urlscan.io logo urlscan.io
SecurityTrails logo

marketplace-listing.com Open in urlscan Pro
34.91.13.198  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tinyurl.com/pets1f1s
Effective URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDEx...
Submission: On June 03 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 34.91.13.198, located in Groningen, Netherlands and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is marketplace-listing.com.
TLS certificate: Issued by R3 on June 2nd 2022. Valid for: 3 months.
This is the only time marketplace-listing.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 8 34.91.13.198 396982 (GOOGLE-CL...)
7 2
Apex Domain
Subdomains		 Transfer
8 marketplace-listing.com
marketplace-listing.com
96 KB
1 tinyurl.com
tinyurl.com — Cisco Umbrella Rank: 17254
418 B
7 2
Domain Requested by
8 marketplace-listing.com 1 redirects marketplace-listing.com
1 tinyurl.com 1 redirects
7 2

This site contains no links.

Subject Issuer Validity Valid
marketplace-listing.com
R3		 2022-06-02 -
2022-08-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Frame ID: 9BB500605DB1B330FBE669AF010B73B2
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tinyurl.com/pets1f1s HTTP 301
    https://marketplace-listing.com/ HTTP 302
    https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

96 kB
Transfer

314 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tinyurl.com/pets1f1s HTTP 301
    https://marketplace-listing.com/ HTTP 302
    https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
marketplace-listing.com/login/
Redirect Chain
  • https://tinyurl.com/pets1f1s
  • https://marketplace-listing.com/
  • https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
823 B
793 B 		Document
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
6c76c4e6d34bf5b7f578824caed19e33084de9b9a9125daf01d839d24771bd64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
376
Content-Type
text/html; charset=UTF-8
Date
Fri, 03 Jun 2022 18:53:02 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 03 Jun 2022 18:53:01 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Pragma
no-cache
Server
Apache/2.4.29 (Ubuntu)
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
styles.css
marketplace-listing.com/login/Core/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/Core/styles.css
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
94223fcbb4627bf85ea7fe3244636d2cb89c9f693f860fcf464b41589839364c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:51 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"d48-5e0802dc4fc81-gzip"
X-Frame-Options
DENY
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
1131
Keep-Alive
timeout=5, max=98
computer.css
marketplace-listing.com/login/Core/ 		2 KB
896 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/Core/computer.css
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
3e5d57a2b8d6b1d56c4c9eb2ad3f61c8e44144a8e4972dd6753261cc11246a86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:51 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"661-5e0802dc44101-gzip"
X-Frame-Options
DENY
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
505
Keep-Alive
timeout=5, max=97
jquery-3.2.1.min.js
marketplace-listing.com/login/js/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/js/jquery-3.2.1.min.js
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:51 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"15283-5e0802dc57981-gzip"
X-Frame-Options
DENY
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
30138
Keep-Alive
timeout=5, max=100
code.js
marketplace-listing.com/login/js/ 		194 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/js/code.js
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
2af6f91dc63b1716ad6331decb6e316d68d46df7dcb5dfb9a4ef3cb1bd8ca772
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:51 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"307de-5e0802dc663e1-gzip"
X-Frame-Options
DENY
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Keep-Alive
timeout=5, max=100
script.js
marketplace-listing.com/login/Core/ 		890 B
775 B 		Script
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/Core/script.js
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
5988461be8ee3ecaa90a37b72b2da76ff5061da295699389798cd0d4a93bb5da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:52 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"37a-5e0802dc97121-gzip"
X-Frame-Options
DENY
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
370
Keep-Alive
timeout=5, max=96
css.css
marketplace-listing.com/login/Core/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://marketplace-listing.com/login/Core/css.css
Requested by
Host: marketplace-listing.com
URL: https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.91.13.198 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.13.91.34.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
3fca248d13b539eaf91393834e41dc5214fa08e65a9a7985047484598c1ee670
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://marketplace-listing.com/login/index.php?MTY1NDI4MjM4MWMxMjA4NTE5NmFiZmY1NzlhY2JmZTJlNmJhOGQwNTQyYzc2MmJiNzg5MzA4MDJkMDExNzRiMWVmYjgxNDJmMGMwNjI2NmZiMw==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 03 Jun 2022 18:53:02 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Jun 2022 00:26:51 GMT
Server
Apache/2.4.29 (Ubuntu)
ETag
"1db0-5e0802dc44101-gzip"
X-Frame-Options
DENY
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
2067
Keep-Alive
timeout=5, max=99
truncated
/ 		21 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
897928d2c95f7442058b905c88ab2983b5717e36ddefff8076e91e438c4432c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		463 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8273c9852c383c0554dc74f5af60b547b94fb8d0d980ea9fbcf358686b236f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| $ function| jQuery string| htmlcontent function| getRandomInRange function| randString function| replaceAll function| load_random_dom_content

1 Cookies

Domain/Path Name / Value
marketplace-listing.com/ Name: PHPSESSID
Value: m0m9lc4peds987imsc5qahje7r

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY