0/100

critical Risk

ethereum.system-tools-hub.com

https://ethereum.system-tools-hub.com/?

172.67.189.207 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

78 days

HTTP

200 · 15.8s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Screenshot of ethereum.system-tools-hub.com

Zoom

Title: "Ethereum"

Save

Domain Intelligence: system-tools-hub.com

Scanned 3 times since Mar 3, 2026, 06:28 AM UTC

✗ Critical (100)

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Ethereum

Vendors

26/27

Status

partial

✓ yandex✓ apwg✓ avast✓ bitdefender✓ sophos✓ microsoft✓ eset✓ norton✓ brightcloud✓ apple✓ cisa✓ spamhaus✓ netcraft✓ urlquery✓ urlscan✓ openphish✓ emsisoft✓ phishreport✓ virustotal✓ phishtank✓ fortiguard✓ urlabuse✓ avg✓ threatyeti✓ mcafee✓ google✗ kaspersky

Registered-domain escalation suggested

Suggested now

Submit system-tools-hub.com as the primary IOC, enriched with evidence from hostile subdomains like ethereum.system-tools-hub.com.

2 hostile subdomains across 3 completed scans were observed under this registered domain. Recent hosts: swyftx.system-tools-hub.com, ethereum.system-tools-hub.com.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Ethereum

Credential Phishing

finance | technology | ecommerce | cryptocurrency | blockchain · 4/5/2026

Summary

The page presents Ethereum branding on a domain that includes the Ethereum term but is hosted under ethereum.system-tools-hub.com. The page title and visible UI reference Ethereum, while the domain appears as a subdomain of system-tools-hub.com. The SPA-like HTML includes multiple external analytics scripts and an embedded SPA environment, suggesting credential capture or data harvesting through dynamically rendered forms. This indicates impersonation aiming to harvest credentials or user interactions under the Ethereum branding.

Attack Techniques (4)

Typosquatting/brand impersonation via domain containing 'ethereum' (ethereum.system-tools-hub.com) while using a generic hosting domainCloned SPA-like UI with Ethereum branding rendered dynamically via JavaScript bundlesLoading brand-related assets and analytics scripts from external domains to mimic legitimate service behavior0 static forms in HTML but credential capture logic likely executed by SPA JavaScript bundles

Indicators of Compromise (8)

▸DOMAIN: ethereum.system-tools-hub.com (brand in domain)

▸PAGE TITLE: Ethereum

▸NETWORK REQUESTS: assets/index-C2iUdbRz.js, analytics-bundle.js, posthog scripts, cloudflare beacon, external PostHog domain i.posthog.com

▸SCRIPT URLS: assets/index-C2iUdbRz.js, analytics-bundle.js, posthog-recorder.js

▸IMG/ASSETS: eth-banner-C4Bp9Ovy.webp and other Ethereum-themed visuals

▸SSL: Valid certificate issued to system-tools-hub.com with wildcard *.system-tools-hub.com (brand impersonation domain is new and under a shared certificate)

▸WHOIS: domain created in late 2025; 78 days old; Dynadot registrar; Cloudflare NS

▸SPA indicators: 0 static forms in HTML; 12 scripts loaded; forms likely rendered at runtime

Risk AssessmentUsed in abuse reports

High confidence phishing impersonation. The domain contains Ethereum branding and page title matches Ethereum, yet the site is hosted under ethereum.system-tools-hub.com, a non-official Ethereum domain. The page loads multiple analytics and PostHog scripts, and the HTML shows no static login forms, indicating a dynamically rendered credential capture flow typical of SPAs. The SSL certificate is valid but issued to system-tools-hub.com, not an official Ethereum domain, and the domain age is short (78 days). These factors collectively indicate an attempt to deceive users into submitting credentials or sensitive interactions under Ethereum branding. Scanner context notes direct user access bypassing cloaking, reinforcing the likelihood of credential collection via a clone SPA.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence