eth.ceo
Open in
urlscan Pro
142.54.162.66
Malicious Activity!
Public Scan
Effective URL: https://eth.ceo/
Submission: On April 28 via manual from CA
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 7th 2020. Valid for: a year.
This is the only time eth.ceo was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MyEtherWallet (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 20 | 142.54.162.66 142.54.162.66 | 33387 (NOCIX) (NOCIX) | |
1 | 23.111.175.138 23.111.175.138 | 29802 (HVC-AS) (HVC-AS) | |
21 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
eth.ceo
1 redirects
eth.ceo |
2 MB |
1 |
etherscan.io
api.etherscan.io |
422 B |
0 |
51.la
Failed
js.users.51.la Failed |
|
21 | 3 |
Domain | Requested by | |
---|---|---|
20 | eth.ceo |
1 redirects
eth.ceo
|
1 | api.etherscan.io |
eth.ceo
|
0 | js.users.51.la Failed |
eth.ceo
|
21 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
myetherwallet.github.io |
github.com |
letsencrypt.org |
etherscan.io |
ethplorer.io |
Subject Issuer | Validity | Valid | |
---|---|---|---|
eth.ceo Sectigo RSA Domain Validation Secure Server CA |
2020-01-07 - 2021-04-06 |
a year | crt.sh |
api.etherscan.io COMODO RSA Domain Validation Secure Server CA |
2017-08-22 - 2020-08-21 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://eth.ceo/
Frame ID: BD885B0FF69BCB5A93D6E1D52DED0B10
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://eth.ceo/
HTTP 301
https://eth.ceo/ Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Instructions can be found here
Search URL Search Domain Scan URL
Title: download the MyEtherWallet repo & run it locally
Search URL Search Domain Scan URL
Title: LetsEncrypt
Search URL Search Domain Scan URL
Title: How do I save/backup my wallet?
Search URL Search Domain Scan URL
Title: Preventing loss & theft of your funds.
Search URL Search Domain Scan URL
Title: What are these Different Formats?
Search URL Search Domain Scan URL
Title: Cold Storage
Search URL Search Domain Scan URL
Title: Please open a github issue
Search URL Search Domain Scan URL
Title: ETH (https://etherscan.io)
Search URL Search Domain Scan URL
Title: Tokens (Ethplorer.io)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://eth.ceo/
HTTP 301
https://eth.ceo/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
eth.ceo/ Redirect Chain
|
223 KB 56 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preloader.gif
eth.ceo/images/ |
256 KB 257 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-gm.png
eth.ceo/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-remove.svg
eth.ceo/images/ |
484 B 734 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-help.svg
eth.ceo/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-bity-white.svg
eth.ceo/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-bity.svg
eth.ceo/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-check-green.svg
eth.ceo/images/ |
355 B 605 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-x.svg
eth.ceo/images/ |
538 B 787 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-ethereum-1.png
eth.ceo/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-ethereum-2.png
eth.ceo/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print-sidebar.png
eth.ceo/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notes-bg.png
eth.ceo/images/ |
110 B 356 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eth.mom.min.js
eth.ceo/js/ |
7 MB 2 MB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
eth.mom.min.css
eth.ceo/css/ |
128 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
20517475.js
js.users.51.la/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
438 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
638 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
api
api.etherscan.io/ |
59 B 422 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-eye-closed.svg
eth.ceo/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-external-link.svg
eth.ceo/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-ledger.svg
eth.ceo/images/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-trezor.svg
eth.ceo/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- js.users.51.la
- URL
- https://js.users.51.la/20517475.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MyEtherWallet (Crypto Exchange)53 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| __encode object| _0xb483 object| _0xa9cd function| QRCode function| $ function| jQuery string| _decode function| rst undefined| addcheck function| checkethapi function| checkaddress object| blockies function| Modal object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| angular object| xssFilters object| hd function| BigNumber function| marked object| ethUtil function| format object| browser function| Wallet function| Web3Wallet function| Token function| globalFuncs function| uiFuncs function| etherUnits function| ajaxReq function| nodes function| ethFuncs function| Validator function| bity function| ens function| domainsale object| u2f function| Ledger3 function| ledgerEth object| TrezorConnect function| DigitalBitboxUsb function| DigitalBitboxEth object| CustomGasMessages3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
eth.ceo/ | Name: language Value: %7B%22key%22%3A%22en%22%2C%22value%22%3A%22English%22%7D |
|
eth.ceo/ | Name: curNode Value: %7B%22key%22%3A%22eth_ethscan%22%7D |
|
eth.ceo/ | Name: gasPrice Value: 41 |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.etherscan.io
eth.ceo
js.users.51.la
js.users.51.la
142.54.162.66
23.111.175.138
008943407a6aa15c7834f20ed2352e03f51ab22fbbac8b69a7dadf7adf599b46
1623611fdd0d701ab8caec3e4be2617986b344538b5b16fd8631a6793c5fc3da
2a2242cf8fc2d4e44944d0c2eace1c735934e6aa7158d5cbf93f6ff58d6ca0e7
36cc572f3b6a4963cf61e2504d4d8b3e2ce394cd57558656d37f39f0f6ad6cff
383d35008f3b28d2d66f3199d4b99072fde420f0efc44c81d6ac839b73e5b9d0
5e35c9d44476a344c848ed751122492e26691c115124a48437fe233314a07511
6ab563f04beb06f96804ecc9389195c1a7c8b28f4d8758fff3e095e3c7198196
6cb52e49c11965693c0489cc5f5575176b05d4278ffa34bd0bbd86d34c27504b
7bd26bb686b4292aa141c18f95d98b9563f45e9972bdf2acc3e4a4ed249e60ca
8b89ce05c844aa929a595261f9be41f16c193e567f7125f5f5e6af1b6316bb32
8c49cc0b8bf0460f079d54a9010ee3212c5278bbc665e97747dc374ea4c4f18c
8fb7e24f55f6bcf8b8080b5ac6f59afc5480b23f99a0d9c392e54f86e39abda7
91485d1f06ad53f7b102a41dc4075e40427787a1abdf69189d6de98b469cf090
9940d02c5f371032fdc9663e416c3cf3da512dc02c5a05f515b53d90ded09f9d
99a8dc31626e3b8220c998ef37a2b32f993bb9f55bfd81bb1e56775fac5d86bc
9f3a4acd65f0c3526b29451bd408bf6d494cc93e6f722b6346eb5270cca41754
bb0759a296ae9e0096c7af7ed1e730f2bb12e5ff9ca94749e3f395220095307e
bc421e8eefb8b25090acfdc8764aed3e02ddea0b6fdebf78f8318b9a605ee7ec
c84a11e6669c4ca2148f35a777319a9b6f97e1e9602d6a9b1770e95813377b47
e6ab8ce9f1364639836e22e86608534849104ad7f83be3695a659d17c7a4262c
f3b2b7981bc2cec9ee6648f539c70fcfded538e106ef9b855c1602463739b51e
f5d7d6d27a38ad0894bbe29647448910dbfb315b3d0ebf114516bb343c365108