eth.ceo Open in urlscan Pro
142.54.162.66 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://eth.ceo/
Effective URL:
https://eth.ceo/
Submission: On April 28 via manual (April 28th 2020, 12:01:08 pm UTC) from CA

Summary HTTP 21 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 21 HTTP transactions. The main IP is 142.54.162.66, located in Kansas City, United States and belongs to NOCIX, US. The main domain is eth.ceo.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 7th 2020. Valid for: a year.

This is the only time eth.ceo was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MyEtherWallet (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 20	142.54.162.66 142.54.162.66	33387 (NOCIX) (NOCIX)
1	23.111.175.138 23.111.175.138	29802 (HVC-AS) (HVC-AS)
21	3

20 142.54.162.66 (Kansas City, United States) 1 redirects

ASN33387 (NOCIX, US)

eth.ceo	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.175.138 (Tampa, United States)

ASN29802 (HVC-AS, US)

api.etherscan.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	eth.ceo 1 redirects eth.ceo	2 MB
1	etherscan.io api.etherscan.io	422 B
0	51.la Failed js.users.51.la Failed
21	3

	Domain	Requested by
20	eth.ceo	1 redirects eth.ceo
1	api.etherscan.io	eth.ceo
0	js.users.51.la Failed	eth.ceo
21	3

This site contains links to these domains. Also see Links.

Domain
myetherwallet.github.io
github.com
letsencrypt.org
etherscan.io
ethplorer.io

Subject Issuer	Validity	Valid
eth.ceo Sectigo RSA Domain Validation Secure Server CA	`2020-01-07` - `2021-04-06`	a year	crt.sh
api.etherscan.io COMODO RSA Domain Validation Secure Server CA	`2017-08-22` - `2020-08-21`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://eth.ceo/
Frame ID: BD885B0FF69BCB5A93D6E1D52DED0B10
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://eth.ceo/ HTTP 301
https://eth.ceo/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

21
Requests

95 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

2251 kB
Transfer

7911 kB
Size

3
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://myetherwallet.github.io/knowledge-base/networks/run-your-own-node-with-myetherwallet.html
Title: Instructions can be found here

Search URL Search Domain Scan URL

URL: https://github.com/kvhnuke/etherwallet/releases/latest
Title: download the MyEtherWallet repo & run it locally

Search URL Search Domain Scan URL

URL: https://letsencrypt.org/
Title: LetsEncrypt

Search URL Search Domain Scan URL

URL: https://myetherwallet.github.io/knowledge-base/getting-started/backing-up-your-new-wallet.html
Title: How do I save/backup my wallet?

Search URL Search Domain Scan URL

URL: https://myetherwallet.github.io/knowledge-base/getting-started/protecting-yourself-and-your-funds.html
Title: Preventing loss & theft of your funds.

Search URL Search Domain Scan URL

URL: https://myetherwallet.github.io/knowledge-base/private-keys-passwords/difference-beween-private-key-and-keystore-file.html
Title: What are these Different Formats?

Search URL Search Domain Scan URL

URL: https://myetherwallet.github.io/knowledge-base/offline/ethereum-cold-storage-with-myetherwallet.html
Title: Cold Storage

Search URL Search Domain Scan URL

URL: https://github.com/kvhnuke/etherwallet/issues
Title: Please open a github issue

Search URL Search Domain Scan URL

URL: https://etherscan.io/address/undefined
Title: ETH (https://etherscan.io)

Search URL Search Domain Scan URL

URL: https://ethplorer.io/address/
Title: Tokens (Ethplorer.io)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://eth.ceo/ HTTP 301
https://eth.ceo/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
eth.ceo/
Redirect Chain

http://eth.ceo/
https://eth.ceo/

223 KB
56 KB

597ms
154ms

Document
text/html

142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to

Full URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 8c49cc0b8bf0460f079d54a9010ee3212c5278bbc665e97747dc374ea4c4f18c

