www.uniswap.claim-token.org
Open in
urlscan Pro
162.0.215.125
Malicious Activity!
Public Scan
Submission: On March 15 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 15th 2022. Valid for: a year.
This is the only time www.uniswap.claim-token.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 162.0.215.125 162.0.215.125 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4a9d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:600d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business105-2.web-hosting.com
www.uniswap.claim-token.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
claim-token.org
www.uniswap.claim-token.org |
140 KB |
1 |
uniswap.org
app.uniswap.org — Cisco Umbrella Rank: 319330 |
3 KB |
1 |
buying.com
bridge.buying.com |
55 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | www.uniswap.claim-token.org |
www.uniswap.claim-token.org
|
1 | app.uniswap.org |
www.uniswap.claim-token.org
|
1 | bridge.buying.com |
www.uniswap.claim-token.org
|
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
uniswap.claim-token.org Sectigo RSA Domain Validation Secure Server CA |
2022-03-15 - 2023-03-15 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-08-07 - 2022-08-06 |
a year | crt.sh |
app.uniswap.org Cloudflare Inc ECC CA-3 |
2021-05-04 - 2022-05-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.uniswap.claim-token.org/
Frame ID: AC97C9EC05D14DADF004442CD575B3EE
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.uniswap.claim-token.org/ |
34 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.uniswap.claim-token.org/css/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uniswap-logo.png
bridge.buying.com/assets/images/logo/ |
54 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
app.uniswap.org/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-logo-horizontal.svg
www.uniswap.claim-token.org/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask-fox.svg
www.uniswap.claim-token.org/images/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js
www.uniswap.claim-token.org/js/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metamask.web3.min.js
www.uniswap.claim-token.org/js/ |
242 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TF.woff
www.uniswap.claim-token.org/fonts/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored number| total number| maxMintNum function| getRandomInRange function| writeCookie function| readCookie number| supply number| interval function| foo function| $ function| jQuery function| Web3 function| save function| showModalWindow function| hideAllModalWindows function| upValue function| downValue2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.app.uniswap.org/ | Name: __cf_bm Value: Ho9llFfh.MBrBk05vE0xgWsOCePY2bturcLvS_LYqDQ-1647359969-0-AUS4YvVbFyMFKVJVNpnxjM3aZxVYljMDXuzWDXOQ+jRFyVsFxFd8NG/qUA2LGA07hFxd17GRjSivCMoE6yrcMKM= |
|
www.uniswap.claim-token.org/ | Name: minted Value: 115 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.uniswap.org
bridge.buying.com
www.uniswap.claim-token.org
162.0.215.125
2606:4700:20::ac43:4a9d
2606:4700::6811:600d
50b5e9fc66be298b843d41b7505b709ef6f484048b29d068730d435f0e21d8e5
52459064cdd2a0a43bda8a0f27565ad41ed87c897458da7ac94d7a54a894a258
556fb9c76238c082e496eb31d3f7a3248300aeb468c5a9859b69661a092cf2ab
5a1e84a589476959d369ebd49d985edc282f2e3798b610f4c48dad3528801287
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
a2779239ae69999a04e2e98ee5be8a282a21b41b7b4c6ce00c881ecc82fcaa50
b855851451c3eb7220bc7331d6cf7f19dad4580ebc35610211f028848ba7fc34
d8dcb8dd914ee9fa2e82df9c57b0d1a4883c5047cdf8ab613e9433480f56f7e3
e9174b0ca9cdda15b52cbfc7dd7ee51485790de39fc2b163a2dfaafc123b36ed