mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop
Open in
urlscan Pro
2606:4700:3034::ac43:af9d
Malicious Activity!
Public Scan
URL:
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThV...
Submission: On October 23 via api from US — Scanned from US
Submission: On October 23 via api from US — Scanned from US
Summary
This website contacted 6 IPs
in 1 countries
across 5 domains to perform 12 HTTP transactions.
The main IP is 2606:4700:3034::ac43:af9d, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop.
TLS certificate: Issued by WE1 on October 21st 2024. Valid for: 3 months.
This is the only time mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop was scanned on urlscan.io!
TLS certificate: Issued by WE1 on October 21st 2024. Valid for: 3 months.
This is the only time mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 7 | 2606:4700:303... 2606:4700:3034::ac43:af9d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2607:f8b0:400... 2607:f8b0:400d:c0c::5f | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2600:9000:21b... 2600:9000:21b8:3c00:10:474e:104a:2961 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 2607:f8b0:400... 2607:f8b0:400d:c0b::5e | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700:440... 2606:4700:4400::6812:2614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 12 | 6 |
7
2606:4700:3034::ac43:af9d
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
buytheway.shop
1 redirects
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop |
26 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
63 KB |
| 2 |
auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 6411 |
65 KB |
| 1 |
swissmarketplace.group
swissmarketplace.group — Cisco Umbrella Rank: 418824 |
2 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30 |
1 KB |
| 12 | 5 |
| Domain | Requested by | |
|---|---|---|
| 7 | mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop |
1 redirects
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop
|
| 2 | fonts.gstatic.com |
fonts.googleapis.com
|
| 2 | cdn.auth0.com |
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop
|
| 1 | swissmarketplace.group | |
| 1 | fonts.googleapis.com |
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop
|
| 12 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| re.swissmarketplace.group |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| buytheway.shop WE1 |
2024-10-21 - 2025-01-19 |
3 months | crt.sh |
| upload.video.google.com WR2 |
2024-09-30 - 2024-12-23 |
3 months | crt.sh |
| *.auth0.com Amazon RSA 2048 M03 |
2024-01-25 - 2025-02-22 |
a year | crt.sh |
| *.gstatic.com WR2 |
2024-09-30 - 2024-12-23 |
3 months | crt.sh |
| swissmarketplace.group WE1 |
2024-10-18 - 2025-01-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2NpZNkgVm8xMjE5aGw3UlNiSEVzNGNkNk1JNG8yMVMwYmx5SXE/login.php
Frame ID: 7A2AAC4FE68FE3735C2D985C46A6D00C
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Login | swissmarketplace.groupPage URL History Show full URLs
- https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0... Page URL
-
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/cdn-cgi/phish-bypass?atok=v9EJAJzUhYT5QeeAg9ghsDwJZx1FiH1bNr0Uj6Ow.vM-172969...
HTTP 301
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://re.swissmarketplace.group/en/ubm
Title: .cls-1 { fill: #46a5a5; stroke-width: 0px; }
Title: .cls-1 { fill: #46a5a5; stroke-width: 0px; }
Search URL Search Domain Scan URL
URL: https://re.swissmarketplace.group/de/help-center/
Title: FAQ
Title: FAQ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2NpZNkgVm8xMjE5aGw3UlNiSEVzNGNkNk1JNG8yMVMwYmx5SXE/login.php Page URL
-
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/cdn-cgi/phish-bypass?atok=v9EJAJzUhYT5QeeAg9ghsDwJZx1FiH1bNr0Uj6Ow.vM-1729691597-0.0.1.1-%2FhKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2NpZNkgVm8xMjE5aGw3UlNiSEVzNGNkNk1JNG8yMVMwYmx5SXE%2Flogin.php
HTTP 301
https://mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2NpZNkgVm8xMjE5aGw3UlNiSEVzNGNkNk1JNG8yMVMwYmx5SXE/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H3 |
login.php
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2N... |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
cf.errors.css
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
icon-exclamation.png
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon.ico
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/ |
331 B 992 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Primary Request
login.php
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2N... Redirect Chain
|
53 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.86.8/css/ |
271 KB 63 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
badge.png
cdn.auth0.com/styleguide/components/1.0.8/media/logos/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
email-decode.min.js
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
688 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
463 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
227 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v20/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ |
34 KB 34 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
cropped-favicon-32x32.png
swissmarketplace.group/wp-content/uploads/2021/11/ |
1 KB 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop/ | Name: __cf_mw_byp Value: v9EJAJzUhYT5QeeAg9ghsDwJZx1FiH1bNr0Uj6Ow.vM-1729691597-0.0.1.1-/hKFo2SA3QjNIcWI5bmhPdlR1SU9ibzFxMGlRc0x0Ul83clZSa6Fur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZFWDIzQVV0aThVOEdkVkpKMmRBMFR4VTA5ZnJRc2dzo2NpZNkgVm8xMjE5aGw3UlNiSEVzNGNkNk1JNG8yMVMwYmx5SXE/login.php |
|
| .swissmarketplace.group/ | Name: __cf_bm Value: KrepsVGDLTb3dPq4g4rtCPT6ir1ar_3HwVq7gl3dsC4-1729691603-1.0.1.1-Q6wye5A7MmYhUTp8BPDVf1jvyKV.sR7FGqcl6RcrbKQcHJdP1kcOTcm6O5Jcp1v3NSYh9yaCtv1eK92AQTMKPw |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.auth0.com
fonts.googleapis.com
fonts.gstatic.com
mfr4vta5znjrc2dzo2npznkgvm8xmje5agw3ulnisevzngnknk1jng.buytheway.shop
swissmarketplace.group
2600:9000:21b8:3c00:10:474e:104a:2961
2606:4700:3034::ac43:af9d
2606:4700:4400::6812:2614
2607:f8b0:400d:c0b::5e
2607:f8b0:400d:c0c::5f
24904e5dbb5ce723a3b2b80b61035bfdc4f7603b7b39afbd7d3ef2110d131460
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
33fb88f606a3f32f2f218df25dcc69283d9a555a0f8e253f2092f3af53404c11
5f69ea556228be3f0ec886e9f334cc397602a8fe13f03cbaf420f6080f701995
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
925352670807b63128f00ca857d582fe549ac2cbe5370c5cb9d9e10c9524e01f
b4734c8cd4c52f37e397ba0b21555effee5e7e69c840b1d6e31abc171c687897
bffa8868ec1b685d9f0442f30636f2f70c5040b059c75ec6ad8c4f3c0aa14eb5
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f31224e5a5b3a5b203782e74fe9cd5fee0e773944204d71961007b918dc8f831
fae78744b9fece8084bfc98341a4e773a2f527c0288b5834ce90e5cfbebb1961
fd0c91dae3964654557348546b167581cdac13a2e00555b3c5b73e0981d4b165
fe933a4f635a538ce956996c180010ef56c42372d24f1c240f1c452f1bbb088f