refundxgas.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission: On January 24 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on January 24th 2024. Valid for: 3 months.
This is the only time refundxgas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ethereum (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 20.4.130.154 20.4.130.154 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2606:4700:303... 2606:4700:3031::6815:2a2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 4 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
min-api.cryptocompare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
refundxgas.com
refundxgas.com |
3 MB |
4 |
badfffghj88.com
badfffghj88.com |
15 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28 |
1 KB |
1 |
cryptocompare.com
min-api.cryptocompare.com — Cisco Umbrella Rank: 33740 |
723 B |
26 | 4 |
Domain | Requested by | |
---|---|---|
20 | refundxgas.com |
refundxgas.com
|
4 | badfffghj88.com |
refundxgas.com
|
1 | fonts.googleapis.com |
client
|
1 | min-api.cryptocompare.com |
refundxgas.com
|
26 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
github.com |
twitter.com |
discord.gg |
blog.ethereum.org |
esp.ethereum.foundation |
devcon.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
refundxgas.com GTS CA 1P5 |
2024-01-24 - 2024-04-23 |
3 months | crt.sh |
*.cryptocompare.com Go Daddy Secure Certificate Authority - G2 |
2023-04-24 - 2024-05-25 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
badfffghj88.com GTS CA 1P5 |
2023-12-14 - 2024-03-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://refundxgas.com/
Frame ID: 26C9AF7216A1215E7F7B0F45DE965C1A
Requests: 26 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: .css-16a33q8 { width: 1em; height: 1em; display: inline-block; line-height: 1em; -webkit-flex-shrink: 0; -ms-flex-negative: 0; flex-shrink: 0; color: currentColor; font-size: var(--eth-fontSizes-4xl); -webkit-margin-start: var(--eth-space-4); margin-inline-start: var(--eth-space-4); } .css-16a33q8:hover, .css-16a33q8[data-hover] { color: #
Search URL Search Domain Scan URL
Title: .css-14e8c2x { width: 1em; height: 1em; display: inline-block; line-height: 1em; -webkit-flex-shrink: 0; -ms-flex-negative: 0; flex-shrink: 0; color: currentColor; font-size: var(--eth-fontSizes-4xl); -webkit-margin-start: var(--eth-space-4); margin-inline-start: var(--eth-space-4); } .css-14e8c2x:hover, .css-14e8c2x[data-hover] { color: #
Search URL Search Domain Scan URL
Title: .css-8pt5tp { width: 1em; height: 1em; display: inline-block; line-height: 1em; -webkit-flex-shrink: 0; -ms-flex-negative: 0; flex-shrink: 0; color: currentColor; font-size: var(--eth-fontSizes-4xl); -webkit-margin-start: var(--eth-space-4); margin-inline-start: var(--eth-space-4); } .css-8pt5tp:hover, .css-8pt5tp[data-hover] { color: #728
Search URL Search Domain Scan URL
Title: Ethereum Foundation Blog(opens in a new tab)
Search URL Search Domain Scan URL
Title: Ecosystem Support Program(opens in a new tab)
Search URL Search Domain Scan URL
Title: Devcon(opens in a new tab)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
refundxgas.com/ |
340 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f30f.svg
refundxgas.com/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f41b.svg
refundxgas.com/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer-2-hub-hero.5bb68ce2.jpg
refundxgas.com/images/ |
380 KB 381 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
what-is-ethereum.b37ce60e_1.png
refundxgas.com/images/ |
109 KB 110 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dao-2.62aa97a7_1.png
refundxgas.com/images/ |
69 KB 70 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-modal.js
refundxgas.com/assets/web3-provider/ |
35 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f30f.svg
refundxgas.com/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f41b.svg
refundxgas.com/images/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer-2-hub-hero.5bb68ce2.jpg
refundxgas.com/images/ |
