claim.wailchain.com

https://claim.wailchain.com/idos/airdrop

172.67.138.151 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

2 days ⚠

HTTP

200 · 23.0s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Wallchain Airdrop"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Wallchain / Wailchain

Vendors

28/29

Status

partial

✓ eset✓ microsoft✓ avg✓ norton✓ brightcloud✓ bitdefender✓ avast✓ kaspersky✓ sophos✓ yandex✓ polyswarm✓ drweb✓ urlscan✓ apple✓ spamhaus✓ phishreport✓ emsisoft✓ openphish✓ netcraft✓ urlquery✓ cisa✓ apwg✓ phishtank✓ virustotal✗ urlabuse✓ mcafee✓ threatyeti✓ google✓ fortiguard

Registered-domain escalation

Submit wailchain.com as the primary IOC, enriched with evidence from hostile subdomains like claim.wailchain.com.

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Wallchain

Credential Phishing

Cryptocurrency · 4/5/2026

Summary

This site claim.wailchain.com/idos/airdrop presents a Wallchain-related branding (Wallchain Airdrop) but is hosted on a newly registered, non-official domain (wailchain.com) with Cloudflare fronting. The page appears to be an SPA capable of credential capture, loads external JS, and includes an iframe-based overlay common in phishing flows. The domain age is only 2 days, and the SSL cert is newly issued by Let's Encrypt, both high-risk indicators. Visual branding in the UI and page title suggest impersonation of a legitimate crypto/airdrops service, but the domain does not match the brand’s official domain pattern.

Attack Techniques (5)

Typosquat/brand-misleading domain (claim.wailchain.com) vs. brand name WallchainSPA rendering of credentials behind dynamic JavaScript (no static forms)Loading external tracking/telemetry script and potential iframe usageNew domain age and recent SSL cert issuance (lets encrypt) as trust signalsOverlay/iframe-based credential capture pattern common in phishing flows

Indicators of Compromise (7)

▸DOMAIN: claim.wailchain.com (subdomain of wailchain.com) as IOC

▸URL path contains '/idos/airdrop' implying an airdrop-related credential prompt

▸External script: https://static.cloudflareinsights.com/beacon.min.js/... (WAF/telemetry) as potential evasion

▸POST request to https://claim.wailchain.com/cdn-cgi/rum? (204) indicating potential data exfiltration hook

▸Base domain: wailchain.com with new WHOIS (created 2026-03-05) and 2-day age

▸SSL certificate issued 2 days ago to wailchain.com (Let’s Encrypt)

▸No static login form in HTML; SPA renders credential capture via JS bundles

Risk AssessmentUsed in abuse reports

The page at claim.wailchain.com/idos/airdrop is a high-risk impersonation attempt. The branding on the page indicates Wallchain, but the domain is a newly registered, non-official subdomain rather than a legitimate Wallchain domain. The static HTML contains an iframe and dynamically loaded assets that are consistent with credential collection in a SPA, and a POST request to a rum endpoint suggests data handling activity. The SSL cert is fresh from Let’s Encrypt, and the domain age is only 2 days, both strong signals of a phishing setup. The combination of brand impersonation, new domain, and dynamic credential capture strongly indicates credential harvesting activity targeting crypto users.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence