shreevaartha.org
Open in
urlscan Pro
199.79.62.108
Malicious Activity!
Public Scan
Submission: On December 14 via api from GB
Summary
This is the only time shreevaartha.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 199.79.62.108 199.79.62.108 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR) | |
5 | 152.199.23.155 152.199.23.155 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
2 | 23.210.248.226 23.210.248.226 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 2 | 64.4.245.84 64.4.245.84 | 17012 (PAYPAL) (PAYPAL - PayPal) | |
13 | 5 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-23.webhostbox.net
shreevaartha.org |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
ir.ebaystatic.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com
c.paypal.com |
ASN17012 (PAYPAL - PayPal, Inc., US)
b.stats.paypal.com | |
dub.stats.paypal.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
shreevaartha.org
1 redirects
shreevaartha.org |
125 KB |
5 |
ebaystatic.com
ir.ebaystatic.com |
54 KB |
4 |
paypal.com
1 redirects
c.paypal.com b.stats.paypal.com dub.stats.paypal.com |
18 KB |
13 | 3 |
Domain | Requested by | |
---|---|---|
6 | shreevaartha.org |
1 redirects
shreevaartha.org
|
5 | ir.ebaystatic.com |
shreevaartha.org
|
2 | c.paypal.com |
shreevaartha.org
c.paypal.com |
1 | dub.stats.paypal.com |
shreevaartha.org
|
1 | b.stats.paypal.com | 1 redirects |
13 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ebay.co.uk |
reg.ebay.co.uk |
pages.ebay.co.uk |
trustsealinfo.websecurity.norton.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ir.ebaystatic.com DigiCert SHA2 Secure Server CA |
2019-07-12 - 2021-03-23 |
2 years | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2019-09-10 - 2020-08-18 |
a year | crt.sh |
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA |
2018-02-16 - 2020-04-29 |
2 years | crt.sh |
This page contains 4 frames:
Primary Page:
http://shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/
Frame ID: 75E5A5BD0A3AB5D29A3B7EDC693B9E75
Requests: 12 HTTP requests in this frame
Frame:
https://c.paypal.com/da/r/efb.js
Frame ID: C27F953A00C5070507137E3E7C895488
Requests: 1 HTTP requests in this frame
Frame:
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/efb.js
Frame ID: 69D9FBD45661E31DF5DF1B4C57C6D93E
Requests: 1 HTTP requests in this frame
Frame:
https://dub.stats.paypal.com/counter2.cgi
Frame ID: 4972A7DEB61450E0F8FFBCA5EB74E7BF
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8s...
HTTP 301
http://shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8s... Page URL
Detected technologies
OpenSSL (Web Server Extensions) ExpandDetected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: eBay logo
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Title: User Agreement
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: AdChoice
Search URL Search Domain Scan URL
Title: Norton Secured - powered by Verisign
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P
HTTP 301
http://shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://b.stats.paypal.com/v1/counter.cgi?r=cD05Y2RmNWNhODE2ZTBhOWUwZjY0MzliNjRmZmFiYmFlMiZpPTE3Mi45NC4xMDQuNTYmdD0xNTc0NjIyMjcxNjI1JmE9MjDzYhIfQwmneWYyrg_Q8fWfvrRTGw== HTTP 302
- https://dub.stats.paypal.com/counter2.cgi
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/ Redirect Chain
|
219 KB 55 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
34wtddjp0q1v1dtu2elv5jwg4yf.css
shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/views/signin-en_files/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin-Ek2-eBGv.css
shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/views/signin-en_files/ |
155 KB 62 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fxxj3ttftm5ltcqnto1o4baovyl.png
shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/views/signin-en_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9.gif
shreevaartha.org/.smileys/js/dZjphX5RY0suQG8r3CGNaoH4oSdzvxJleflUCRxlIbNe01ymUzEDWO8Zza6v6N8sX9gWZhjStPlmk8i5o06QLMqS36P/views/signin-en_files/ |
42 B 372 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarketSans-Regular-WebS.woff2
ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/ |
22 KB 22 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MarketSans-SemiBold-WebS.woff2
ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/ |
22 KB 22 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-FB-f-Logo__white_29-Nm8L0bDZ.png
ir.ebaystatic.com/rs/c/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sgninui-src-static-images-google-logo-icon-PNG-Transparent-Background-Z_TFsqo3.png
ir.ebaystatic.com/rs/c/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
efb.js
c.paypal.com/da/r/ Frame C27F |
49 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
725 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f5uxsy10bmz05dtrtrqybl5qquv.png
ir.ebaystatic.com/rs/v/ |
994 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i
c.paypal.com/v1/r/d/ Frame 69D9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter2.cgi
dub.stats.paypal.com/ Frame 4972 Redirect Chain
|
42 B 494 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| $ssgST function| openFBLoginKeyPress function| openFBLoginPopup function| openGGLLoginKeyPress function| openGGLLoginPopup string| nVer string| nAgt string| browserName string| fullVersion number| majorVersion undefined| nameOffset number| verOffset number| ix string| OSName undefined| dom object| doc object| where object| iframe function| handleParentCallBackForSocial object| widget_platform function| DFP object| global object| $_mod_ua_fe object| $MUID function| $W10NOOP function| $initComponents function| markoInitComponents function| markoDynamicInitComponents function| rInterval function| initDFP object| trkCorrelationSessionInfo undefined| Uri function| otpSubmit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
b.stats.paypal.com
c.paypal.com
dub.stats.paypal.com
ir.ebaystatic.com
shreevaartha.org
152.199.23.155
199.79.62.108
23.210.248.226
64.4.245.84
0271d7ba6b311e53b275cd663c9c65f1e0f85e529c52de2008a613009c8639f8
1b3c84dc67fbaa659cd41ef4f90978cdc64ee8e7afa4410ee56b55652acd6263
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4eeb83f55d515b1c495bf1b5d98d0d3adff0c243acbca22d29b1ab33d23b20d9
53c410f2864972705c250f8c95f111e583c15f6efce891dae6f902c3490d97bf
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
56fbf97dc6629d06d83590f3c759381dacd1f6dfcd0f8af956ca3ab15b10e699
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6fa024b2398c0c6f525e91c99c6a73ff0ebbcaa617f2fb1a5ea7023e19d104bd
75dceb1952ced6dab35cf68d3b6bf2f3d2ee9dd7b799ef2b5efb39323d093cc4
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
d1de97533f8c973f9eb1162098eee749715f058edb650efd69e9d6ac62b056b6
ddd6e288270268de6b427fb4760e0d1384fff8e72a643faa642d4f51203b0efe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855