avito.paymelift.store Open in urlscan Pro
2606:4700:3036::ac43:b647 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://avito.paymelift.store/buy/318e8d7d
Submission Tags: https://phish.report @phish_report Search All
Submission: On February 17 via api (February 17th 2023, 10:40:34 am UTC) from FI — Scanned from FI

Summary HTTP 25 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 6 domains to perform 25 HTTP transactions. The main IP is 2606:4700:3036::ac43:b647, located in United States and belongs to CLOUDFLARENET, US. The main domain is avito.paymelift.store.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 15th 2023. Valid for: a year.

This is the only time avito.paymelift.store was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Avito (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1 16	2606:4700:303... 2606:4700:3036::ac43:b647	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	40.114.177.156 40.114.177.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
1	18.192.59.1 18.192.59.1	16509 (AMAZON-02) (AMAZON-02)
4	2a02:6ea0:f40... 2a02:6ea0:f400::4	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	3.64.122.103 3.64.122.103	16509 (AMAZON-02) (AMAZON-02)
25	9

16 2606:4700:3036::ac43:b647 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

avito.paymelift.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.114.177.156 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

duckduckgo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

www.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.192.59.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-59-1.eu-central-1.compute.amazonaws.com

bootstrap.smartsuppchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:f400::4 (Zagreb, Croatia)

ASN60068 (CDN77 ^_^, GB)

widget-v2.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

translations.smartsuppcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.64.122.103 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-122-103.eu-central-1.compute.amazonaws.com

websocket-visitors.smartsupp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	paymelift.store 1 redirects avito.paymelift.store	122 KB
5	smartsuppcdn.com widget-v2.smartsuppcdn.com — Cisco Umbrella Rank: 47751 translations.smartsuppcdn.com — Cisco Umbrella Rank: 53100	194 KB
2	smartsuppchat.com www.smartsuppchat.com — Cisco Umbrella Rank: 48250 bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 43478	6 KB
1	smartsupp.com websocket-visitors.smartsupp.com — Cisco Umbrella Rank: 38384	229 B
1	duckduckgo.com duckduckgo.com — Cisco Umbrella Rank: 3634
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	28 KB
25	6

	Domain	Requested by
16	avito.paymelift.store	1 redirects avito.paymelift.store
4	widget-v2.smartsuppcdn.com	www.smartsuppchat.com
1	websocket-visitors.smartsupp.com	widget-v2.smartsuppcdn.com
1	translations.smartsuppcdn.com	widget-v2.smartsuppcdn.com
1	bootstrap.smartsuppchat.com	www.smartsuppchat.com
1	www.smartsuppchat.com	avito.paymelift.store
1	duckduckgo.com	avito.paymelift.store
1	cdnjs.cloudflare.com	avito.paymelift.store
25	8

This site contains links to these domains. Also see Links.

Domain
static2.tinkoff.ru
support.avito.ru

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-15` - `2024-02-15`	a year	crt.sh
*.smartsuppchat.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-30` - `2023-12-29`	a year	crt.sh
*.smartsuppcdn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-10-19` - `2023-11-19`	a year	crt.sh
*.smartsupp.com Amazon RSA 2048 M01	`2023-02-14` - `2023-11-22`	9 months	crt.sh

This page contains 2 frames:

Primary Page: https://avito.paymelift.store/buy/318e8d7d
Frame ID: 1DAE4DAFD202F173576A6BF05BD1796A
Requests: 22 HTTP requests in this frame

Frame: https://widget-v2.smartsuppcdn.com/static/js/runtime-main.476fedce.js
Frame ID: E2E8F2DBDD4EEFA5A1F9F324785084D9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Авито доставка - Оплата заказа

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

63 %
IPv6

6
Domains

8
Subdomains

9
IPs

4
Countries

351 kB
Transfer

1032 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://static2.tinkoff.ru/acquiring/agreement_avito.pdf
Title: офертой

Search URL Search Domain Scan URL

URL: https://support.avito.ru/articles/688
Title: оферту

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://avito.paymelift.store/application/views/templates/avito/resources/tcs-logo.png HTTP 302
https://duckduckgo.com/

