I found one of the website is loading all shopping websites in their own domain.
Eg . www.domain.com having links like ,
www.shoppingsite1.com , www.shoppingsite2.com ,www.shoppingsite3.com ....
if we click on shoppingsite1.com it leads to www.domain.com/iframe/shoppingsite1
and loads the shoppingsite1.com inside this domain.
if some one purchase the product from shoppingsite1.com . Is it possible for domain.com to caputer all user data including payment credentials.