Report Overview
Visitedpublic
2026-02-14 01:27:22
Tags
Submit Tags
URL
eligible-ethgas.com/
Finishing URL
eligible-ethgas.com/
IP / ASN
104.21.13.61
Title
Espresso Claim Portal
Detections
urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
cdn.jsdelivr.net | 1678 | 2012-05-16 | 2012-09-30 | 2026-02-08 | 483 B | 164 kB |  151.101.65.229 | |
claim.espresso.foundation | unknown | 2022-02-16 | 2025-12-31 | 2026-02-11 | 22 kB | 6.5 MB | 3.18.26.223 |   |
eligible-ethgas.com 9 alert(s) on this Host | unknown | 2026-01-20 | 2026-02-12 | 2026-02-12 | 3.0 kB | 3.6 MB | 172.67.198.146 |  |
us.i.posthog.com | 42193 | 2020-01-23 | 2024-02-22 | 2026-02-11 | 1.7 kB | 2.1 kB | 34.199.45.253 |  |
assets.unicorn.studio | 3759026 | 2020-08-17 | 2024-10-30 | 2026-02-06 | 525 B | 77 kB | 34.120.54.136 |    |
us-assets.i.posthog.com | 57965 | 2020-01-23 | 2024-02-22 | 2026-02-11 | 2.0 kB | 114 kB | 172.66.166.164 | |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-02-08 | 542 B | 74 kB | 216.58.207.227 | |
www.googletagmanager.com | 283 | 2011-11-11 | 2012-10-04 | 2026-02-08 | 446 B | 451 kB | 142.251.38.104 | |
magna-public-assets-prod.s3.amazonaws.com | unknown | 2005-08-18 | 2025-12-28 | 2026-02-11 | 492 B | 11 kB | 52.217.140.9 |   |
api.ipify.org | 8166 | 2014-01-05 | 2014-10-06 | 2026-02-09 | 451 B | 271 B | 104.26.13.205 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-02-08 | 2.0 kB | 15 kB | 172.217.20.170 | |
magna-public-assets-prod.s3.us-east-1.amazonaws.com | unknown | 2005-08-18 | 2025-12-31 | 2026-02-12 | 534 B | 57 kB | 16.182.41.98 | |
fumbling-pill.click | unknown | 2026-01-16 | 2026-02-12 | 2026-02-12 | 453 B | 621 B | 188.114.96.1 | |
public-bsc.nownodes.io 2 alert(s) on this Host | unknown | 2019-05-20 | 2025-10-14 | 2026-02-12 | 1.0 kB | 1.7 kB | 172.66.145.77 | |
rpc.walletconnect.org | 891779 | 2018-03-26 | 2023-02-11 | 2026-02-13 | 540 B | 1.7 kB |  3.120.6.92 |
Nginx:1.29.5 (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Vercel (PaaS)
Vercel is a cloud platform for static frontends and serverless functions.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Envoy (Reverse proxies)
Envoy is an open-source edge and service proxy, designed for cloud-native applications.Google Cloud CDN (CDN)
Cloud CDN uses Google's global edge network to serve content closer to users.Google Cloud (IaaS)
Google Cloud is a suite of cloud computing services.Google Cloud Storage (Miscellaneous)
Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 104.26.13.205 | ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| Nextron YARA rules | eligible-ethgas.com/assets/secure.php?req=ping | malware | PHP webshell obfuscated by encoding of mixed hex and dec |
| Nextron YARA rules | eligible-ethgas.com/assets/secure.php?req=ping | malware | Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions. |
| Hagezi Threat Feed | eligible-ethgas.com | malicious | Sinkholed |
| Quad9 DNS | public-bsc.nownodes.io | malicious | Sinkholed |
JavaScript (54)
No JavaScripts
HTTP Transactions (75)
| URL | IP | Response | Size |
|---|