itmp1.co.uk
Open in
urlscan Pro
68.65.120.190
Malicious Activity!
Public Scan
Effective URL: https://itmp1.co.uk/eBay-items-58925412/
Submission: On February 24 via automatic, source openphish
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 23rd 2020. Valid for: a year.
This is the only time itmp1.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: eBay (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 6 | 68.65.120.190 68.65.120.190 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 1 | 64.4.252.44 64.4.252.44 | 11643 (EBAY) (EBAY) | |
2 | 2.18.234.107 2.18.234.107 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
6 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server265-1.web-hosting.com
ebay-items-48528172.itmp1.co.uk | |
itmp1.co.uk |
ASN11643 (EBAY, US)
PTR: rover-web-public-1-3-rnoaz02.ebay.com
rover.ebay.com |
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-107.deploy.static.akamaitechnologies.com
rover.ebay.co.uk | |
securepics.ebaystatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
itmp1.co.uk
2 redirects
ebay-items-48528172.itmp1.co.uk itmp1.co.uk |
19 KB |
1 |
ebaystatic.com
securepics.ebaystatic.com |
20 KB |
1 |
ebay.co.uk
rover.ebay.co.uk |
554 B |
1 |
ebay.com
1 redirects
rover.ebay.com |
828 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
4 | itmp1.co.uk |
itmp1.co.uk
|
2 | ebay-items-48528172.itmp1.co.uk | 2 redirects |
1 | securepics.ebaystatic.com |
itmp1.co.uk
|
1 | rover.ebay.co.uk |
itmp1.co.uk
|
1 | rover.ebay.com | 1 redirects |
6 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ebay.co.uk |
reg.ebay.co.uk |
scgi.ebay.co.uk |
pages.ebay.co.uk |
cgi6.ebay.co.uk |
trustsealinfo.websecurity.norton.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
itmp1.co.uk Sectigo RSA Domain Validation Secure Server CA |
2020-02-23 - 2021-02-22 |
a year | crt.sh |
www.ebay.com DigiCert SHA2 Secure Server CA |
2019-07-17 - 2020-08-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://itmp1.co.uk/eBay-items-58925412/
Frame ID: 37C44031A60B4FB45F091DE0F6A9C09F
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://ebay-items-48528172.itmp1.co.uk/
HTTP 301
https://ebay-items-48528172.itmp1.co.uk/ HTTP 301
https://itmp1.co.uk/eBay-items-58925412/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: eBay
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: Reset your password
Search URL Search Domain Scan URL
Title: User Agreement
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: AdChoice
Search URL Search Domain Scan URL
Title: Norton Secured - powered by Verisign
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ebay-items-48528172.itmp1.co.uk/
HTTP 301
https://ebay-items-48528172.itmp1.co.uk/ HTTP 301
https://itmp1.co.uk/eBay-items-58925412/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://rover.ebay.com/roversync/?site=3&stg=1&mpt=1508628103579 HTTP 301
- https://rover.ebay.co.uk/roversync/?site=3&stg=1&cguid=771ee4dd1700a6e47231a3dae749cad5&mpt=1582546478301
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
itmp1.co.uk/eBay-items-58925412/ Redirect Chain
|
44 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a-logo.png
itmp1.co.uk/eBay-items-58925412/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
rover.ebay.co.uk/roversync/ Redirect Chain
|
42 B 554 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imgbg.jpg
itmp1.co.uk/securepics.ebaystatic.com/aw/pics/cmp/ds3/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprSignIn3.png
securepics.ebaystatic.com/aw/pics/register/ |
19 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n-logo.png
itmp1.co.uk/eBay-items-58925412/ |
994 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: eBay (E-commerce)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ebay-items-48528172.itmp1.co.uk
itmp1.co.uk
rover.ebay.co.uk
rover.ebay.com
securepics.ebaystatic.com
2.18.234.107
64.4.252.44
68.65.120.190
5440e48584e47738479ccd905576e9ddf2097d07b6c7ba81dda6eeb13b1d4af0
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7e0f4cd0590e2cf36c094d4226d70ccf2bc12107c46f3aeb8b3b5801396b44b0
899a2079ba48174dae4a94e57d316e50cde25ae9ec4ca4a9e73546538934ae9d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e2192eadf7564ceb9202cb5b5ddcfb244c4a2627ffd46b7292855972181623ec