www.einloggen-ebay.de.ixsfaje.hostpress.pro
Open in
urlscan Pro
212.88.144.57
Malicious Activity!
Public Scan
Submitted URL: https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/
Effective URL: https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/99ed4c2655c7a61c0e812c0bda0c49a5.php?scr=&hash=item65ecd5d84&sessionid=28b8e41b3588db1781a02fe21...
Submission: On August 05 via automatic, source certstream-suspicious
Effective URL: https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/99ed4c2655c7a61c0e812c0bda0c49a5.php?scr=&hash=item65ecd5d84&sessionid=28b8e41b3588db1781a02fe21...
Submission: On August 05 via automatic, source certstream-suspicious
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 10 HTTP transactions.
The main IP is 212.88.144.57, located in
Marpingen, Germany and
belongs to SAARGATE-AS VSE NET GmbH, DE.
The main domain is www.einloggen-ebay.de.ixsfaje.hostpress.pro.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 5th 2020. Valid for: 3 months.
This is the only time www.einloggen-ebay.de.ixsfaje.hostpress.pro was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on August 5th 2020. Valid for: 3 months.
This is the only time www.einloggen-ebay.de.ixsfaje.hostpress.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 9 | 212.88.144.57 212.88.144.57 | 9063 (SAARGATE-...) (SAARGATE-AS VSE NET GmbH) | |
| 10 | 2 |
9
212.88.144.57
(Marpingen, Germany)
ASN9063 (SAARGATE-AS VSE NET GmbH, DE)
PTR: rocket.hpress.de
ASN9063 (SAARGATE-AS VSE NET GmbH, DE)
PTR: rocket.hpress.de
| www.einloggen-ebay.de.ixsfaje.hostpress.pro |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
hostpress.pro
www.einloggen-ebay.de.ixsfaje.hostpress.pro |
107 KB |
| 0 |
blogspot.com
Failed
cssplugsin.blogspot.com Failed |
|
| 10 | 2 |
| Domain | Requested by | |
|---|---|---|
| 9 | www.einloggen-ebay.de.ixsfaje.hostpress.pro |
www.einloggen-ebay.de.ixsfaje.hostpress.pro
|
| 0 | cssplugsin.blogspot.com Failed |
www.einloggen-ebay.de.ixsfaje.hostpress.pro
|
| 10 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| einloggen-ebay.de.ixsfaje.hostpress.pro Let's Encrypt Authority X3 |
2020-08-05 - 2020-11-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/99ed4c2655c7a61c0e812c0bda0c49a5.php?scr=&hash=item65ecd5d84&sessionid=28b8e41b3588db1781a02fe21b4c23c6
Frame ID: F7BAD03A172B311BF7F5FAD034DAAEAB
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/ Page URL
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/signin.php Page URL
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/99ed4c2655c7a61c0e812c0bda0c49a5.php?scr=&hash=item65ecd5d84&sessionid=28b8e... Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/ Page URL
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/signin.php Page URL
- https://www.einloggen-ebay.de.ixsfaje.hostpress.pro/99ed4c2655c7a61c0e812c0bda0c49a5.php?scr=&hash=item65ecd5d84&sessionid=28b8e41b3588db1781a02fe21b4c23c6 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
www.einloggen-ebay.de.ixsfaje.hostpress.pro/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
transparent.gif
www.einloggen-ebay.de.ixsfaje.hostpress.pro/Just%20a%20moment..._files/ |
236 B 236 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
transparent.gif
www.einloggen-ebay.de.ixsfaje.hostpress.pro/cdn-cgi/images/trace/jschal/nojs/ |
246 B 246 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
signin.php
www.einloggen-ebay.de.ixsfaje.hostpress.pro/ |
2 B 311 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
99ed4c2655c7a61c0e812c0bda0c49a5.php
www.einloggen-ebay.de.ixsfaje.hostpress.pro/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
www.einloggen-ebay.de.ixsfaje.hostpress.pro/res/css/ |
1 KB 683 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
www.einloggen-ebay.de.ixsfaje.hostpress.pro/res/js/ |
286 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.einloggen-ebay.de.ixsfaje.hostpress.pro/res/img/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
norton.png
www.einloggen-ebay.de.ixsfaje.hostpress.pro/res/img/ |
994 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
cssplugsin.blogspot.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cssplugsin.blogspot.com
- URL
- http://cssplugsin.blogspot.com/?css=stylesheet.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cssplugsin.blogspot.com
www.einloggen-ebay.de.ixsfaje.hostpress.pro
cssplugsin.blogspot.com
212.88.144.57
0aebbf06ee6b2cf73f39689ab95b2df544b5c77f18e395592f2188eb3d76aeb0
675e09ef6aafe847104c3e67b4bb221e29fbf3dd3b0812ff11eb977858b2b6c9
68b6db8bc4ebfb81a2ac8a7c97d6d84b5a27cce993878f00dae9048b880598e5
692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
d17967a11ca75dc4b4a5ff39207a0c4e25f233ccbc30f5d6d82e591bbbde2150
ebc9d28ab10524b2b6c18da23bb6506a6c3dba7f050e87e3b1c78ce218978941
fcfffd73447874ae218094e98c1aa1c9c552c01faf6938ec18e9d69c7e453398