380 KB 381 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-loader.js
refundxgas.com/assets/web3-provider/ |
41 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-router.js
refundxgas.com/assets/web3-provider/ |
610 KB 170 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-connect.js
refundxgas.com/assets/web3-provider/ |
730 KB 194 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-module.js
refundxgas.com/assets/web3-provider/ |
1 MB 310 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-alert.js
refundxgas.com/assets/web3-provider/ |
142 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-seaport.js
refundxgas.com/assets/web3-provider/ |
665 KB 189 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web3-data.js
refundxgas.com/assets/web3-provider/ |
1 MB 719 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ethers.js
refundxgas.com/assets/web3-provider/ |
742 KB 176 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ethereum-tx.js
refundxgas.com/assets/web3-provider/ |
317 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
web3-provider.js
refundxgas.com/assets/ |
138 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pricemulti
min-api.cryptocompare.com/data/ |
148 B 723 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
23 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
badfffghj88.com/ |
80 B 513 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
badfffghj88.com/ |
37 KB 10 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
badfffghj88.com/ |
58 KB 4 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
badfffghj88.com/ |
40 B 453 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ethereum (Crypto)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| @walletconnect/ethereum-provider function| Buffer object| global object| process object| reactiveElementVersions object| litHtmlVersions object| litElementVersions function| setImmediate function| clearImmediate object| WalletConnectProvider object| regeneratorRuntime function| Web3 function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal object| _ethers function| MerkleTree function| MerkleMountainRange function| IncrementalMerkleTree function| MerkleSumTree object| seaport object| ethers object| ethereumjs function| _0x4572 object| MS_Worker_ID function| _0x4137 object| MS_MetaMask_ChainData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
badfffghj88.com
fonts.googleapis.com
min-api.cryptocompare.com
refundxgas.com
20.4.130.154
2606:4700:3031::6815:2a2
2a00:1450:4001:82a::200a
2a06:98c1:3121::3
0bdcfd8e9bd6918234ee4f9c31401fc3e3471f4bc71812a6c991b6b0c34e06e9
0d2d0108dccd06c7b3a250f32dc91986852cdf02eb9c5136db81d888091aa7aa
0e5f7c28c6614ae5f1fba671c315cbf6d4ff809a305503ddc2eb3e1fe908e0d7
200a7f8382380965e4870411c16242e3b3be8453c37886543c663acf611b76ea
22becfcf833e51cc71faf4b3a99c596e5ef3879543f7007065c8a9730692b6ad
39f201db3b9481261cc1660c3c2f9880fb09ef44c1e5fe5d9e2fd9deb818bd10
3bac4e38405e132151142c183a8848f1ccfc67a3272d60d3259839f401a5ea47
3c375e741930e3f2eff14c0a023bcdc610493424119a059a758752c76a9593c0
4baa20e467a3f55ea47d4baf2520a7c9c91a9ce03ddeb9e48e4ba6f703689876
4f574647ff2ca8f19b0b7b2656c0f8199a3542baae0028ba3ceaa66ced01491e
571b68cfb2c3208ba5bd8420dafc5827de5815a9c72718e2324711fbd3b00f12
5b800459f6063a12f07f0e2a2fbeaa4efc884d35b4325fde73c85c9f23c2a05c
5c8da7d1700cf3a1a863fd42c18f7193e089e6ea2473c92624800fe2e97a2210
5c9805c397f6744b6bf1aafdc22980094c41e659c636aa453981659fdf873eaf
66f16c2442eb3e46fc742b2471b21bd5ee5b9729e5196ecaa35af668ae8bc8d7
73312cbf8e81b62c2b7ffd737d9a3897d57c06ebfd2d1216633d3191d44d413d
7e9952bf40a202b4d047ea5157e5c67930667d29749dcecfd20df0fc1a40f276
801d62fc02f89e7c1b414392e066dcda139ea3154cb3a48da721ff9a9df49f1f
8235135dbbf8e98c80059672e3ead5369851727d876131e7f344abc60a66e254
a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73
b5b23b720c833da7d8c270aaa3c2951b6f37df719727560e47e2c059a645cec6
c259624218132a2cd36ad673de1ef15631307c4c491c3c63b5e930084b6308ef
c2ab8b77f0645edd26fa1c6e0f69d07cc06d9763b9904e01b71902f12d05c6e9