avito.info-pay.online
Open in
urlscan Pro
2606:4700:3031::ac43:a415
Malicious Activity!
Public Scan
Submission: On December 01 via manual from IN
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 22nd 2020. Valid for: a year.
This is the only time avito.info-pay.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OLX Group (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3031::ac43:a415 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 185.199.108.153 185.199.108.153 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:6ea0:c70... 2a02:6ea0:c700::4 | 60068 (CDN77) (CDN77) | |
1 | 104.17.59.8 104.17.59.8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 52.28.221.109 52.28.221.109 | 16509 (AMAZON-02) (AMAZON-02) | |
7 | 2a02:6ea0:c70... 2a02:6ea0:c700::1 | 60068 (CDN77) (CDN77) | |
22 | 8 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-221-109.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
smartsuppcdn.com
widget-v2.smartsuppcdn.com |
227 KB |
6 |
info-pay.online
avito.info-pay.online |
93 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com bootstrap.smartsuppchat.com |
8 KB |
1 |
avito.st
01.img.avito.st |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
738 B |
1 |
github.io
necolas.github.io |
2 KB |
0 |
avito.ru
Failed
www.avito.ru Failed |
|
22 | 7 |
Domain | Requested by | |
---|---|---|
7 | widget-v2.smartsuppcdn.com |
www.smartsuppchat.com
widget-v2.smartsuppcdn.com avito.info-pay.online |
6 | avito.info-pay.online |
avito.info-pay.online
|
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | 01.img.avito.st |
avito.info-pay.online
|
1 | www.smartsuppchat.com |
avito.info-pay.online
|
1 | fonts.googleapis.com |
avito.info-pay.online
|
1 | necolas.github.io |
avito.info-pay.online
|
0 | www.avito.ru Failed |
avito.info-pay.online
|
22 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
support.avito.ru |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-22 - 2021-11-21 |
a year | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-11-03 - 2021-01-26 |
3 months | crt.sh |
*.smartsuppchat.com RapidSSL RSA CA 2018 |
2019-12-11 - 2021-01-01 |
a year | crt.sh |
*.img.avito.st GlobalSign Organization Validation CA - SHA256 - G2 |
2019-03-19 - 2021-03-19 |
2 years | crt.sh |
*.smartsuppcdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-11-03 - 2021-12-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://avito.info-pay.online/cash37527752
Frame ID: 1F9DE3CF9249E44F43DFC43853DB47A3
Requests: 17 HTTP requests in this frame
Frame:
https://widget-v2.smartsuppcdn.com/static/js/runtime-main.fcbcd4af.js
Frame ID: 0DC4048F0E529FC30D870333E9D05F57
Requests: 6 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Договора купли-продажи
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://avito.info-pay.online/assets/fonts/firasans-medium.6d0873.woff HTTP 302
- https://www.avito.ru/assets/fonts/firasans-medium.6d0873.woff
- https://avito.info-pay.online/assets/fonts/firasans-medium.12a58b.ttf HTTP 302
- https://www.avito.ru/assets/fonts/firasans-medium.12a58b.ttf
- https://avito.info-pay.online/assets/fonts/opensans-semibold.1d8cbd.woff HTTP 302
- https://www.avito.ru/assets/fonts/opensans-semibold.1d8cbd.woff
- https://avito.info-pay.online/assets/fonts/opensans-semibold.e1c83f.ttf HTTP 302
- https://www.avito.ru/assets/fonts/opensans-semibold.e1c83f.ttf
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cash37527752
avito.info-pay.online/ |
30 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
avito.info-pay.online/assets/css/ |
404 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
payments.css
avito.info-pay.online/assets/css/ |
39 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.css
necolas.github.io/normalize.css/8.0.1/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 738 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
avito.info-pay.online/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9951373301.jpg
01.img.avito.st/640x480/ |
30 KB 30 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secure.62a90a.svg
