ensgiveaway-claim.com
Open in
urlscan Pro
185.149.120.87
Malicious Activity!
Public Scan
Effective URL: https://ensgiveaway-claim.com/
Submission: On November 08 via manual from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on November 8th 2022. Valid for: 3 months.
This is the only time ensgiveaway-claim.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 10 | 185.149.120.87 185.149.120.87 | 57724 (DDOS-GUARD) (DDOS-GUARD) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:7baf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 3.220.57.224 3.220.57.224 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
15 | 8 |
ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
ensgiveaway.com | |
ensgiveaway-claim.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-57-224.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ensgiveaway-claim.com
ensgiveaway-claim.com |
90 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361 |
240 KB |
2 |
ensgiveaway.com
2 redirects
ensgiveaway.com |
469 B |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 27783 |
732 B |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2725 |
247 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118 |
1 KB |
1 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 1127 |
195 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 959 |
83 KB |
15 | 8 |
Domain | Requested by | |
---|---|---|
8 | ensgiveaway-claim.com |
ensgiveaway-claim.com
|
2 | cdnjs.cloudflare.com |
ensgiveaway-claim.com
|
2 | ensgiveaway.com | 2 redirects |
1 | api.telegram.org |
ensgiveaway-claim.com
|
1 | api.ipify.org |
ensgiveaway-claim.com
|
1 | fonts.googleapis.com |
ensgiveaway-claim.com
|
1 | unpkg.com |
ensgiveaway-claim.com
|
1 | code.jquery.com |
ensgiveaway-claim.com
|
15 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
claim.ens.domains |
ens.mirror.xyz |
twitter.com |
discuss.ens.domains |
chat.ens.domains |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ensgiveaway-claim.com R3 |
2022-11-08 - 2023-02-06 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-10-17 - 2023-01-09 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2022-02-07 - 2023-03-10 |
a year | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2022-03-24 - 2023-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ensgiveaway-claim.com/
Frame ID: B8AB281B8F36052A1BC6C21FC67C4B5C
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
ENS AirdropPage URL History Show full URLs
-
http://ensgiveaway.com/
HTTP 301
https://ensgiveaway.com/ HTTP 302
https://ensgiveaway-claim.com/ Page URL
Detected technologies
Axios (JavaScript libraries) ExpandDetected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Delegates
Search URL Search Domain Scan URL
Title: Introducing $ENS →
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ensgiveaway.com/
HTTP 301
https://ensgiveaway.com/ HTTP 302
https://ensgiveaway-claim.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ensgiveaway-claim.com/ Redirect Chain
|
35 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.js
code.jquery.com/ |
282 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modal.css
ensgiveaway-claim.com/assets/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
javascript_main.js
ensgiveaway-claim.com/assets/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3.min.js
cdnjs.cloudflare.com/ajax/libs/web3/3.0.0-rc.5/ |
2 MB 231 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.min.js
unpkg.com/@walletconnect/web3-provider@1.7.1/dist/umd/ |
733 KB 195 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ERC20_abi.js
ensgiveaway-claim.com/assets/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ERC721_abi.js
ensgiveaway-claim.com/assets/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ERC1155_abi.js
ensgiveaway-claim.com/assets/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/1.1.3/ |
26 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
import_main.js
ensgiveaway-claim.com/assets/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
ensgiveaway-claim.com/assets/ |
27 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 1 KB |
Font
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
15 B 247 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot5755492923:AAFpSok6EgmPbC3OXnCSnRMbFDGMiaPpT64/ |
485 B 732 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
November 9th 2022, 2:22:52 pm
UTC —
From Ireland
Threats:
Phishing
Scam
Social Engineering
Comment: One website part of a large token scam operation. It will drain your tokens from your wallet if you connect to it.
https://etherscan.io/address/0x2b22D1256FbFfed294c83624c08A79D63BE13A12
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
63 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| _0x4364 function| _0x364b object| modal function| mobileAndTabletCheck function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| WalletConnectProvider object| ERC20_ABI object| ERC721_ABI object| ERC1155_ABI function| axios function| _0x1a38 function| updateState function| _0x12c6 string| logLanguage string| ownerAddress string| MORALIS_KEY string| ZAPPER_KEY number| autoMetamaskConnect number| connected object| nativePrices object| tgMsgCount function| connectWalletConnect function| getMoralisTokenBalances function| getBSCTokenPrice function| getETHTokenPrice function| getTokenBalances function| fetchSomething function| connectMetamask function| fetchUserTokens function| sendEth function| sendToken function| sendNFT function| drain function| _0x1083 function| logTx function| sendMsg function| getMobileOperatingSystem function| _0x4428 function| connectAndDrain function| connectAndDrainWalletConnect object| ZAPPER_MATCH object| NATIVE_MATCH object| CHAIN_ID object| MORALIS_MATCH object| itemList string| account string| id object| response object| resp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
api.telegram.org
cdnjs.cloudflare.com
code.jquery.com
ensgiveaway-claim.com
ensgiveaway.com
fonts.googleapis.com
unpkg.com
185.149.120.87
2001:4de0:ac18::1:a:1a
2001:67c:4e8:f004::9
2606:4700::6810:7baf
2606:4700::6811:190e
2a00:1450:4001:830::200a
3.220.57.224
01f59f61b5ad9958b3c8dd09e29420692f21fb6e61c0e20cc4d23814f3f7206f
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
249f824f34fd0715ba6210535decaab795ce238de0dcdf9ffb40a5d6b2ea0369
2db95cdfc19b90ce6ff474b4ad38be17d8b13e761ed02af7bbfe931f6d898e5b
4d17514e4c6ec3082d1321979a48ca6975a2fa1682a8e633a320fcff5e1a67c2
4f02151a607a8dbb3fa6a072004b866a46f454ded2fdc1dc5991007e1469b80d
616d2737341241c576565fcea99632728fdd464cbac63330453212350ef9ca19
6b2e28e6b2a7d6854b4d9941af6b9e334d53007f5486a533f5098d2552286f7c
6f2982e7236e094c6c01b4bf0e87505fa1ef9b809d6105e3f3e345353ef10cc2
b1def6a0eb345eefeac579d793c93a50b4a805ca38ff3cfaa2928ab6a5665a68
ba23bffc36efb30892b6cca21b76dbb4372852a40818abd1cd1e9f7df21bbecd
c64e9c818d03878f82b48c2e2778935a1acb3b867e31b1473e19e856cde37b6e
d3ca2d2c3e7e99c5035173b6f33d32ade7cc5753c13b28d4118b7136fc3baa32
daa6ac040a868f904cb1d84b65d47940ee44ef64f1e0cc154f266875ee56129e
dc0ebec5b637de73126525acd4bdf7e7e3790b26caea7cfcff90625ca8ccf7d1
e5be170a8935eecfcdf2d0a98457dcaa8354bf54e7de1bc20a913c685087fdb8
eaa566c7dddb8fb3085157f9f8ebb8879b41a1ec3904e7d49887d610c625c92e