Request headers

Host: eth.ceo
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 08 Jan 2020 14:00:55 GMT
Accept-Ranges: bytes
ETag: "17e273b2cc6d51:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 28 Apr 2020 12:00:34 GMT
Content-Length: 56642

Redirect headers

Content-Type: text/html; charset=UTF-8
Location: https://eth.ceo/
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 28 Apr 2020 12:00:34 GMT
Content-Length: 139

GET
H/1.1 200
OK preloader.gif
eth.ceo/images/ 256 KB
257 KB 223ms
183ms Image
image/gif 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/preloader.gif
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 008943407a6aa15c7834f20ed2352e03f51ab22fbbac8b69a7dadf7adf599b46

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:34 GMT
Last-Modified: Wed, 05 Sep 2018 11:14:11 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "4cf35592945d41:0"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 262438

GET
H/1.1 200
OK logo-gm.png
eth.ceo/images/ 6 KB
7 KB 444ms
160ms Image
image/png 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-gm.png
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: c84a11e6669c4ca2148f35a777319a9b6f97e1e9602d6a9b1770e95813377b47

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Tue, 07 Jan 2020 07:14:36 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "4680431e2ac5d51:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6623

GET
H/1.1 200
OK icon-remove.svg
eth.ceo/images/ 484 B
734 B 426ms
142ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-remove.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 6cb52e49c11965693c0489cc5f5575176b05d4278ffa34bd0bbd86d34c27504b

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "f0bd3eef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 484

GET
H/1.1 200
OK icon-help.svg
eth.ceo/images/ 1 KB
1 KB 452ms
162ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-help.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 383d35008f3b28d2d66f3199d4b99072fde420f0efc44c81d6ac839b73e5b9d0

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "7bf53ef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1055

GET
H/1.1 200
OK logo-bity-white.svg
eth.ceo/images/ 2 KB
2 KB 454ms
163ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-bity-white.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: bc421e8eefb8b25090acfdc8764aed3e02ddea0b6fdebf78f8318b9a605ee7ec

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "3bbe61ef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1894

GET
H/1.1 200
OK logo-bity.svg
eth.ceo/images/ 2 KB
2 KB 568ms
142ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-bity.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 2a2242cf8fc2d4e44944d0c2eace1c735934e6aa7158d5cbf93f6ff58d6ca0e7

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "2dd070ef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1903

GET
H/1.1 200
OK icon-check-green.svg
eth.ceo/images/ 355 B
605 B 147ms
147ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-check-green.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 7bd26bb686b4292aa141c18f95d98b9563f45e9972bdf2acc3e4a4ed249e60ca

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "ad1e7fef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 355

GET
H/1.1 200
OK icon-x.svg
eth.ceo/images/ 538 B
787 B 147ms
146ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-x.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 8b89ce05c844aa929a595261f9be41f16c193e567f7125f5f5e6af1b6316bb32

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "5b78eef244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 538

GET
H/1.1 200
OK logo-ethereum-1.png
eth.ceo/images/ 4 KB
5 KB 147ms
146ms Image
image/png 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-ethereum-1.png
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 1623611fdd0d701ab8caec3e4be2617986b344538b5b16fd8631a6793c5fc3da

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:50 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "2258b5df244d41:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4521

GET
H/1.1 200
OK logo-ethereum-2.png
eth.ceo/images/ 2 KB
2 KB 143ms
143ms Image
image/png 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-ethereum-2.png
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: bb0759a296ae9e0096c7af7ed1e730f2bb12e5ff9ca94749e3f395220095307e

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:50 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "923cc6df244d41:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2256

GET
H/1.1 200
OK print-sidebar.png
eth.ceo/images/ 4 KB
5 KB 153ms
152ms Image
image/png 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/print-sidebar.png
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 6ab563f04beb06f96804ecc9389195c1a7c8b28f4d8758fff3e095e3c7198196

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:50 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "3ce9d5df244d41:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4426

