claimluigi.pages.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://claimluigi.pages.dev/
Submission: On December 11 via manual (December 11th 2024, 11:02:11 am UTC) from JP — Scanned from NL

Summary HTTP 17 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 17 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is claimluigi.pages.dev.
TLS certificate: Issued by WE1 on December 10th 2024. Valid for: 3 months.

This is the only time claimluigi.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 11	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.23.106 172.217.23.106	15169 (GOOGLE) (GOOGLE)
2	104.18.40.143 104.18.40.143	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.18.237.103 2.18.237.103	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.26.8.22 104.26.8.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.199.109.133 185.199.109.133	54113 (FASTLY) (FASTLY)
1	172.64.151.44 172.64.151.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	7

11 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

claimluigi.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.106 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.40.143 (None, )

ASN13335 (CLOUDFLARENET, US)

www.dextools.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.237.103 (Dublin, Ireland)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-237-103.deploy.static.akamaitechnologies.com

store-images.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.8.22 (None, )

ASN13335 (CLOUDFLARENET, US)

image.winudf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.109.133 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-133.github.com

avatars.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

www.exodus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	pages.dev 1 redirects claimluigi.pages.dev	15 KB
2	dextools.io www.dextools.io — Cisco Umbrella Rank: 113983	4 KB
1	exodus.com www.exodus.com — Cisco Umbrella Rank: 52214	1 KB
1	githubusercontent.com avatars.githubusercontent.com — Cisco Umbrella Rank: 9242	8 KB
1	winudf.com image.winudf.com — Cisco Umbrella Rank: 61988	7 KB
1	s-microsoft.com store-images.s-microsoft.com — Cisco Umbrella Rank: 2039	33 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
17	7

	Domain	Requested by
11	claimluigi.pages.dev	1 redirects claimluigi.pages.dev
2	www.dextools.io	claimluigi.pages.dev
1	www.exodus.com	claimluigi.pages.dev
1	avatars.githubusercontent.com	claimluigi.pages.dev
1	image.winudf.com	claimluigi.pages.dev
1	store-images.s-microsoft.com	claimluigi.pages.dev
1	fonts.googleapis.com	claimluigi.pages.dev
17	7

This site contains links to these domains. Also see Links.

Domain
t.me
raydium.io
www.dextools.io
x.com
dexscreener.com

Subject Issuer	Validity	Valid
claimluigi.pages.dev WE1	`2024-12-10` - `2025-03-10`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
dextools.io WE1	`2024-10-27` - `2025-01-25`	3 months	crt.sh
store-images.microsoft.com Microsoft Azure ECC TLS Issuing CA 03	`2024-05-15` - `2025-05-10`	a year	crt.sh
winudf.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.github.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-15` - `2025-03-14`	a year	crt.sh
exodus.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://claimluigi.pages.dev/
Frame ID: 8A77722040B077EEDD7E4083DFFA21DB
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

$LUIGI Community Rewards.

Page URL History Show full URLs

https://claimluigi.pages.dev/ Page URL
https://claimluigi.pages.dev/cdn-cgi/phish-bypass?atok=5cntX4EwRb.j_uoauuuWTifwMfc7VPYe6uDt8UGy40s-173391... HTTP 301
https://claimluigi.pages.dev/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

70 kB
Transfer

110 kB
Size

4
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://t.me/+81PteidOw0U1YTZk
Title: COMMUNITY

Search URL Search Domain Scan URL

URL: https://raydium.io/swap/?inputMint=5XyKkFaJpAmsH4Tf2EFj3S61W3hC5cJhxNZQQ5h1pump&outputMint=sol
Title: BUY NOW

Search URL Search Domain Scan URL

URL: https://www.dextools.io/app/en/token/luigiofficial?t=1733841331359
Title: VIEW CHART

Search URL Search Domain Scan URL

URL: https://t.me/JusticePeanutFred
Title: TELEGRAM

Search URL Search Domain Scan URL

URL: https://x.com/justicepnutfred
Title: X/TWITTER

Search URL Search Domain Scan URL

URL: https://x.com/LuigiCoinCTO
Title: X/Twitter

Search URL Search Domain Scan URL

URL: https://dexscreener.com/solana/awcxgpmbgvhyzgwe4refstfodghhrha12fhyjqbvqeul
Title: DEXSCREENER

