gtag/ |
63 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
layer.css
resource.binance.com/resources/minjs/skin/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
myLayer.css
resource.binance.com/resources/minjs/skin/myskin/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
35 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
www.google-analytics.com/r/ |
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
www.google-analytics.com/r/ |
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Binance (Crypto Exchange)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| initLang boolean| notChinese function| setCookie function| preView function| dataURLtoBlob function| imgToggleClass function| isMobile function| autoJump undefined| forntValue undefined| backValue undefined| handValue object| rFilter object| app function| $ function| jQuery object| layer object| angular function| sensorsSetup string| sensors_url string| sensors_web string| sensors_timeout undefined| cacheUrl undefined| cacheWebUrl undefined| cacheTimeout function| gtag object| dataLayer function| initGeetest function| translations object| google_tag_manager string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.cz-binance.com/ | Name: _gat_gtag_UA_109992029_1 Value: 1 |
|
.cz-binance.com/ | Name: _gat_gtag_UA_48327565_13 Value: 1 |
|
.cz-binance.com/ | Name: _gid Value: GA1.2.162812774.1522586995 |
|
.cz-binance.com/ | Name: _ga Value: GA1.2.142597854.1522586995 |
|
.cz-binance.com/ | Name: __cfduid Value: dc38dce9942edf171b8edcfd670565be01522586993 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cz-binance.com
resource.binance.com
www.binance.com
www.google-analytics.com
www.googletagmanager.com
104.27.186.36
104.27.187.36
172.217.23.168
172.217.23.174
52.222.171.66
52.222.171.72
0089ecf96bcc9db7b9651ad1fa5fe1a1b209fb61d2617bb27d40a35cd807d8b8
157c34b993ed24cf5ed88e022e2a26fb118831d3bfb1c0e573725851e7a9adc0
22e41b722a86a1be1a0b85b75805bc9d622f6dbffd9b4e96af4f6217db8cfea1
2ba9b1783f6ffcc0d6dcbedf6754963f896d615c5c88f2c96eb65e6ba63338c1
53513e352a3559410d4202a1f0a80a7ac2e5390a34ea4b60dbc4d4a9c31380c8
6a46d467dc92a660ddd2c08a662ed6954c5a81e4c0abe80fc9ca2477c4de0dd2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
915e4d4456b52c4e17bc86c99e5d5eacb26d17a71a4392a2e6b3044600cecd40
949804fe654b72319584ade4f60d2800c36290bce7c964867a3f8c6c81e65f6a
9bd7fd0945211587fdfb946a29dc7fe5fc4c252748eccb4ff8294d304ffd3ea5
b841851d4ee0505c21b145d7b2f44285d96945189d098399255c5b8c24bf2314
cb10b51b640be05fce82a322b875f3b766211722d2cd93ee231bb6154c929066
e9896379acad640fd64af1a23d4dd9858c4cec69d4826fa28c401dcbb63f9736
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7