The site https://uniswapv3claim.org/ is a phishing scam with a fake uniswap airdrop. It is hosted by https://vsys.host/ on IP address 185.233.186.19 in Kyiv, Ukraine. It is registered using https://gransy.com/ and was registered 2 days ago, on May 7th, 2021.
```
uniswapv3claim.org
185.233.186.19
uniswapv3claim.org
185.233.186.19
cpanel.uniswapv3claim.org
185.233.186.19
cpcalendars.uniswapv3claim.org
185.233.186.19
cpcontacts.uniswapv3claim.org
185.233.186.19
mail.uniswapv3claim.org
185.233.186.19
webdisk.uniswapv3claim.org
185.233.186.19
webmail.uniswapv3claim.org
185.233.186.19
www.uniswapv3claim.org
185.233.186.19
netname: WeHostServersLTD
descr: Your Premium Hosting Provider
org: ORG-WL264-RIPE
country: UA
admin-c: MO7516-RIPE
tech-c: MO7516-RIPE
abuse-c: ACRO40689-RIPE
mnt-routes: W3HOSTS3RV3RS-MNT
mnt-domains: W3HOSTS3RV3RS-MNT
remarks: | abuse email address provided as;
remarks: Phishing complaints to "[email protected]"remarks: Botnests complaints to “[email protected]”
remarks: | copyrights complaints to "[email protected]"remarks: | General complaints to “[email protected]”
status: ASSIGNED PA
mnt-by: ru-quasar-1-mnt
created: 2019-07-05T18:29:30Z
last-modified: 2021-04-22T08:34:06Z
source: RIPE
organisation: ORG-WL264-RIPE
org-name: We-Host-Servers LTD
org-type: OTHER
address: Industrivej, Nuuk 3901, Greenland
abuse-c: ACRO40689-RIPE
mnt-ref: ru-quasar-1-mnt
mnt-by: W3HOSTS3RV3RS-MNT
created: 2021-04-21T14:26:26Z
last-modified: 2021-04-21T14:26:26Z
source: RIPE # Filtered
Discovered open port 443/tcp on 185.233.186.19
Discovered open port 587/tcp on 185.233.186.19
Discovered open port 111/tcp on 185.233.186.19
Discovered open port 3306/tcp on 185.233.186.19
Discovered open port 53/tcp on 185.233.186.19
Discovered open port 143/tcp on 185.233.186.19
Discovered open port 995/tcp on 185.233.186.19
Discovered open port 110/tcp on 185.233.186.19
Discovered open port 993/tcp on 185.233.186.19
Discovered open port 21/tcp on 185.233.186.19
Discovered open port 80/tcp on 185.233.186.19
Discovered open port 465/tcp on 185.233.186.19
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
|ssl-date: TLS randomness does not represent time
25/tcp filtered smtp
53/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
| dns-nsid:
| bind.version: 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5
80/tcp open http Apache httpd
| http-methods:
| Supported Methods: HEAD GET POST OPTIONS
|_http-server-header: Apache
|_http-title: Site doesn’t have a title (text/html).
110/tcp open pop3 Dovecot pop3d
|_pop3-capabilities: USER CAPA TOP PIPELINING RESP-CODES STLS SASL(PLAIN LOGIN) UIDL AUTH-RESP-CODE
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
| 100000 3,4 111/udp6 rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap Dovecot imapd
|_imap-capabilities: IMAP4rev1 more listed SASL-IR capabilities have AUTH=PLAIN post-login Pre-login STARTTLS ID ENABLE OK IDLE LOGIN-REFERRALS NAMESPACE AUTH=LOGINA0001 LITERAL+
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
443/tcp open ssl/http Apache httpd
| http-methods:
| Supported Methods: HEAD GET POST OPTIONS
|_http-server-header: Apache
|_http-title: Site doesn’t have a title (text/html).
| ssl-cert: Subject: commonName=access-service-govuk.org
| Subject Alternative Name: DNS:access-service-govuk.org, DNS:cpanel.access-service-govuk.org, DNS:cpcalendars.access-service-govuk.org, DNS:cpcontacts.access-service-govuk.org, DNS:mail.access-service-govuk.org, DNS:webdisk.access-service-govuk.org, DNS:webmail.access-service-govuk.org, DNS:www.access-service-govuk.org
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-10-08T00:00:00
| Not valid after: 2021-01-06T23:59:59
| MD5: 466f fce2 327d ec7a 3f49 86b9 5279 62f6
|SHA-1: b9a3 e9d4 0925 4cc2 fe78 b6b4 b601 d8c0 7bac 85eb
445/tcp filtered microsoft-ds
465/tcp open ssl/smtp Exim smtpd 4.94.2
| smtp-commands: scorpio.privacyhost.net Hello scorpio.privacyhost.net [195.181.175.107], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, AUTH PLAIN LOGIN, HELP,
| Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
587/tcp open smtp Exim smtpd 4.94.2
| smtp-commands: scorpio.privacyhost.net Hello scorpio.privacyhost.net [195.181.175.107], SIZE 52428800, 8BITMIME, PIPELINING, PIPE_CONNECT, STARTTLS, HELP,
| Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|_SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
993/tcp open imaps?
|_imap-capabilities: IMAP4rev1 more listed SASL-IR capabilities have AUTH=PLAIN post-login Pre-login OK ID ENABLE IDLE LOGIN-REFERRALS NAMESPACE AUTH=LOGINA0001 LITERAL+
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|_SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
995/tcp open pop3s?
|_pop3-capabilities: TOP USER PIPELINING CAPA SASL(PLAIN LOGIN) AUTH-RESP-CODE UIDL RESP-CODES
| ssl-cert: Subject: commonName=scorpio.privacyhost.net
| Subject Alternative Name: DNS:scorpio.privacyhost.net, DNS:www.scorpio.privacyhost.net
| Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-08-09T00:00:00
| Not valid after: 2021-08-09T23:59:59
| MD5: a666 1c05 05fc 9e05 6d1c 0d73 fe53 e96c
|_SHA-1: 8337 29df 31bd fdc3 d84e 654d a115 b149 5c4f e5d9
3306/tcp open mysql MySQL (unauthorized)
TRACEROUTE (using port 5900/tcp)
HOP RTT ADDRESS
1 5.75 ms 10.120.14.1
2 5.84 ms unn-195-181-175-125.datapacket.com (195.181.175.125)
3 6.01 ms unassigned.cdn77.com (185.229.188.160)
4 6.76 ms be5535.ccr41.fra03.atlas.cogentco.com (149.14.159.225)
5 11.98 ms be2959.ccr21.muc03.atlas.cogentco.com (154.54.36.54)
6 18.68 ms be3462.ccr52.vie01.atlas.cogentco.com (154.54.59.181)
7 19.78 ms be2988.ccr21.bts01.atlas.cogentco.com (154.54.59.85)
8 35.99 ms be2046.ccr21.kbp01.atlas.cogentco.com (154.54.58.246)
9 35.36 ms volia.demarc.cogentco.com (149.6.190.250)
10 49.98 ms lag.agg-6.ss13.kiev.volia.net (77.120.1.98)
11 35.48 ms lag3-60g.dc-2.ss13.kiev.volia.net (77.120.1.174)
12 … 13
14 35.49 ms no-rdns.offshorededicated.net (193.23.181.6)
15 36.60 ms scorpio.privacyhost.net (185.233.186.19)
```