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://claimluigi.pages.dev/ Page URL
https://claimluigi.pages.dev/cdn-cgi/phish-bypass?atok=5cntX4EwRb.j_uoauuuWTifwMfc7VPYe6uDt8UGy40s-1733914921-0.0.1.1-%2F HTTP 301
https://claimluigi.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 403 / Show response
claimluigi.pages.dev/ 4 KB
2 KB 64ms
23ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8f2f5f5865c0ff224184f1d1bdc6040ca76a685d628a4fdf3b4e0e7d77209ff

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray: 8f04fae5ecae0b87-AMS
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 11 Dec 2024 11:02:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eh9VY4qIgbC8nPeyMguZcbZdWHNDcxGwmBvalqVk3FDkh6eIKvukoOijlWovt7SHlHshglt8lYBxaGM4Osq8AEAchTwI9URNwFyrnkB6HHHIIU%2F1058aeNGhMzZmZzX0BN1ek4HjCw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
claimluigi.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 20ms
20ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6751d1ac-5df3"
x-content-type-options: nosniff
cf-ray: 8f04fae60cdb0b87-AMS
expires: Wed, 11 Dec 2024 13:02:01 GMT
date: Wed, 11 Dec 2024 11:02:01 GMT
content-type: text/css
last-modified: Thu, 05 Dec 2024 16:15:40 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
claimluigi.pages.dev/cdn-cgi/images/ 452 B
634 B 20ms
20ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://claimluigi.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6751d1ac-1c4"
x-content-type-options: nosniff
cf-ray: 8f04fae63d060b87-AMS
expires: Wed, 11 Dec 2024 13:02:01 GMT
accept-ranges: bytes
content-length: 452
date: Wed, 11 Dec 2024 11:02:01 GMT
content-type: image/png
last-modified: Thu, 05 Dec 2024 16:15:40 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 403 favicon.ico
claimluigi.pages.dev/ 4 KB
2 KB 25ms
25ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b23d5b40e3cf96d6fb66ff00d3cfee469b3e2452057358c81e2e456eb8fbcde

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPROcBnqKG4Q8Q5Ue4j0hQfTz7EgufIhCIRqmu%2FmcHXpGuf%2FFvn7DZ0vHJH6v4lBcqjHYzGnK%2BRFp8tdP6%2BlpZcAZkGrW436OQ9wx8ZNQsnLn4cAHS6rc9S8BhOVeMO8Z%2FOLlatWiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fae65d3c0b87-AMS
date: Wed, 11 Dec 2024 11:02:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

Primary Request / Show response
claimluigi.pages.dev/
Redirect Chain

https://claimluigi.pages.dev/cdn-cgi/phish-bypass?atok=5cntX4EwRb.j_uoauuuWTifwMfc7VPYe6uDt8UGy40s-1733914921-0.0.1.1-%2F
https://claimluigi.pages.dev/

18 KB
6 KB

56ms
55ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ffe5cdb02ae9460d27943ce3e05b38ecfba75dcceabe68831f525a1581610b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://claimluigi.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8f04fb05ac2b0b87-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 11 Dec 2024 11:02:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZS6Hz34Q3d5cX5rs%2FUrIzSpvsK7QAxwdclEY8cPsWuBUSRIW4kVE27zLjfLHMTtL1KFw7%2Ba1TPTArOGnlnDjjnqRog0D97dYalnWijCxFVGrKABZcRj9xST2yfsUB7%2Byz2LjM5q2LQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=17522&min_rtt=15877&rtt_var=2170&sent=27&recv=19&lost=0&retrans=0&sent_bytes=14703&recv_bytes=6671&delivery_rate=23679&cwnd=12000&unsent_bytes=0&cid=57730ef31102fb29&ts=5144&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8f04fb058c020b87-AMS
content-length: 167
content-type: text/html
date: Wed, 11 Dec 2024 11:02:06 GMT
location: https://claimluigi.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
1 KB 112ms
41ms Stylesheet
text/css 172.217.23.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito:wght@400;700&display=swap