25 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 318e8d7d Show response
avito.paymelift.store/buy/ 26 KB
6 KB 1042ms
923ms Document
text/html 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199e9e335e562f49305f576f89c83984294298a9e6e40132544989fbc5e57f4f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 79ade7b0ab95abed-TLL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 17 Feb 2023 10:40:29 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQSnwSvmR%2F1sC6cgC8MAQ%2Be%2F76vMDM3OM6VVeQum8CsFeZ%2FCQXZKmlWXWcVYvAqEgCpmJlRzDzQGGubSp2VxDNGC5TkjofbioL76Iazti%2B8nJAyah2GKdoZgBwdhXYlbK1Ie0ALMmZ9ABL%2B7w0IRnbo%2FtyE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 avito_common.css
avito.paymelift.store/application/views/templates/avito/assets/2/css/ 23 KB
8 KB 287ms
284ms Stylesheet
text/css 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47adefb37b37ba308bbd15861bd412c084672653b09ee337cf4815c7a4208bfe

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5ac9-5eff21a499a97-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjtLPaICuEBwFCzHVmI9xD4ZxAIgBMyOOOzDeSWGY5nsZTGXwn3bDAVMGXXXWQa%2Bv38U0EF17TDu5QoEIuLrMnbU7tU%2FIlxdgGkMuueI4biPGfBUnV%2FSuWSkg4DFCCj4Qgb8JLPas55NmZzbfUndwFIg5cU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 79ade7b679bdabed-TLL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 common.css
avito.paymelift.store/application/views/templates/avito/assets/2/css/ 53 KB
10 KB 289ms
287ms Stylesheet
text/css 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/common.css
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1128fa910f6b2c0fea2c670355636808da214fe97c6ca38df5e8c7ea43d363be

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d34f-5eff21a499a97-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RR6EKfYKl8JN8KJMUQO6RCogOeiiHXfJLFHaPbS5yzJ7pth0VEJp7SScSlhikia%2BVr0rLWiPx0D1L8F%2FvKJBYVavghr9EVlreP6SMcRGinCUKWR6H6ze%2Fa1hV%2Fqv8JuahclNFfItDa1VMbYVVFkKctUWsOA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 79ade7b679bfabed-TLL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 127ms
54ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 30103
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDZAqCotvlovVVjeEfmb3ANmC2emnppoYMja6PNFglLtsNC9Qqei4tQ7RCifjkJT12Q7xt7IlkVd8n4LKXWoxoH8djf7rNX4WpE77ylHQdrA2PYrr%2BsMypcFBacpAfQKKHBWQkj0A9Ma9wAAwVd6anXw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79ade7b6eefefe48-HEL
expires: Wed, 07 Feb 2024 10:40:29 GMT

GET
H2 200 jquery.arcticmodal-0.3.min.js Show response
avito.paymelift.store/application/views/templates/avito/assets/2/js/ 6 KB
2 KB 279ms
278ms Script
application/javascript 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/js/jquery.arcticmodal-0.3.min.js
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e202f92ffa7ff7e7e36e1294fcace65e55214f7d30f4410f92a4a9fbbde5b03a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"17d1-5eff21a498af7-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J106vQaHD5bzPtbY3BJFz3Njt6IXRqgohbgeIpAQz0Cd34EdpyOUyx75wJfODnv29WxSSNO46aPlqL1%2Ft1T7xzy%2Bfw0WGWglhEb9T%2B383iGvQ9xUTaP0c0kYOe%2B4yIlplAon04oym0Wsdd0O5oCjdrzJhRI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79ade7b679c0abed-TLL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cleave.min.js Show response
avito.paymelift.store/application/views/templates/avito/assets/4/js/ 21 KB
7 KB 282ms
281ms Script
application/javascript 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/4/js/cleave.min.js
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7eb194c2648de022cb8f29399b9f4409d5ec0cc5314d6e4eea175c78d1d5089a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"528d-5eff21a498af7-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNwR4GIrYMGvnwH8072j7Gjgn7X%2FeXOGG8pbqocjd4KFvpQVfcg%2B2FoXkP9LU3a%2Fn3G80esh9BSlKZCLRfeBjOVheCjPNXov%2FbjyFtAHv0%2FE1W%2FwMXQw2MowRm5QCp4yw7iMo%2BGF%2BvLS4LXiqusySfFdRPs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79ade7b679c2abed-TLL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo-avito.svg
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 1 KB
1 KB 49ms
48ms Image
image/svg+xml 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/logo-avito.svg
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 760cbdcc46b08333c9d823398afbbdc78f38646aae3e9e77fb9eadb68e1385bb

