eBay

electricvolcano1978 · ‎08-15-2018

Something really strange has been happening to ebay lately. I load ebay, but when it finishes loaded it reloads the page. Searching items is tricky because once the list is loaded, the page will reload with some sort of number string in the search box. I'm confused. Hitting the back button fixes the issue, but why is it doing this? I am using Google Chrome Version 68.0.3440.106 (Official Build) (64-bit) on Ubuntu 16.04 LTS. This issue is completely limited to ebay.

berserkerplanet · ‎08-16-2018

First off: kudos to you for actually providing some real information in your post (Browser and OS info). It is refreshing to not have to start out with playing 20 questions

I use older Firefox versions and do not see that issue, and have seen no other reports of it.

>>I load ebay, but when it finishes loaded it reloads the page

Not sure what that means. Load eBay? A search page, and do you mean it reloads after you hit the search button and the search results page loads?

Does it only occur on search pages?
What sort of number string in the search box?
Does it happen every time you hit the search button, or only the first time?
Does it happen if you copy the URL from a search from the address bar, paste in a new tab, and load that?
Does it happen if you copy the URL and replace /sch/ with /dsc/ in the url and load that?
Can you post an example search URL?

All I can suggest at this point is to try another browser (Firefox, or whatever else is avail for Linux) and/or try an older version of Chrome. My initial suspicion is that it is a browser specific issue probably related to changes in the newest browser for that specific OS. Narrowing it down via experimentation is the first step to understanding, and maybe workarounds (if there are any).

If it is a specific browser issue, it ain't gonna get fixed unless by accident. In the scenario I postulate, google changed something in Chrome 68.0.3440.106 that interacts badly with eBay's code (the new changes to search?), it affects relatively few users (Linux users a small minority in the grand scheme), and is going to be item 4834 on eBay's todo list for a fix if at all.

dollybeauty · ‎08-16-2018

@electricvolcano1978

Personal question, not related to your issue....

Are you running a virtual box or do you have Ubuntu installed instead of Windows? I have been trying to get this to work on a virtual box under windows. The Ubuntu 17 LTS does nnot yet have a 64 bit version and will not work for me on a 64 bit virtual box. Probably my bad.

eBay is continually updating this site. Some advice given may have changed. Please reply to this thread, to let us know if this advice works for you. The links on the bottom of any eBay page can help you deal with most eBay issues. Contact eBay Customer Service on Facebook.com/eBay or Twitter.com/AskeBay

electricvolcano1978 · ‎08-16-2018

I am not running Ubuntu in a Virtual Box. It is being run on boot. I don't even have Windows installed on this system. The last time I ran Windows, it was complete garbage.

electricvolcano1978 · ‎08-16-2018

When I load the eBay web page, once the page completes the loading process it immediately reloads the page. This does happen while I am searching, but onces the page finishes loading my search query the page immediately searches for a string of numbers. For instance, I load "cat toys". On completion of the search, the site then searches for "27827-1-1534462194-4170740". I don't know if that means anything to you, but it looks like garbage to me. I don't know if there is a way to put up a log of what everything Google Chrome is loading to share that.

berserkerplanet · ‎08-17-2018

Interesting. The numbers don't ring any bells, but I suspect have some meaning.

addendum: looking at response headers for eBay page requests while composing this post, the number you posted looks very much like part of an eBay rlogid - not sure exactly what the rlogid is but *appears* to possibly be an eBay API authentication token of something similar. (Didn't find much, and not going to bother looking deeper since it really isn't important as I think it's just a symptom of another problem). Why search would be injecting that in as the search keywords is unknown.

I don't use Chrome (and won't - tried it way back when it first appeared, hated it, and never lo

looked back), so can't help with specifics.

From what I can see, the developer tools in Chrome are similar to those in Firefox, and the Network monitor in Chrome might do the trick for showing the sequence of web requests made.

I use an old addon in Firefox called HTTPFox (starting about back 10 years ago before there were developer tools built into the browser), and it readily shows that info.

(The newer Firefox and likely Chrome built in tools are more powerful, provide more info, do profiling, have filters,etc but I generally only need to see the load sequence and URLS - often to use for adding to Windows HOSTS file, IP blocklists, Adblock rules, etc - and am used to using the klunky old HTTPFox addon.)