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f10.1e100.net

Software

ESF /

Resource Hash

f6a1fed156cbc44311c7dc279ccc330aefab88a605de28ecf165fed5a794e805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 11:02:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Wed, 11 Dec 2024 09:18:37 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 403 global.css
claimluigi.pages.dev/css/ 0
0 23ms
22ms Stylesheet
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/css/global.css

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdDwSWMvGzapJ2XD8Vz3Z5nbTCt3JkHu8cUald9A41r8aKZ2%2Fpx60kjOUMlXRCuWzM9QrWrfUOkHvwf6wQEZSECe7R2V3ciBJh5EG7IagxVCCM0x1NOoy17AyY0cQXBDz9fbZlMIpA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fb060c890b87-AMS
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 403 style.css
claimluigi.pages.dev/css/ 0
0 30ms
30ms Stylesheet
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/css/style.css

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7irDa4w9SQpeprdtY4Lm%2BpZQSiXStL2MKYlrATTut7%2B6D%2FHFEGDzihOECyzEbNeElMNBGJOXNPBWh5fajcmE78GipOj7bYeSZw8yyQo62PT7FuMfO41RGnWlUj1OLU8i9X99stZfdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fb060c8c0b87-AMS
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 403 responsive.css
claimluigi.pages.dev/css/ 0
0 23ms
22ms Stylesheet
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/css/responsive.css

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://claimluigi.pages.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05CBzTBQ93jwn6loJNZhzLMjtFtKaRbnruzX1dkdnIxS4YfM%2BNVhzlDl4BQTznr4dJvmuLMws7%2B73L2AqrCwnYHVRuDjcNlKzBVp3tqWOd9gV8TB3NHGnZyo92JMzIZt2MKrdevSAw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fb060c8d0b87-AMS
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 200 5XyKkFaJpAmsH4Tf2EFj3S61W3hC5cJhxNZQQ5h1pump.jpg
www.dextools.io/resources/tokens/logos/solana/ 3 KB
4 KB 109ms
75ms Image
image/jpeg 104.18.40.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dextools.io/resources/tokens/logos/solana/5XyKkFaJpAmsH4Tf2EFj3S61W3hC5cJhxNZQQ5h1pump.jpg?1733824204034
Requested by: Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.40.143 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 510235a2bcdc6b7628fee448efb75d7263b53c9b083a48ecde77bac5fec6175b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-bgj: imgq:100,h2pri
etag: "675886fb-e61"
age: 42965
cf-cache-status: HIT
expires: Wed, 11 Dec 2024 23:02:07 GMT
cf-polished: origSize=3681
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: image/jpeg
last-modified: Tue, 10 Dec 2024 18:22:51 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=43200
cf-ray: 8f04fb064814f5c7-AMS
accept-ranges: bytes
content-length: 3242
server: cloudflare

GET
H/1.1 200
OK apps.42831.782f1ae5-d3e1-44a8-89a5-b81f4d64daba.a17bea0c-8b72-4e6b-b160-63e2ec2dd58e.dd9bf24d-35a5-410b-b512-bef379ed0589
store-images.s-microsoft.com/image/ 33 KB
33 KB 201ms
72ms Image
image/png 2.18.237.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store-images.s-microsoft.com/image/apps.42831.782f1ae5-d3e1-44a8-89a5-b81f4d64daba.a17bea0c-8b72-4e6b-b160-63e2ec2dd58e.dd9bf24d-35a5-410b-b512-bef379ed0589
Requested by: Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.237.103 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-237-103.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4fa7d2f462d5cd29a7206959ec4768132349da3b303551995820cabb0e4a0fbd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Cache-Control: public, max-age=7776000, s-maxage=7776000
Access-Control-Expose-Headers: MS-CV
ETag: W/"gEDUIDB4OERDREM1NTY3MzdDOTI1"
MS-CV: 9eBqSEdegE6U6e5p.0
Connection: keep-alive
Accept-Ranges: none
Access-Control-Allow-Origin: *
Content-Length: 33719
Date: Wed, 11 Dec 2024 11:02:07 GMT
Content-Type: image/png
Last-Modified: Tue, 24 Sep 2024 04:57:34 GMT

GET
H2 200 icon.png
image.winudf.com/v2/image1/Y29tLnBoYW50b21mbGFyZS5zb2xfaWNvbl8xNjM2NzE1MTExXzAxNA/ 7 KB
7 KB 104ms
35ms Image
image/webp 104.26.8.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image.winudf.com/v2/image1/Y29tLnBoYW50b21mbGFyZS5zb2xfaWNvbl8xNjM2NzE1MTExXzAxNA/icon.png?w=184&fakeurl=1