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: W/"4f8-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9ItgR%2BOa8bETLLGOxGKkmrk1ptH1OTFvoft%2FxTncOGfT7ELM62qkc9FVZSPkzv4XyPzM4PkuHoQrlNqR6GtwB9NRnYkmQUXhp4GAhGWHVmPID99axsl8Hz%2Bf33qhpMkoX2L04ojOaQdJ2iArfacbeIHEcs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 79ade7b8593295f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

/
duckduckgo.com/
Redirect Chain

https://avito.paymelift.store/application/views/templates/avito/resources/tcs-logo.png
https://duckduckgo.com/

0
0

200ms
57ms

Image
text/html

40.114.177.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://duckduckgo.com/
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H2
Server: 40.114.177.156 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Fri, 17 Feb 2023 10:40:30 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2BdoBitNIEEMGDNbpRUl6%2F5mvL81k3XdRtk3%2FI1%2FOBre9vkShmHdlpDgUn%2BGf1MO8Ia6WrhQzQ1Hkpcoz8XXtJwMSfFX28cpRgK%2BgyxgzZnvQ75pLu%2Fnb4vhMoIBJJOSSmRTrHbb5aN2fIWiUmHldHp3D1g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://duckduckgo.com
cache-control: no-store, no-cache, must-revalidate
cf-ray: 79ade7b8694195f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 script.js Show response
avito.paymelift.store/application/views/templates/_base/ 35 KB
10 KB 52ms
52ms Script
application/javascript 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://avito.paymelift.store/application/views/templates/_base/script.js?ver=1.24.1
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/buy/318e8d7d
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171a747fc52ab585a712f07102148e814b437ec77d2a5d433395a77096ff8d9

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/buy/318e8d7d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47
cf-polished: origSize=49122
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 22 Dec 2022 13:55:42 GMT
server: cloudflare
etag: W/"bfe2-5f06b065ae471-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wV6K%2FQD0IsQfGyJ8EpU3FTuN9dMLK4HGIJyX2MEKlmQHmH%2FUso0Nsui9ui7BfRfL7y3kc%2FrLprfnKIWDst3wEMOTWX5RssQ7HxR19XogR1BSFAYUtrQ43EvwEgJ4qwrNhopxurejrVR7DCM%2FYrAmQ4Kx1Hc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79ade7b8492f95f4-ARN

GET
H3 200 sprite.png
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 38 KB
39 KB 63ms
62ms Image
image/png 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/sprite.png
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60c901b70b24c568fa9808d74d2cf2be9d4e77f7227711c5d308df07068c02cf

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: "98ef-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr%2BdeJoQ3BPUWQfZaOAWCaFq0mPDIH8CrpmV84JEJI46aPtSDpFLoeDRrl1h79Rh8q1%2BpMZkGKU8CmaLddZM3h6KT7%2B5MBPMrmos%2FApyc%2FRCltgsUEj3wtjsfo5TRUyLzxJVaoZvlYiW2ws4Upw9c2pNaUM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79ade7b8794e95f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39151