Here is an HTTPFox capture of an example load of an store page that redirects for:
http://stores.ebay.com/SaveCentral-Outlet which redirects to https://www.ebay.com/str/savecentraloutlet

(I normally run it as a browser sidebar in the bottom 1/5 of the browser window, but detached it for screen capture purposes to show the entire sequence)

A dump of the above's upper pane with lines wrapped to not force post to be too wide (via HTTPFox's "copy all rows" context menu option)

00:00:03.341	1.598	2248	228	GET	301	Redirect to: https://www.ebay.com/str/savecentraloutlet
	http://stores.ebay.com/SaveCentral-Outlet
00:00:04.948	0.616	2267	297	GET	200	text/html
	https://www.ebay.com/str/savecentraloutlet
00:00:05.620	0.046	386	(7934)	GET	(Cache)	text/css
	https://ir.ebaystatic.com/rs/c/inception-6129da.css
00:00:05.623	0.100	396	(50524)	GET	(Cache)	text/css
	https://ir.ebaystatic.com/rs/c/browse-page-desktop-c34b1e.css
00:00:05.627	0.120	407	(10448)	GET	(Cache)	text/css
	https://ir.ebaystatic.com/rs/v/vbfgz414rqz5lnmzcfypj25lbyd.css?proc=DU:N
00:00:05.962	0.221	488	(16370)	GET	(Cache)	application/x-font-woff
	https://ir.ebaystatic.com/cr/v/c1/skin/v2.5.5/fonts/vq-icon-font.woff
00:00:05.970	0.376	489	(27304)	GET	(Cache)	application/x-font-woff
	https://ir.ebaystatic.com/cr/v/c1/market-sans/v1.0/MarketSans-Regular-WebS.woff
00:00:06.045	0.352	370	(41375)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/c/inception-7d2624.js
00:00:06.482	0.192	380	(111397)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/c/browse-page-desktop-168593.js
00:00:06.674	0.043	381	(34033)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/v/qcj0qozmfm0cdcdzkrx0lvuhsyg.js
00:00:06.729	0.025	400	(1917)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/c/makeebayfasterscript-src-scripts-body-78a2168a.js
00:00:06.766	0.027	381	(3255)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/v/10341xh50yz21mhhydueu4m5wad.js
00:00:06.793	0.027	381	(7695)	GET	(Cache)	application/x-javascript
	https://ir.ebaystatic.com/rs/v/it02syay0qyozhdaszhv1jl4yyd.js

It shows the redirection that occurs and why (a 301 redirect on http://stores.ebay.com/SaveCentral-Outlet page that points to https://www.ebay.com/str/savecentraloutlet )

Something similar might be occurring in your case.

That is the data that would be of interest if a similar procedure can be performed with Chrome's Web Developer Tools Network Monitor https://stackoverflow.com/questions/41200450/multiple-urls-copy-in-sources-network-tab

Firefox versions newer than FF31 that I run sort of have capability to copy parts of the equivalent of the HTTPFox top pane from the Network Monitor display to the clipboard, but not the same info, and from what I can see, Chrome is similar.

If the results need to be saved or posted, it looks like the only way to get all the URLS in Chrome is (was?) to run the script posted in the stackoverflow thread, or copy all as cURL which grabs a bit more than needed but gets the job done, or to take it all, including content, via the "Copy As HAR (HTTP Archive)" option, which is overkill, but appears the only way to bulk capture all the data

Can also just copy/paste just individual lines of interest one by one.

electricvolcano1978 · ‎08-20-2018

This browser extension seemed to provide what you were looking for. I saved the output as a PDF file. The first one recorded the activity for loading the main ebay web page, and the second was when I searched for "cat toys" as an example search. This was done in the same Google Chrome web browser that I've been using.

berserkerplanet · ‎08-21-2018

So the Web Sniffer Chrome addon provides a nice digest.

No wonder most of you people have so much trouble with eBay.

