safepay-eldorado.ru-paying.online
Open in
urlscan Pro
104.21.20.182
Malicious Activity!
Public Scan
Submission: On November 27 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by E1 on November 23rd 2023. Valid for: 3 months.
This is the only time safepay-eldorado.ru-paying.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Visa (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.21.20.182 104.21.20.182 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.186.138 142.250.186.138 | 15169 (GOOGLE) (GOOGLE) | |
3 | 185.199.111.133 185.199.111.133 | 54113 (FASTLY) (FASTLY) | |
1 | 151.101.194.137 151.101.194.137 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.16.126.175 104.16.126.175 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.16.89.20 104.16.89.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 156.146.33.137 156.146.33.137 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
6 | 142.250.186.67 142.250.186.67 | 15169 (GOOGLE) (GOOGLE) | |
1 | 3.125.69.4 3.125.69.4 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 195.181.175.41 195.181.175.41 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
24 | 12 |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net
fonts.googleapis.com |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-133.github.com
raw.githubusercontent.com |
ASN60068 (CDN77 ^_^, GB)
PTR: 494557430.fra.cdn77.com
www.smartsuppchat.com |
ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net
fonts.gstatic.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-69-4.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
ASN60068 (CDN77 ^_^, GB)
PTR: 824291365.fra.cdn77.com
widget-v3.smartsuppcdn.com | |
translations.smartsuppcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
gstatic.com
fonts.gstatic.com |
80 KB |
5 |
smartsuppcdn.com
widget-v3.smartsuppcdn.com — Cisco Umbrella Rank: 59922 translations.smartsuppcdn.com — Cisco Umbrella Rank: 61769 |
96 KB |
3 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335 |
44 KB |
3 |
githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4473 |
42 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com — Cisco Umbrella Rank: 55790 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 52793 |
7 KB |
1 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 903 |
2 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223 |
31 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 762 |
30 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31 |
1 KB |
1 |
ru-paying.online
safepay-eldorado.ru-paying.online |
49 KB |
24 | 10 |
Domain | Requested by | |
---|---|---|
6 | fonts.gstatic.com |
fonts.googleapis.com
|
4 | widget-v3.smartsuppcdn.com |
www.smartsuppchat.com
|
3 | cdn.jsdelivr.net |
safepay-eldorado.ru-paying.online
|
3 | raw.githubusercontent.com |
safepay-eldorado.ru-paying.online
|
1 | translations.smartsuppcdn.com |
widget-v3.smartsuppcdn.com
|
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | www.smartsuppchat.com |
safepay-eldorado.ru-paying.online
|
1 | unpkg.com |
safepay-eldorado.ru-paying.online
|
1 | cdnjs.cloudflare.com |
safepay-eldorado.ru-paying.online
|
1 | code.jquery.com |
safepay-eldorado.ru-paying.online
|
1 | fonts.googleapis.com |
client
|
1 | safepay-eldorado.ru-paying.online | |
24 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ru-paying.online E1 |
2023-11-23 - 2024-02-21 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.github.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-21 - 2024-03-20 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
*.smartsuppchat.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2022-11-30 - 2023-12-29 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.smartsuppcdn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1 |
2023-10-23 - 2024-11-16 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://safepay-eldorado.ru-paying.online/payment/pay?unique_id=50153504&uid=852925624
Frame ID: 4D12C54514491B749489F7057263AB9E
Requests: 21 HTTP requests in this frame
Frame:
https://widget-v3.smartsuppcdn.com/assets/main-66ba07db.js
Frame ID: 7C5654B3FABF361FB8FEBF049F2C5A20
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Платежная формаDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- (?:/([\d.]+))?/vue(?:\.min)?\.js
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- sweetalert2(?:\.all)?(?:\.min)?\.js
- /npm/sweetalert2@([\d.]+)
- sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
pay
safepay-eldorado.ru-paying.online/payment/ |