GET
H3 200 icon-sprite.svg
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 14 KB
6 KB 118ms
116ms Image
image/svg+xml 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/icon-sprite.svg?v=1
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 791cef6652f6619952e8ef65b9c22c8855e547dbeca5a60aa436133d24e8513b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: W/"375e-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orIvcfpLhuN5KIAgAfI27Rvn3Iu0z33y5EB751odU77Qpzhdhc7Uqjiz4fS8Ek7Q7dqzUpAEz5alkqsHzpNUzCuDXb37ZCC3KrNF35HsjNOS7MiK7qqTvdw30HO%2B3O8u2%2FIg7ts6XU%2BlTsMtFqiw5Qq1zHg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 79ade7b8795195f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 icon-sprite.svg
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 14 KB
6 KB 119ms
117ms Image
image/svg+xml 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/icon-sprite.svg
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 791cef6652f6619952e8ef65b9c22c8855e547dbeca5a60aa436133d24e8513b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: W/"375e-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BjWPL6FL%2BEnx9X01It7rtDDcbcz6Sy%2BUZsgDI%2B4HDJt03P6Ua0sO26SO6VH9H7Ne3AM13qDxLIEGyA7LiN9tgcTMpwEmYEa%2Ff0H4T7z1q1iWwXSr1IwlxvgRK5rbZaaJF%2Bh1z2DKZk6TdYSNHqiA%2FLrqN4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 79ade7b8795295f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 mastercard-securecode.png
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 3 KB
3 KB 120ms
119ms Image
image/png 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/mastercard-securecode.png
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9619393164f009ce396ec109f1c74fae1423e63d437ca41b4eac8a299131ee16

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: "c0d-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCko9QRriuw4M%2BJ2xoKc6Ti2NvZBupJKzAveH3efW1YISSzH5XK0tT5OjJOsfG5A4df4QlPc3TDmD3DjgGiRR1ulEn8HmzNrhLGKq2ypTnqLR%2BiOZDSFQfz%2BKGTaPz3aWxI%2F0McCj0r%2FHoKwNJjcdlaJKvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79ade7b8795395f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3085

GET
H3 200 verified-by-visa.png
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 3 KB
3 KB 130ms
129ms Image
image/png 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/verified-by-visa.png
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adf80aa7e869bb901f515fd5a77b17050c405dcb37654ac4540999e3c86e790e

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: "b3c-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fA8DsWf%2FIjKS0yJ7vJdgeMcIa4k%2B%2BpBLUp%2BsI9lEJKAcUnL9vSwgOSc72aWnpRymTOCFZcWf%2BERtqdjaJ1LAcoJxX8Ls3HZCB9Y3YuphjJ8I8VyRF4bSWfRcwY498WG14l8evAaZdhvg3MqC0pKJ022%2FWrg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79ade7b8795595f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2876

GET
H3 200 mir-accept.png
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 2 KB
3 KB 151ms
150ms Image
image/png 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/mir-accept.png
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6e5def3dbbe74197a396775f3487e0d2c7cb7654637f0cf55ebafe262de3cdd

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: "8e2-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXl2HJspBCvlQjKTDfPPOLOM3Smv75oYFGa55JEUZktxqnqiZCNJqe7dC4X3ZHH%2BqCljGCLEWDg2klNrsA6qtsoeCBvx3XyuI9xRhVjLENsV2r9UmepqMiP67jIgb2jdboqTe1GK62WgfgI2pO%2BdGwyJb68%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79ade7b8795695f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2274

GET
H3 200 pcidss.png
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 2 KB
3 KB 159ms
158ms Image
image/png 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/pcidss.png
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a12515effeb49199bc7f8a11f41b535d0ccaf14d3d6c8138cb72ab6c07be3ce5

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: "958-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elNHT5WD8wY3Mqkm2NEMV%2Bc8Y1YInYydyZ%2FBW2Pp1Xh7ZHKBHwExErN%2FqrOEVIFsQMmi5Go5xq%2FqZbmEb%2F%2FHAVaGU8BCtPFI9LjGT%2FZV%2FtDlOkY0XO5OFLj5P%2BBGaSGpAae7kkZAjpYHW6pQ9b%2FGmyEjVrw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79ade7b8795795f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2392