GET
H/1.1 200
OK notes-bg.png
eth.ceo/images/ 110 B
356 B 146ms
146ms Image
image/png 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/notes-bg.png
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 99a8dc31626e3b8220c998ef37a2b32f993bb9f55bfd81bb1e56775fac5d86bc

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:50 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "c6e3e5df244d41:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 110

GET
H/1.1 200
OK eth.mom.min.js Show response
eth.ceo/js/ 7 MB
2 MB 376ms
200ms Script
application/x-javascript 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to

Full URL: https://eth.ceo/js/eth.mom.min.js
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e6ab8ce9f1364639836e22e86608534849104ad7f83be3695a659d17c7a4262c

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Content-Encoding: gzip
ETag: "fc22302ec5d51:0"
Last-Modified: Tue, 07 Jan 2020 07:42:23 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK eth.mom.min.css
eth.ceo/css/ 128 KB
32 KB 167ms
166ms Stylesheet
text/css 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to

Full URL: https://eth.ceo/css/eth.mom.min.css
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 8fb7e24f55f6bcf8b8080b5ac6f59afc5480b23f99a0d9c392e54f86e39abda7

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Sep 2018 11:38:36 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "619fd9fbc45d41:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 32873

GET 20517475.js
js.users.51.la/ 0
0

GET
DATA 200
OK truncated
/ 438 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3b2b7981bc2cec9ee6648f539c70fcfded538e106ef9b855c1602463739b51e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 638 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e35c9d44476a344c848ed751122492e26691c115124a48437fe233314a07511

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST
H2 200 api Show response
api.etherscan.io/ 59 B
422 B 431ms
145ms XHR
application/json 23.111.175.138
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.etherscan.io/api

Requested by

Host: eth.ceo
URL: https://eth.ceo/js/eth.mom.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.111.175.138 Tampa, United States, ASN29802 (HVC-AS, US),

Reverse DNS

Software

nginx /

Resource Hash

91485d1f06ad53f7b102a41dc4075e40427787a1abdf69189d6de98b469cf090

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 28 Apr 2020 12:00:48 GMT
content-encoding: gzip
vary: Accept-Encoding
server: nginx
status: 200
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private
access-control-allow-headers: Content-Type
content-length: 174

GET
H/1.1 200
OK icon-eye-closed.svg
eth.ceo/images/ 1 KB
2 KB 462ms
164ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-eye-closed.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/js/eth.mom.min.js
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 9f3a4acd65f0c3526b29451bd408bf6d494cc93e6f722b6346eb5270cca41754

Request headers

Referer: https://eth.ceo/css/eth.mom.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:40 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:57 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "de46ed11f244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1491

GET
H/1.1 200
OK icon-external-link.svg
eth.ceo/images/ 1 KB
2 KB 433ms
150ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/icon-external-link.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: f5d7d6d27a38ad0894bbe29647448910dbfb315b3d0ebf114516bb343c365108

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:40 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:57 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "debdc211f244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1486

GET
H/1.1 200
OK logo-ledger.svg
eth.ceo/images/ 3 KB
3 KB 442ms
159ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-ledger.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 9940d02c5f371032fdc9663e416c3cf3da512dc02c5a05f515b53d90ded09f9d

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:40 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:57 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "1c49d011f244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 3195

GET
H/1.1 200
OK logo-trezor.svg
eth.ceo/images/ 2 KB
2 KB 449ms
158ms Image
image/svg+xml 142.54.162.66
NOCIX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eth.ceo/images/logo-trezor.svg
Requested by: Host: eth.ceo
URL: https://eth.ceo/
Protocol: HTTP/1.1
Security: TLS 1.0, ECDHE_RSA, AES_256_CBC
Server: 142.54.162.66 Kansas City, United States, ASN33387 (NOCIX, US),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 36cc572f3b6a4963cf61e2504d4d8b3e2ce394cd57558656d37f39f0f6ad6cff