Out of the 10 pages and approx 500 HTTP/TCP connections you show for the visit to the eBay homepage, I would only see the few connections to:
ebay.com, www.ebay.com, pages.ebay.com, i.ebayimg.com (images, thumbnails) , ir.ebaystatic.com (scripts,css, and images), and maybe some content from rover.ebay.com (and some of the previous domain content is blocked by Adblock Plus rules and/or Noscript, or removed by a GreaseMonkey element hiding script engine.)

gha.ebay.com (annoying notifications) , pulsar.ebay.com (tracking) . ebayrtm.com (tracking), svc.ebay.com, ocsrest.ebay.com. pixel.ebay.com (tracking) are all blocked either by AdblockPlus rules or Windows HOSTS file blocks.

Everything else is blocked by Adblock Plus or HOSTS rules, and/or neutered by Noscript blocking.

adobe, googleads, googlesyndication, googletagservices, adnxs.com, casalemedia.com, rubiconproject.com, advertising.com, mathtag, pinterest, criteo.com, doubleclick.net, demdex.net, krxd.net, 247-inc.net, openx.net, turn.com, adsafeprotected.com, pubmatic.com, the yahoo tracking, and most of the rest are hard blocked via the HOSTS file and have been for a decade or more.

A second layer of Adblock rules are also in place for most of them too in all the browsers (to catch any sneaky subdomains they use that there isn't an explicit HOSTS entry for, and to allow fine tuning when I temp disable a HOSTS entry for reasons) There are about 150 explicitly, manually entered eBay related entries in the HOSTS file in addition to the 50,000 other general entries.

You can use a HOSTS file under Linux too, and the format is the same.

------------------

Your search for cat toys:

About the same as the eBay homepage visit, with a few different actors tossed in. Unfortunately, I can't tell much at a glance from that PDF with the URLS cut off on the right. It looks like there are 19 redirects in there, but they are all google ad and tracking garbage with a couple other tracking ones, pretty much all image redirects that would not cause an ebay page reload.

When I search for "cat toys" (no quotes), I get a 115 line capture of connections, and 100 out of that 115 are for the thumbnail images that load in the search results. 15 lines of HTML and scripts to look at, and No ads, No tracking, nothing external to eBay.

I don't see anything there that indicates an ebay page redirect is happening (but again, your capture doesn't readily show the details of a redirect sequence clearly like the first 2 lines in the screenshot in post#6 do).

If you want to explore this further, maybe you can try some HOSTS file or Adblocker magic and get rid of some of that ad and tracking garbage, and/or try to filter it yourself and find only eBay related HTTP connections with 301 or 302 result codes (redirects) and/or post the FULL URLS to those connections here.

electricvolcano1978 · ‎08-22-2018

The only extension that seems to do anything before the eBay webpage is hijacked is Malwarebytes. I saved a screenshot of what it does when it blocks navigation. It's like eBay is infected by some sort of phishing issue or something that Google Chrome is targeted with. It always has "knowledge" in the URL. Google Chrome says it is loading "urbbanity.com" just before it does it. I don't know if it is linked or not. I don't know if any other Google Chrome users are effected. I have to use Firefox to prevent the hijack from taking place. I probably should not buy anything on eBay using Google Chrome.

berserkerplanet · ‎08-22-2018

It looks like your machine or browser is infested/infected with adware or something similar (no idea what if any Linux malwares are in circulation, but Chrome appears to be infectable)

I found one semi-usable reference to urbbanity.com here: https://forum.kasperskyclub.ru/index.php?showtopic=59415 (in Russian and had to be translated)

From what I can see there and from what you posted it is YOUR Chrome installation that is either infected directly or via a plugin somehow (advertising redirects or something similar).

If it were a page redirect/hijack, Firefox wouldn't prevent it either, which points a finger at Chrome. Unless we are talking about a pretty sophisticated exploit of a specific browser vulnerability which is unlikely for something like this (if on the other hand, you are running a nuclear reactor or are the King of Italy, then maybe they would go to those lengths 🙂

I would suggest looking closely at that, either cleaning up, or maybe wiping out and reinstalling Chrome.

There is no indication that eBay is infected with anything (and you are the only one reporting anything here)

I'm still willing to look at data if you can get me a usable capture of the browser data stream (those PDFs were not really usable as they required tracing each of the 300-500 URLS manually and did not show content or server responses). If you can figure out some way to get more detailed data and need to send text, CSV, or some other non-screenshot files, PM me and I'll shoot you my email address.

And I still recommend using a HOSTS file to try to get rid of some of the garbage to narrow down the suspected websites and to make it easier to see what is happening.