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.8.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9200b26d90f19f0198adc6cb8560d8fbdf5e7d91973ee7a2ed84a4fe0c482239

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-bgj: imgq:100,h2pri
etag: 285f5416
age: 14275
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwth1gElP%2B3%2BhjGDXPdP8WjwMW8Rgddu7T7%2BlxLHqI2CpKD254dbON21%2BaRB6yVrpoFw%2BaT2T28h3WcoXZ5P36%2BXnknWxrTZeAurv8pbs%2Biep3Xs0A%2Fmmrabm0SN5Rh%2BTPM%3D"}],"group":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=11767
x-cache: MISS
server-timing: cfL4;desc="?proto=TCP&rtt=4669&min_rtt=3512&rtt_var=2708&sent=6&recv=10&lost=0&retrans=0&sent_bytes=4012&recv_bytes=2299&delivery_rate=1219882&cwnd=254&unsent_bytes=0&cid=75db65fd3b206808&ts=58&x=0"
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: image/webp
content-disposition: inline; filename="icon.webp"
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
cf-ray: 8f04fb068a8206cc-AMS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6860
server: cloudflare

GET
H2 200 32179889
avatars.githubusercontent.com/u/ 7 KB
8 KB 69ms
22ms Image
image/png 185.199.109.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars.githubusercontent.com/u/32179889?s=200&v=4

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.109.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-133.github.com

Software

Resource Hash

04fc461be01646e33ba00d45a04957a8a6668f4adb7f74b564ffd6f389c48b1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-fastly-request-id: ad907f21202595dc46ec0132a1842ffc23aa0a67
etag: "8c1fe6cf6168c74244db88c6d9811a6800f4f1293ea1a304a1baa2908b937ca7"
x-content-type-options: nosniff
x-github-request-id: 4B18:33E9AC:20B047:21DB7D:675845DD
expires: Wed, 11 Dec 2024 11:07:07 GMT
x-cache: HIT
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: image/png
last-modified: Wed, 18 Oct 2023 08:48:01 GMT
x-served-by: cache-ams21081-AMS
x-cache-hits: 0
x-frame-options: deny
strict-transport-security: max-age=31557600
vary: Authorization,Accept-Encoding
content-security-policy: default-src 'none'
cache-control: max-age=300
timing-allow-origin: https://github.com
x-timer: S1733914927.103625,VS0,VE1
source-age: 76625
cross-origin-resource-policy: cross-origin
x-github-tenant
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7364
x-xss-protection: 1; mode=block

GET
H2 200 logo.svg
www.exodus.com/brand/img/ 2 KB
1 KB 176ms
123ms Image
image/svg+xml 172.64.151.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.exodus.com/brand/img/logo.svg

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3aacd4a1ab60e14b1d638f144960a808a31bd8aae073d531bc7305639b30cd0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 70662
x-content-type-options: nosniff
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: image/svg+xml
vary: Accept-Encoding
feature-policy: geolocation 'none'; camera 'none'; microphone 'none'; usb 'none'; payment 'none'
last-modified: Tue, 10 Dec 2024 15:24:25 GMT
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: frame-ancestors 'self'
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f04fb06792b1c88-AMS
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 403 wallet.js
claimluigi.pages.dev/ 0
0 23ms
23ms Script
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/wallet.js

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnED2Yu5oQm0MncMkgIGDflJuW1OjRrOMtddczEHeunoQOdz3wl3lzdiLDk3dsmsyertnzvXZ4Ntft5AH%2Buv4I17tDjcO2Sx%2Fx7edkXQdk6TtB5qfSrHA91WmVlOJbnah%2Brdvg%2FHEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fb06cd5d0b87-AMS
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 403 anti-scraper.js
claimluigi.pages.dev/ 0
0 24ms
24ms Script
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://claimluigi.pages.dev/anti-scraper.js