Request headers

Referer: https://eth.ceo/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 28 Apr 2020 12:00:40 GMT
Last-Modified: Wed, 05 Sep 2018 08:25:57 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "c1d1de11f244d41:0"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1882

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: js.users.51.la
URL: https://js.users.51.la/20517475.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MyEtherWallet (Crypto Exchange)

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
eth.ceo/	1970-01-25 20:31:23	Name: language Value: %7B%22key%22%3A%22en%22%2C%22value%22%3A%22English%22%7D
eth.ceo/	1970-01-25 20:31:23	Name: curNode Value: %7B%22key%22%3A%22eth_ethscan%22%7D
eth.ceo/	1970-01-25 20:31:23	Name: gasPrice Value: 41

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for View Wallet/ Address Only doesn't exist
console-api	warning	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: Translation for Keystore / JSON File doesn't exist
console-api	error	URL: https://eth.ceo/js/eth.mom.min.js(Line 51515) Message: BigNumber Error: new BigNumber() not a number: Invalid API Key Possibly unhandled rejection: {"name":"BigNumber Error"}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.etherscan.io
eth.ceo
js.users.51.la
js.users.51.la
142.54.162.66
23.111.175.138
008943407a6aa15c7834f20ed2352e03f51ab22fbbac8b69a7dadf7adf599b46
1623611fdd0d701ab8caec3e4be2617986b344538b5b16fd8631a6793c5fc3da
2a2242cf8fc2d4e44944d0c2eace1c735934e6aa7158d5cbf93f6ff58d6ca0e7
36cc572f3b6a4963cf61e2504d4d8b3e2ce394cd57558656d37f39f0f6ad6cff
383d35008f3b28d2d66f3199d4b99072fde420f0efc44c81d6ac839b73e5b9d0
5e35c9d44476a344c848ed751122492e26691c115124a48437fe233314a07511
6ab563f04beb06f96804ecc9389195c1a7c8b28f4d8758fff3e095e3c7198196
6cb52e49c11965693c0489cc5f5575176b05d4278ffa34bd0bbd86d34c27504b
7bd26bb686b4292aa141c18f95d98b9563f45e9972bdf2acc3e4a4ed249e60ca
8b89ce05c844aa929a595261f9be41f16c193e567f7125f5f5e6af1b6316bb32
8c49cc0b8bf0460f079d54a9010ee3212c5278bbc665e97747dc374ea4c4f18c
8fb7e24f55f6bcf8b8080b5ac6f59afc5480b23f99a0d9c392e54f86e39abda7
91485d1f06ad53f7b102a41dc4075e40427787a1abdf69189d6de98b469cf090
9940d02c5f371032fdc9663e416c3cf3da512dc02c5a05f515b53d90ded09f9d
99a8dc31626e3b8220c998ef37a2b32f993bb9f55bfd81bb1e56775fac5d86bc
9f3a4acd65f0c3526b29451bd408bf6d494cc93e6f722b6346eb5270cca41754
bb0759a296ae9e0096c7af7ed1e730f2bb12e5ff9ca94749e3f395220095307e
bc421e8eefb8b25090acfdc8764aed3e02ddea0b6fdebf78f8318b9a605ee7ec
c84a11e6669c4ca2148f35a777319a9b6f97e1e9602d6a9b1770e95813377b47
e6ab8ce9f1364639836e22e86608534849104ad7f83be3695a659d17c7a4262c
f3b2b7981bc2cec9ee6648f539c70fcfded538e106ef9b855c1602463739b51e
f5d7d6d27a38ad0894bbe29647448910dbfb315b3d0ebf114516bb343c365108

eth.ceo Open in urlscan Pro 142.54.162.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

95 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

2251 kBTransfer

7911 kBSize

3 Cookies

10 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

53 JavaScript Global Variables

3 Cookies

13 Console Messages

Indicators

eth.ceo Open in urlscan Pro
142.54.162.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

95 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

2251 kB
Transfer

7911 kB
Size

3
Cookies

21 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!