avito.info-pay.online/assets/img/ |
1 KB 861 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shipping.0b7110.svg
avito.info-pay.online/assets/img/ |
725 B 718 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
firasans-medium.6d0873.woff
www.avito.ru/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 4 KB |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
97fefb5ba8c71c5608fa6f5c8a30c35957c3863d.json
bootstrap.smartsuppchat.com/widget/ |
701 B 946 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-manifest.json
widget-v2.smartsuppcdn.com/ |
2 KB 698 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime-main.fcbcd4af.js
widget-v2.smartsuppcdn.com/static/js/ Frame 0DC4 |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.f6454180.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame 0DC4 |
644 KB 185 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.7ccf79c2.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame 0DC4 |
106 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
widget-v2.smartsuppcdn.com/translates/ Frame 0DC4 |
4 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ru.json
widget-v2.smartsuppcdn.com/translates/ Frame 0DC4 |
6 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blackberry2.mp3
widget-v2.smartsuppcdn.com/assets/sounds/ Frame 0DC4 |
9 KB 9 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
firasans-medium.12a58b.ttf
www.avito.ru/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.1d8cbd.woff
www.avito.ru/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.e1c83f.ttf
www.avito.ru/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.avito.ru
- URL
- https://www.avito.ru/assets/fonts/firasans-medium.6d0873.woff
- Domain
- www.avito.ru
- URL
- https://www.avito.ru/assets/fonts/firasans-medium.12a58b.ttf
- Domain
- www.avito.ru
- URL
- https://www.avito.ru/assets/fonts/opensans-semibold.1d8cbd.woff
- Domain
- www.avito.ru
- URL
- https://www.avito.ru/assets/fonts/opensans-semibold.e1c83f.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OLX Group (E-commerce)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _smartsupp function| smartsupp function| setImmediate function| clearImmediate boolean| SMARTSUPP_LOADED object| $smartsupp3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
avito.info-pay.online/ | Name: ssupp.visits Value: 1 |
|
avito.info-pay.online/ | Name: ssupp.vid Value: viKHOehKi2uzR |
|
.info-pay.online/ | Name: __cfduid Value: d28b17db6271df373434eeb142f8983b61606842114 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
01.img.avito.st
avito.info-pay.online
bootstrap.smartsuppchat.com
fonts.googleapis.com
necolas.github.io
widget-v2.smartsuppcdn.com
www.avito.ru
www.smartsuppchat.com
www.avito.ru
104.17.59.8
185.199.108.153
2606:4700:3031::ac43:a415
2a00:1450:4001:814::200a
2a02:6ea0:c700::1
2a02:6ea0:c700::4
52.28.221.109
0d17c2653e761f1126a917064534a4dcdc2ad5a8bd8d583ded616674299c14e3
0ecbc9da79495a5b0460d0cfca200aa6064528d86b749576c18d083386f9a8f0
19601dc9c8c99a0e227d86ca446759bd98dff95910e474fea5a9b4e16f5b34e9
1b725f674b3b9f763dbd7400f898e3abb5c49e038f816ba268778536f3fe4bda
1bed9b4328a43c8da3d92254759df0d5ed37e74b03a9b1beb4ed960b30bb1f87
1ed689816c54de330ec5aed01685251028fd9da655bcdc21698083d058427921
212e4da73e2ce59d04dcc7cd5e6fad88c283f818469ffdac16accc79db847076
2dac82c181db29f567f8c6a98cb9dfc7cede1f4972031d27e374eb50cb6c23b6
3bdbebe8dcdcdcc3bcd63b11f927e0a5dd0b30ef0234e33669ea5225dee2e7d5
3f254969955f7acfd73dbebabc1fb8cccf599b21d76aea9060c725f7130209bf
462dda033b7911373fa4731a9834e2b5f76fe3f8ded7cf7d54d5d996752329a9
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
59bb3fcb8b87080818bb622d952b37c0b745e2ead0f6c96531cde8f1a7a87f69
70197c13590dc9380d09a5d1c282baa3f8798a8af19ff460e744860ec2440833
713a1269cbe341333f360d6767939d33c6dc04754fe9028b34deb6ac59e0fc1a
b3eef1a27fddc5cdb1e308c5417b692a43fabda5e6cd40bb9794d3e09c069fc8
c2d507b1db42624c0a4d6b50c0ec99cc1847a640d3dcc64904140795496930af
caa5d92f363f393acaa661d887fb1d05a8b3a775655a5b46aa005af5a5a7cfaf
cef12a43407f3092977da7281ea18a1d07dc45d8cf21fdaee0fca58cd869fb27