GET
H3 200 t-logo.svg
avito.paymelift.store/application/views/templates/avito/assets/2/img/ 31 KB
14 KB 160ms
159ms Image
image/svg+xml 2606:4700:3036::ac43:b647
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/img/t-logo.svg
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b647 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ae1b6df91c358599a578adcee16aacf673606feb4b318ff81eb2c311e964a3f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/application/views/templates/avito/assets/2/css/avito_common.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2022 13:39:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 47
etag: W/"7bad-5eff21a499a97"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BBM2xD0S4SzeBQ3YjcoiRYtCIaTOopFmtdB9aecgQdG%2B9pSkMsstRMyRDJB1mmkgxBya5fTYqKGLSXZGqSbDRweyFvUEaIY%2FD805TEpA4KnyQb8ZCRvvQj3VBMgGbm4gXhF3o1aNeax7roP%2FVwQl59i%2FWl0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 79ade7b8795895f4-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bbfc4fb69bfac2e23f151e3cd9d23552d1188a8504763ae942829ca438ebfde8

Request headers

Referer
Origin: https://avito.paymelift.store
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
H2 200 loader.js Show response
www.smartsuppchat.com/ 19 KB
6 KB 248ms
73ms Script
application/javascript 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.smartsuppchat.com/loader.js?
Requested by: Host: avito.paymelift.store
URL: https://avito.paymelift.store/application/views/templates/_base/script.js?ver=1.24.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 827004400366298b1c2019b75c57558f2d1618bc0b27bbd2b8e03df251cfc3db

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://avito.paymelift.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 17 Feb 2023 10:40:29 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 28
x-77-nzt: AZySIRAU1Az/HAAAAA
x-accel-expires: @1676630461
last-modified: Wed, 28 Dec 2022 13:18:33 GMT
server: CDN77-Turbo
etag: W/"63ac4229-4b9b"
x-77-nzt-ray: f6587a1d5e6a2e749d59ef63277f3c32
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300, public, s-maxage=60
expires: Wed, 28 Dec 2022 13:25:32 GMT

GET
H2 200 6078753fa36bf6b152a4415bec2cb813c84b3d55.json Show response
bootstrap.smartsuppchat.com/widget/ 1 KB
648 B 229ms
67ms XHR
application/json 18.192.59.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bootstrap.smartsuppchat.com/widget/6078753fa36bf6b152a4415bec2cb813c84b3d55.json
Requested by: Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.59.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-59-1.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 79e31c07bfc4abcce7ca3d9428f0bbad2845184a19cf10107cfd70020ac361e6

Request headers

Referer: https://avito.paymelift.store/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

x-version: c31efb705f1cb72eb59566dea508014188715b3f
date: Fri, 17 Feb 2023 10:40:30 GMT
content-encoding: br
x-hit: redis
etag: "476-qLLAQCLLrc1kQLr76m/sQwuut/M"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0, must-revalidate

GET
H2 200 asset-manifest.json Show response
widget-v2.smartsuppcdn.com/ 2 KB
760 B 276ms
76ms XHR
application/json 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v2.smartsuppcdn.com/asset-manifest.json
Requested by: Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c22a548522722679df65b3fe11b4852396ccd5a3684f611d7980738c50464fc

Request headers

Referer: https://avito.paymelift.store/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

x-77-pop: zagrebHR
date: Fri, 17 Feb 2023 10:40:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 20
x-77-nzt: AamW8opLwvr/FAAAAA
x-accel-expires: @1676630470
last-modified: Mon, 13 Feb 2023 08:33:32 GMT
server: CDN77-Turbo
etag: W/"63e9f5dc-6ce"
x-77-nzt-ray: bcd92b1fb17e70329e59ef637d02ec19
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300, public, s-maxage=60
expires: Mon, 13 Feb 2023 09:26:40 GMT

GET
H2 200 runtime-main.476fedce.js Show response
widget-v2.smartsuppcdn.com/static/js/ Frame E2E8 2 KB
2 KB 232ms
76ms Script
application/javascript 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v2.smartsuppcdn.com/static/js/runtime-main.476fedce.js
Requested by: Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 36699b912ca380a373d5de1978a2055e6112c7727e6b5041d66a77a6be407b50

