czhostreturn.com
Open in
urlscan Pro
198.54.115.80
Malicious Activity!
Public Scan
Effective URL: https://czhostreturn.com/
Submission: On September 30 via manual from ID — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 30th 2021. Valid for: a year.
This is the only time czhostreturn.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 20 | 198.54.115.80 198.54.115.80 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 151.101.16.193 151.101.16.193 | 54113 (FASTLY) (FASTLY) | |
2 | 162.159.153.4 162.159.153.4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 4 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server205-2.web-hosting.com
czhostreturn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
czhostreturn.com
1 redirects
czhostreturn.com |
767 KB |
2 |
medium.com
glyph.medium.com |
40 KB |
1 |
imgur.com
i.imgur.com |
5 KB |
22 | 3 |
Domain | Requested by | |
---|---|---|
20 | czhostreturn.com |
1 redirects
czhostreturn.com
|
2 | glyph.medium.com |
czhostreturn.com
|
1 | i.imgur.com |
czhostreturn.com
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
medium.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
czhostreturn.com Sectigo RSA Domain Validation Secure Server CA |
2021-09-30 - 2022-09-30 |
a year | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
medium.com Cloudflare Inc ECC CA-3 |
2021-09-01 - 2021-11-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://czhostreturn.com/
Frame ID: C7909AA33D39230EB53BE14184AE6106
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
G i v e a w a yPage URL History Show full URLs
-
http://czhostreturn.com/
HTTP 301
https://czhostreturn.com/ Page URL
Detected technologies
Medium (Blogs) ExpandDetected patterns
- medium\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Ivan on Tech
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://czhostreturn.com/
HTTP 301
https://czhostreturn.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
czhostreturn.com/ Redirect Chain
|
198 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
czhostreturn.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m2.css
czhostreturn.com/ |
64 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-branding-base.css
czhostreturn.com/ |
510 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jm7KAML.jpg
i.imgur.com/ |
4 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1UATD6Vui-5Xa4Vb2QAOtbg_002.png
czhostreturn.com/index_files/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DkYyJZY.png
czhostreturn.com/pics/ |
384 KB 385 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jm7KAML.jpg
czhostreturn.com/pics/ |
4 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1_tIWs8Qk_H0ANcEVDFGLsg.png
czhostreturn.com/pics/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1mdJWWVTfTd7LMbR1pZvZ0A.jpeg
czhostreturn.com/pics/ |
15 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
A6IoYeG.jpg
czhostreturn.com/pics/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Q17tvth.jpg
czhostreturn.com/pics/ |
26 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FunaGWr.jpg
czhostreturn.com/pics/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asaaas.png
czhostreturn.com/pics/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
euK1IXD.jpg
czhostreturn.com/pics/ |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CXamoqi.jpg
czhostreturn.com/pics/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xxxx.jpg
czhostreturn.com/pics/ |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ooMbvAu.jpg
czhostreturn.com/pics/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
G23hU1w.jpg
czhostreturn.com/pics/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GEwnzri.jpg
czhostreturn.com/pics/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ |
24 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ |
15 KB 16 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery object| cookieChoices0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
czhostreturn.com
glyph.medium.com
i.imgur.com
151.101.16.193
162.159.153.4
198.54.115.80
192deab6eb15e32c419703d2a68b4ca9bab75064ed8f4fccf8c47532f49f76ed
29e89f00341d65ffbab6fdfce78f7e42a1daf4bda2e3615ad9466e2ce47760ef
2d1196c31e454364bf96cc774bfd0da0e0fca248b334e2084d5f27fbc489d12d
31ce12605ac90c6218f74f3f8365f923d69269345b0cb46e32b4feb868143428
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
72db85387fd3f100e39c3d991f3579340ab74cc78490efc6e564b6053936b2e5
7bcbf7d9791a9c3e41fb24f12ce2d62dc14382253da80cd711768bd56c401010
8275daa1654ae2eed6c325ea31a0e9ea0754ac99c7aa1e160f58aefdfecff2d8
8c3c5f2623afaaa4ad6af8048c6e37fa1a4ead58a7a00c5d0b680f09b6850eab
99a9df080944a29084bf6f88ccc49b1f3a0cee1aed655c640ca433871a6af398
9a95edd9042d95e5133733747e2db47e462c3ec506fab9c4085f69dd3bf8485a
a214e8a9da8a7b9eeab2eaf27bd569cfdf5bf41fc7d3cbf09c93b20238ceaa87
be9a62a389ef14e5aa7c9c7ef9f7bec271ecce1f86aa8f0cdcc9a5e3acf7948e
d1de21730854ea4db035a81914cb0bd57aa74d715af6f89b46a2d002917ca1ed
d67c5a8ee643afd7d72a64565e4fe971cabc807d40c2d3e03f3716df6b2a2892
dee77ffcad983fc3e3999725db259c6b4a417b5c4c147417d725defc1acd82b0
e1dcf10c94027fc9946bc9aaa7eb98cdec4d81b9c0693e2ab2959746f1043075
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
eb990de9ff843be30c4fb0a4f6eab5653a7da4eb53ee9d3881fab2bd581e69c0
f9d10459c0e3e0b29ebdae9a54c33abc5b95071d43006fb6b17cbf7608036173
fa98238b98383829699b89aa8d4b2835dd6856dc85e3d7525ac22b0b12d07e69
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1