Requested by

Host: claimluigi.pages.dev
URL: https://claimluigi.pages.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3rNW7AThzMBGp7uGLZv%2B3gJu%2FQv2EEFzUu2QBl4XDzRqv2w9pATaE7A16hiBjhitt9wTFLJfr8ArWZyxOzOP%2F6zH8rdLgYLb5EEBwOFYrtgUGyWjn7Xp7tO3LjK4K3u08uxNj%2B8ceg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f04fb06fd870b87-AMS
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3 200 5XyKkFaJpAmsH4Tf2EFj3S61W3hC5cJhxNZQQ5h1pump.jpg
www.dextools.io/resources/tokens/logos/solana/ 3 KB
0 0ms
0ms Other
image/jpeg 104.18.40.143
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dextools.io/resources/tokens/logos/solana/5XyKkFaJpAmsH4Tf2EFj3S61W3hC5cJhxNZQQ5h1pump.jpg?1733824204034
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.40.143 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 510235a2bcdc6b7628fee448efb75d7263b53c9b083a48ecde77bac5fec6175b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-bgj: imgq:100,h2pri
etag: "675886fb-e61"
age: 42965
cf-cache-status: HIT
expires: Wed, 11 Dec 2024 23:02:07 GMT
cf-polished: origSize=3681
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Wed, 11 Dec 2024 11:02:07 GMT
content-type: image/jpeg
last-modified: Tue, 10 Dec 2024 18:22:51 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=43200
cf-ray: 8f04fb064814f5c7-AMS
accept-ranges: bytes
content-length: 3242
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| startTimer

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.claimluigi.pages.dev/	1970-01-21 01:40:01	Name: __cf_mw_byp Value: 5cntX4EwRb.j_uoauuuWTifwMfc7VPYe6uDt8UGy40s-1733914921-0.0.1.1-/
.dextools.io/	1970-01-21 01:38:36	Name: __cf_bm Value: DH_o2QKhttK7K15F8pYTCvVaMcTZ8FNAvOqV4RDwx0w-1733914927-1.0.1.1-vVAfoDpdTMyvg31E.WXQ46m9qhYkIsZb62dWLHSgeHLr5vArLfNhHrVvafuU4sxgf_CcIEfk3QqoMIA_.oOQlg
.exodus.com/	1969-12-31 23:59:59	Name: __cfruid Value: b3cb8c2563282ea3ab7c800bd08e38f39c758cf7-1733914927
.exodus.com/	1969-12-31 23:59:59	Name: _cfuvid Value: fXQk55yshg2QG8EqdEeMAaHLyHshyYRD2X5EKlvJyoI-1733914927212-0.0.1.1-604800000

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://claimluigi.pages.dev/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/css/global.css Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/css/responsive.css Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/css/style.css Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/wallet.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://claimluigi.pages.dev/anti-scraper.js Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

avatars.githubusercontent.com
claimluigi.pages.dev
fonts.googleapis.com
image.winudf.com
store-images.s-microsoft.com
www.dextools.io
www.exodus.com
104.18.40.143
104.26.8.22
172.217.23.106
172.64.151.44
185.199.109.133
188.114.97.3
2.18.237.103
04fc461be01646e33ba00d45a04957a8a6668f4adb7f74b564ffd6f389c48b1a
4fa7d2f462d5cd29a7206959ec4768132349da3b303551995820cabb0e4a0fbd
510235a2bcdc6b7628fee448efb75d7263b53c9b083a48ecde77bac5fec6175b
6b23d5b40e3cf96d6fb66ff00d3cfee469b3e2452057358c81e2e456eb8fbcde
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9200b26d90f19f0198adc6cb8560d8fbdf5e7d91973ee7a2ed84a4fe0c482239
9ffe5cdb02ae9460d27943ce3e05b38ecfba75dcceabe68831f525a1581610b4
e8f2f5f5865c0ff224184f1d1bdc6040ca76a685d628a4fdf3b4e0e7d77209ff
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f3aacd4a1ab60e14b1d638f144960a808a31bd8aae073d531bc7305639b30cd0
f6a1fed156cbc44311c7dc279ccc330aefab88a605de28ecf165fed5a794e805

claimluigi.pages.dev Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

7 IPs

4 Countries

70 kBTransfer

110 kBSize

4 Cookies

7 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

4 Cookies

7 Console Messages

Security Headers

Indicators

claimluigi.pages.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

70 kB
Transfer

110 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!