48 KB 49 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
17 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chip.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue.min.js
cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/ |
91 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-the-mask.js
unpkg.com/vue-the-mask@0.11.1/dist/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2@11
cdn.jsdelivr.net/npm/ |
75 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.min.css
cdn.jsdelivr.net/npm/sweetalert2@11.0.19/dist/ |
22 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2.all.min.js
cdn.jsdelivr.net/npm/sweetalert2@11.0.19/dist/ |
63 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
426 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HI_SiYsKILxRpg3hIP6sJ7fM7PqlOevWjMY.woff2
fonts.gstatic.com/s/sourcecodepro/v23/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
fonts.gstatic.com/s/sourcecodepro/v23/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20.jpeg
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visa.png
raw.githubusercontent.com/muhammederdem/credit-card-form/master/src/assets/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c306380f1a93e6925a5ebde38452ce62315a8889.json
bootstrap.smartsuppchat.com/widget/ |
1 KB 677 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.json
widget-v3.smartsuppcdn.com/ |
2 KB 829 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-66ba07db.js
widget-v3.smartsuppcdn.com/assets/ Frame 7C56 |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-886017d2.js
widget-v3.smartsuppcdn.com/assets/ Frame 7C56 |
157 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-a2eb889b.css
widget-v3.smartsuppcdn.com/assets/ Frame 7C56 |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defaults
translations.smartsuppcdn.com/api/v1/widget/translations/lang/ru/ Frame 7C56 |
7 KB 4 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Visa (Financial)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| documentPictureInPicture object| _smartsupp function| smartsupp function| $ function| jQuery function| Vue object| VueTheMask function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| getCookie function| cardValidator function| showPreloader boolean| SMARTSUPP_LOADED object| $smartsupp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
safepay-eldorado.ru-paying.online/ | Name: ref Value: 852925624 |
|
safepay-eldorado.ru-paying.online/ | Name: unique_id Value: 50153504 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bootstrap.smartsuppchat.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
raw.githubusercontent.com
safepay-eldorado.ru-paying.online
translations.smartsuppcdn.com
unpkg.com
widget-v3.smartsuppcdn.com
www.smartsuppchat.com
104.16.126.175
104.16.89.20
104.17.24.14
104.21.20.182
142.250.186.138
142.250.186.67
151.101.194.137
156.146.33.137
185.199.111.133
195.181.175.41
3.125.69.4
0226134051377933a7323d412828dcabb77107a276210cf3d95866495748d402
0621283c4789e9f7153c34dd69776c34fa32f1a118c342e67ede61d8d871e607
0d0a6262c545e8bbc895116e5afb22579c468d7abb77e378f377d6fed57c1dce
1a9548347c9b338b3168bc5eb94c8206490a3462efc3c674632e9e9236785d54
1d00c6f0cc689179cfc4dab54f10163635df53e0472ec87fb40790a74f4dbce2
2a775d512b714a32d68031e6553e4afadfa75617b30c5f98ed08efde1b21e6b5
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f
612d3c3f8efad0b9073b164950a2c3b5ed6d73e214fe539e6c21b4f18fed0ad8
6900930f6f1ea7022dd390b4b3f9a5ebbeb2c58985de87a4df628fa8c8eeda7c
72194d152571dd375c4365e5c3b4af9db2c06af0102ced18fcb062597d38be26
7751fce329ce3b7e36810cef31e7c56377edc83fc28844c85e92c5048756a98a
7a46dc942e3728493c41ff23f928535d3fc61cc7b29b4c7be4670ad3af3bbcf6
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
96bc2db2c6f92850daed27b5a39b9e0dafb20e7097bcbd8a91da6751df6b2fff
9bbb282d74807066b2cdaa827f756fc68c66fabc881bcfa7c2696612d384c25d
9ef6dd0c1dbd61b792f7791c989d68b3939263c502269643f8e96c28f7e49a15
a8811d8c90f438dec06d74298bb375081719cb602a40da325972cc4f27bc41b7
a9204ea7545271658de22859c8d6706a10ed878577d2bfec5e077ba702e2789e
b5d72cb0de5c93e3e62436666a8de967106e7b0c9efa06372a1413298009f98f
b8172166dbe776ffa12da60505a6324a609efce59a5eff460b7b9d579e2db30b
c35907e55553d6a228e5172c7ce3d7c72f1d80322258363205f8132ea75cc0bd
c73c9d2639ee4ecc555040bb05de136847ae936b885925b56972549ccfe16a97
e7ee140344701f1acb771ba8fbf2e2a199087ab4acf05fd50e757826cf597704
f7457c6e56eeecbd02bf5f98c6e7fadae93685b8c00edb6262ecaff2fc4fb7db
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e