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-77-pop: zagrebHR
date: Fri, 17 Feb 2023 10:40:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 350330
x-77-nzt: AamW8oojfDb/elgFAA
x-accel-expires: @1707816100
last-modified: Mon, 13 Feb 2023 08:33:32 GMT
server: CDN77-Turbo
etag: W/"63e9f5dc-9bd"
x-77-nzt-ray: bcd92b1fb17e99329e59ef6324240228
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable
expires: Tue, 13 Feb 2024 09:21:40 GMT

GET
H2 200 6.80b8e19c.chunk.js Show response
widget-v2.smartsuppcdn.com/static/js/ Frame E2E8 525 KB
159 KB 312ms
156ms Script
application/javascript 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v2.smartsuppcdn.com/static/js/6.80b8e19c.chunk.js
Requested by: Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f4123664f2a6fb1437f5dae6df0748307b6baa8243c11fe364ddc8f409556575

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-77-pop: zagrebHR
date: Fri, 17 Feb 2023 10:40:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 350330
x-77-nzt: AamW8oqPgFf/elgFAA
x-accel-expires: @1707816100
last-modified: Mon, 13 Feb 2023 08:33:32 GMT
server: CDN77-Turbo
etag: W/"63e9f5dc-8338c"
x-77-nzt-ray: bcd92b1fb17e99329e59ef63b8f60c28
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable
expires: Tue, 13 Feb 2024 09:21:40 GMT

GET
H2 200 main.3c944932.chunk.js Show response
widget-v2.smartsuppcdn.com/static/js/ Frame E2E8 115 KB
30 KB 380ms
227ms Script
application/javascript 2a02:6ea0:f400::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v2.smartsuppcdn.com/static/js/main.3c944932.chunk.js
Requested by: Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:f400::4 Zagreb, Croatia, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6fd15847073c063cb948b5cc2e9a1bc5976392aef4d50b9434bd50a61da59405

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-77-pop: zagrebHR
date: Fri, 17 Feb 2023 10:40:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 350330
x-77-nzt: AamW8opPREj/elgFAA
x-accel-expires: @1707816100
last-modified: Mon, 13 Feb 2023 08:33:32 GMT
server: CDN77-Turbo
etag: W/"63e9f5dc-1cc88"
x-77-nzt-ray: bcd92b1fb17e99329e59ef63f6445228
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable
expires: Tue, 13 Feb 2024 09:21:40 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 defaults Show response
translations.smartsuppcdn.com/api/v1/widget/translations/lang/ru/ Frame E2E8 7 KB
3 KB 1065ms
94ms Fetch
application/json 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://translations.smartsuppcdn.com/api/v1/widget/translations/lang/ru/defaults
Requested by: Host: widget-v2.smartsuppcdn.com
URL: https://widget-v2.smartsuppcdn.com/static/js/6.80b8e19c.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 241dc80c80c548e3a9ee9758fd0167f25d718160c9220a8560bf2b8299ef8862

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-77-pop: frankfurtDE
x-version: 2fefdafa7314ff74acc69bb54f560135bbd664e1
date: Fri, 17 Feb 2023 10:40:32 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 52
x-response-time: 0ms
x-77-nzt: AcO1qhEKwLH/NAAAAA
x-accel-expires: @1676630980
server: CDN77-Turbo
x-77-nzt-ray: 4c156224b1a6d678a059ef63976e4b07
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600

GET
H2 200 acquire Show response
websocket-visitors.smartsupp.com/balancer/ Frame E2E8 75 B
229 B 1033ms
60ms Fetch
application/json 3.64.122.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://websocket-visitors.smartsupp.com/balancer/acquire
Requested by: Host: widget-v2.smartsuppcdn.com
URL: https://widget-v2.smartsuppcdn.com/static/js/6.80b8e19c.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.64.122.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-64-122-103.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f32925d009be726a22b0b8b8b65a9c47000e8c74a05a3d331d8756dfb03ae113

Request headers

accept-language: fi-FI,fi;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: *
x-version: 70253112abbe85f179c466b00670462138c47060
date: Fri, 17 Feb 2023 10:40:32 GMT
content-length: 75
vary: Origin
content-type: application/json; charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Avito (E-commerce)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
avito.paymelift.store/	1970-01-20 09:45:16	Name: PHPSESSID Value: ki9d6an634bost420bpe0s8k2u
avito.paymelift.store/	1970-01-20 14:05:55	Name: ssupp.vid Value: vi1f6epOS7_qU
avito.paymelift.store/	1970-01-20 14:05:55	Name: ssupp.visits Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

avito.paymelift.store
bootstrap.smartsuppchat.com
cdnjs.cloudflare.com
duckduckgo.com
translations.smartsuppcdn.com
websocket-visitors.smartsupp.com
widget-v2.smartsuppcdn.com
www.smartsuppchat.com
18.192.59.1
2606:4700:3036::ac43:b647
2606:4700::6811:180e
2a02:6ea0:c700::17
2a02:6ea0:c700::19
2a02:6ea0:f400::4
3.64.122.103
40.114.177.156
1128fa910f6b2c0fea2c670355636808da214fe97c6ca38df5e8c7ea43d363be
199e9e335e562f49305f576f89c83984294298a9e6e40132544989fbc5e57f4f
241dc80c80c548e3a9ee9758fd0167f25d718160c9220a8560bf2b8299ef8862
2ae1b6df91c358599a578adcee16aacf673606feb4b318ff81eb2c311e964a3f
36699b912ca380a373d5de1978a2055e6112c7727e6b5041d66a77a6be407b50
3c22a548522722679df65b3fe11b4852396ccd5a3684f611d7980738c50464fc
47adefb37b37ba308bbd15861bd412c084672653b09ee337cf4815c7a4208bfe
60c901b70b24c568fa9808d74d2cf2be9d4e77f7227711c5d308df07068c02cf
643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511
6fd15847073c063cb948b5cc2e9a1bc5976392aef4d50b9434bd50a61da59405
760cbdcc46b08333c9d823398afbbdc78f38646aae3e9e77fb9eadb68e1385bb
791cef6652f6619952e8ef65b9c22c8855e547dbeca5a60aa436133d24e8513b
79e31c07bfc4abcce7ca3d9428f0bbad2845184a19cf10107cfd70020ac361e6
7eb194c2648de022cb8f29399b9f4409d5ec0cc5314d6e4eea175c78d1d5089a
827004400366298b1c2019b75c57558f2d1618bc0b27bbd2b8e03df251cfc3db
9619393164f009ce396ec109f1c74fae1423e63d437ca41b4eac8a299131ee16
a12515effeb49199bc7f8a11f41b535d0ccaf14d3d6c8138cb72ab6c07be3ce5
adf80aa7e869bb901f515fd5a77b17050c405dcb37654ac4540999e3c86e790e
bbfc4fb69bfac2e23f151e3cd9d23552d1188a8504763ae942829ca438ebfde8
c6e5def3dbbe74197a396775f3487e0d2c7cb7654637f0cf55ebafe262de3cdd
e171a747fc52ab585a712f07102148e814b437ec77d2a5d433395a77096ff8d9
e202f92ffa7ff7e7e36e1294fcace65e55214f7d30f4410f92a4a9fbbde5b03a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f32925d009be726a22b0b8b8b65a9c47000e8c74a05a3d331d8756dfb03ae113
f4123664f2a6fb1437f5dae6df0748307b6baa8243c11fe364ddc8f409556575
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

avito.paymelift.store Open in urlscan Pro 2606:4700:3036::ac43:b647 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

63 %IPv6

6 Domains

8 Subdomains

9 IPs

4 Countries

351 kBTransfer

1032 kBSize

3 Cookies

2 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

45 JavaScript Global Variables

avito.paymelift.store Open in urlscan Pro
2606:4700:3036::ac43:b647 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

63 %
IPv6

6
Domains

8
Subdomains

9
IPs

4
Countries

351 kB
Transfer

1032 kB
Size

3
Cookies

25 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!