claim-henry.pages.dev
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of claim-henry.pages.dev
claim-henry.pages.dev appears to be a promotional landing page for a cryptocurrency token giveaway branded as "$HENRY" or "Justice For Henry Nowak". Based on the page title, on-page text, and screenshot, the site invites visitors to participate in an airdrop and claim tokens, presenting itself as a limited-time opportunity for early adopters and community members.
The site is hosted on a pages.dev subdomain, which suggests it is deployed through a static hosting platform rather than a standalone branded domain. The page references social channels on Discord, Telegram, and X, and uses typical crypto-marketing language such as token claims, DeFi participation, and countdown-style urgency. No clear information about a formal company operator, legal entity, or verifiable organization is visible from the provided scan data.
Overall, this appears to be a cryptocurrency-themed campaign page focused on token distribution rather than a broad financial service or established corporate website. The presentation and wording are consistent with promotional airdrop pages commonly used to attract wallet connections or token-claim interactions.
Safety Assessment for claim-henry.pages.dev
Several security signals raise concern about this domain at the time of the scan. It was flagged by 8 out of 91 security engines, with multiple scanners classifying it as phishing. In addition, the page content itself appears to promote a crypto airdrop with urgency cues such as limited-time participation and token claiming, which is a pattern often associated with wallet-draining or credential-harvesting campaigns.
The blacklist and threat-database checks included in the scan were clean at the time of review, which means the domain was not broadly listed across the checked reputation sources. However, clean blacklist status does not outweigh a multi-engine phishing consensus when the page content also shows high-risk social-engineering characteristics. The flagged JavaScript file was only marked with a generic suspicious heuristic, so that signal alone would be low confidence, but it adds to the overall caution rather than reducing it.
The site also lacks the trust indicators typically expected from a legitimate financial or crypto project homepage, such as clear operator identity, transparent legal information, or an established primary domain. Based on these findings, this website may pose potential risks to visitors.
Technical Description
The domain uses a valid Let's Encrypt SSL certificate and is served through Cloudflare infrastructure, with hosting resolved to a Cloudflare IP in Toronto, Canada. The domain itself is about five years old, though it is a pages.dev subdomain rather than a dedicated branded domain, which can make attribution more difficult. DNSSEC appears to be unsigned.
From a technical standpoint, the scan found one JavaScript file flagged with a generic suspicious heuristic, while external links and referenced domains were not flagged during this check. The combination of Cloudflare hosting, valid HTTPS, and a long-lived parent domain does not by itself indicate legitimacy, since these are also commonly used by temporary campaign pages and abuse-hosted content.
Share your experience with this website. Was it safe? Did you encounter any issues?