signin.ebay.de-wsebac.work
Open in
urlscan Pro
185.61.152.66
Malicious Activity!
Public Scan
Effective URL: https://signin.ebay.de-wsebac.work/signin/ws/_ca0ab628fa88/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
Submission: On January 27 via automatic, source phishtank
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 5th 2020. Valid for: a year.
This is the only time signin.ebay.de-wsebac.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 178.73.210.27 178.73.210.27 | 42708 (PORTLANE ...) (PORTLANE www.portlane.com) | |
10 | 185.61.152.66 185.61.152.66 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 112.132.32.81 112.132.32.81 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
13 | 4 |
ASN42708 (PORTLANE www.portlane.com, SE)
PTR: 27.210.73.178.in-addr.arpa
ebay.portlibertecontractor.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium18-4.web-hosting.com
signin.ebay.de-wsebac.work |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
PTR: 81.32.132.112.adsl-pool.ah.cnuninet.net
cdn.bootcss.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
de-wsebac.work
signin.ebay.de-wsebac.work |
420 KB |
2 |
bootcss.com
cdn.bootcss.com |
34 KB |
1 |
portlibertecontractor.com
ebay.portlibertecontractor.com |
709 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
10 | signin.ebay.de-wsebac.work |
ebay.portlibertecontractor.com
signin.ebay.de-wsebac.work |
2 | cdn.bootcss.com |
signin.ebay.de-wsebac.work
|
1 | ebay.portlibertecontractor.com | |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ebay.portlibertecontractor.com R3 |
2021-01-13 - 2021-04-13 |
3 months | crt.sh |
signin.ebay.de-wsebac.work Sectigo RSA Domain Validation Secure Server CA |
2020-10-05 - 2021-10-05 |
a year | crt.sh |
*.bootcss.com Let's Encrypt Authority X3 |
2020-11-26 - 2021-02-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://signin.ebay.de-wsebac.work/signin/ws/_ca0ab628fa88/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
Frame ID: 573432193FC9DF5F6A96630926D04EE9
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://ebay.portlibertecontractor.com/xvlWTkxY/PPIIUEMHeBavISAPIhmmUkHP/hzVqgASn Page URL
- https://signin.ebay.de-wsebac.work/ws/_k09oolu77/eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF Page URL
- https://signin.ebay.de-wsebac.work/signin/ws/_ca0ab628fa88/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ebay.portlibertecontractor.com/xvlWTkxY/PPIIUEMHeBavISAPIhmmUkHP/hzVqgASn Page URL
- https://signin.ebay.de-wsebac.work/ws/_k09oolu77/eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF Page URL
- https://signin.ebay.de-wsebac.work/signin/ws/_ca0ab628fa88/eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
hzVqgASn
ebay.portlibertecontractor.com/xvlWTkxY/PPIIUEMHeBavISAPIhmmUkHP/ |
499 B 709 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eBavISAPI-dCsz5RIBKgzlQ7WFmvFSE681R7UF
signin.ebay.de-wsebac.work/ws/_k09oolu77/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdn.bootcss.com/crypto-js/4.0.0/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
eBavISAPI.SignIn-fDzq9S5oodYB1dOBs5A5oMZu
signin.ebay.de-wsebac.work/signin/ws/_ca0ab628fa88/ |
217 KB 144 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto-js.min.js
cdn.bootcss.com/crypto-js/4.0.0/ |
47 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
34wtddjp0q1v1dtu2elv5jwg4yf.css
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-render-0OzFOEbE.css
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
129 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fxxj3ttftm5ltcqnto1o4baovyl.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-render-m4hbjSMk.js
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
860 KB 225 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d1fgru3r3u15jfvvbavtrnj1ve5.js
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-FB-f-Logo__white_29-Nm8L0bDZ.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-google-logo-icon-PNG-Transparent-Background-Z_TFsqo3.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/c/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
725 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f5uxsy10bmz05dtrtrqybl5qquv.png
signin.ebay.de-wsebac.work/assets/ir.ebavstatic/rs/v/ |
994 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)61 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| CryptoJS object| CryptoJSAesJson function| getCookie string| cryptohash number| $ssgST function| openSocialGoogleLoginKeyPress function| openSocialFacebookLoginKeyPress function| openSocialAppleLoginKeyPress function| openSocialGoogleButtonClick function| openSocialFacebookButtonClick function| openSocialAppleButtonClick object| runtime object| $rlookup function| $rset function| $radd function| $rget object| $jscomp object| global object| $_mod object| regeneratorRuntime function| $ function| jQuery object| $rmod function| raptorDefine function| raptorRequire function| define function| require object| raptor object| $i18n object| __core-js_shared__ object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate boolean| _babelPolyfill function| $ssg object| $MUID function| $W10NOOP function| $initComponents object| $MC function| HttpClient object| ebayContent object| GHebayContent number| GHJSLoaded object| GH function| openAPPLLoginKeyPress function| openAPPLLoginPopup function| openSocialLoginPopup function| handleParentCallBackForSocial object| globalDfpContext1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.signin.ebay.de-wsebac.work/ | Name: ckauth Value: ca0ab628fa88 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.bootcss.com
ebay.portlibertecontractor.com
signin.ebay.de-wsebac.work
112.132.32.81
178.73.210.27
185.61.152.66
135f059fe257cbd15457793c34fe688ae234c5b7edc26539a3be0364da2a6321
16b5b504d72bd20ed093e0042691a78726b539434aa84102143106e0c4c1a3a6
1b3c84dc67fbaa659cd41ef4f90978cdc64ee8e7afa4410ee56b55652acd6263
386e01624d28359400e19cf1730f033b1211dd05c130257592fdd7c37439754e
53c410f2864972705c250f8c95f111e583c15f6efce891dae6f902c3490d97bf
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
56fbf97dc6629d06d83590f3c759381dacd1f6dfcd0f8af956ca3ab15b10e699
6f312c310d0eaebd55221020955b150f2b0392f5166e4fc52f4af4261396c704
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
852105f67908ace7733dc1845178d3e5fbd908acb94dfc44837026932e8f1cec
d45f7fb60d223644bf057e03855f6576d417d5faa78cd14f6b25de8b7bc6b13f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8a9332a79eaa40d4bb1fa80bcd4c04756a5c13f3073d0d05f386bc5f57d1d3e
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc