signin.ebay.de-wsebac.work
Open in
urlscan Pro
185.61.152.66
Malicious Activity!
Public Scan
Effective URL: https://signin.ebay.de-wsebac.work/signin/ws/_bc4286c3ca0a/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
Submission Tags: 6940016
Submission: On January 27 via api from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 5th 2020. Valid for: a year.
This is the only time signin.ebay.de-wsebac.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 178.73.210.27 178.73.210.27 | 42708 (PORTLANE ...) (PORTLANE www.portlane.com) | |
10 | 185.61.152.66 185.61.152.66 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 123.6.2.102 123.6.2.102 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
13 | 4 |
ASN42708 (PORTLANE www.portlane.com, SE)
PTR: 27.210.73.178.in-addr.arpa
ebay.hvacmania.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium18-4.web-hosting.com
signin.ebay.de-wsebac.work |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
PTR: hn.kd.ny.adsl
cdn.bootcss.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
de-wsebac.work
signin.ebay.de-wsebac.work |
420 KB |
2 |
bootcss.com
cdn.bootcss.com |
34 KB |
1 |
hvacmania.com
ebay.hvacmania.com |
709 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
10 | signin.ebay.de-wsebac.work |
ebay.hvacmania.com
signin.ebay.de-wsebac.work |
2 | cdn.bootcss.com |
signin.ebay.de-wsebac.work
|
1 | ebay.hvacmania.com | |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ebay.hvacmania.com R3 |
2021-01-13 - 2021-04-13 |
3 months | crt.sh |
signin.ebay.de-wsebac.work Sectigo RSA Domain Validation Secure Server CA |
2020-10-05 - 2021-10-05 |
a year | crt.sh |
*.bootcss.com Let's Encrypt Authority X3 |
2020-11-26 - 2021-02-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://signin.ebay.de-wsebac.work/signin/ws/_bc4286c3ca0a/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
Frame ID: 2ECCA17540A042D9CC7DEFB520CF6C42
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://ebay.hvacmania.com/nildJjsg/nRtZCYyeBavISAPITlHmRUv/ZIWpVco Page URL
- https://signin.ebay.de-wsebac.work/ws/_k09oolu77/eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF Page URL
- https://signin.ebay.de-wsebac.work/signin/ws/_bc4286c3ca0a/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ebay.hvacmania.com/nildJjsg/nRtZCYyeBavISAPITlHmRUv/ZIWpVco Page URL
- https://signin.ebay.de-wsebac.work/ws/_k09oolu77/eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF Page URL
- https://signin.ebay.de-wsebac.work/signin/ws/_bc4286c3ca0a/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ZIWpVco
ebay.hvacmania.com/nildJjsg/nRtZCYyeBavISAPITlHmRUv/ |
499 B 709 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF
signin.ebay.de-wsebac.work/ws/_k09oolu77/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdn.bootcss.com/crypto-js/4.0.0/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
signin.ebay.de-wsebac.work/signin/ws/_bc4286c3ca0a/ |
217 KB 145 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdn.bootcss.com/crypto-js/4.0.0/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
34wtddjp0q1v1dtu2elv5jwg4yf.css
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-render-0OzFOEbE.css
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
129 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fxxj3ttftm5ltcqnto1o4baovyl.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-render-m4hbjSMk.js
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
860 KB 225 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d1fgru3r3u15jfvvbavtrnj1ve5.js
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-FB-f-Logo__white_29-Nm8L0bDZ.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-google-logo-icon-PNG-Transparent-Background-Z_TFsqo3.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
725 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f5uxsy10bmz05dtrtrqybl5qquv.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
994 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)61 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| CryptoJS object| CryptoJSAesJson function| getCookie string| cryptohash number| $ssgST function| openSocialGoogleLoginKeyPress function| openSocialFacebookLoginKeyPress function| openSocialAppleLoginKeyPress function| openSocialGoogleButtonClick function| openSocialFacebookButtonClick function| openSocialAppleButtonClick object| runtime object| $rlookup function| $rset function| $radd function| $rget object| $jscomp object| global object| $_mod object| regeneratorRuntime function| $ function| jQuery object| $rmod function| raptorDefine function| raptorRequire function| define function| require object| raptor object| $i18n object| __core-js_shared__ object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate boolean| _babelPolyfill function| $ssg object| $MUID function| $W10NOOP function| $initComponents object| $MC function| HttpClient object| ebayContent object| GHebayContent number| GHJSLoaded object| GH function| openAPPLLoginKeyPress function| openAPPLLoginPopup function| openSocialLoginPopup function| handleParentCallBackForSocial object| globalDfpContext1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.signin.ebay.de-wsebac.work/ | Name: ckauth Value: bc4286c3ca0a |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.bootcss.com
ebay.hvacmania.com
signin.ebay.de-wsebac.work
123.6.2.102
178.73.210.27
185.61.152.66
16b5b504d72bd20ed093e0042691a78726b539434aa84102143106e0c4c1a3a6
18475ed8fe29f4640da61c33e5729a39dfb45ce1bc96008cb16496c703962e3d
1aa80a65d2b698b45133abbabb0d9312a08c1b135b73c05f489580c40deb7100
1b3c84dc67fbaa659cd41ef4f90978cdc64ee8e7afa4410ee56b55652acd6263
53c410f2864972705c250f8c95f111e583c15f6efce891dae6f902c3490d97bf
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
56fbf97dc6629d06d83590f3c759381dacd1f6dfcd0f8af956ca3ab15b10e699
6f312c310d0eaebd55221020955b150f2b0392f5166e4fc52f4af4261396c704
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
852105f67908ace7733dc1845178d3e5fbd908acb94dfc44837026932e8f1cec
d45f7fb60d223644bf057e03855f6576d417d5faa78cd14f6b25de8b7bc6b13f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8a9332a79eaa40d4bb1fa80bcd4c04756a5c13f3073d0d05f386bc5f57d1d3e
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc