marketplace-metamax.surge.sh

Summary

This website contacted 2 IPs in 4 countries across 3 domains to perform 3 HTTP transactions. The main IP is 138.197.235.123, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is marketplace-metamax.surge.sh.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 19th 2024. Valid for: a year.

This is the only time marketplace-metamax.surge.sh was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
2	138.197.235.123 138.197.235.123	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	103.117.241.2 103.117.241.2	135947 (SHOPEE-VN...) (SHOPEE-VN Shopee Company Limited)
1	143.92.75.82 143.92.75.82	138341 (SHOPEE-AS...) (SHOPEE-AS SHOPEE SINGAPORE PRIVATE LIMITED)
3	2

2 138.197.235.123 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

marketplace-metamax.surge.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dustytravellers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.117.241.2 (Viet Nam) 1 redirects

ASN135947 (SHOPEE-VN Shopee Company Limited, VN)

s.shopee.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.92.75.82 (Singapore)

ASN138341 (SHOPEE-AS SHOPEE SINGAPORE PRIVATE LIMITED, SG)

shopee.vn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	shopee.vn 1 redirects s.shopee.vn — Cisco Umbrella Rank: 90012 shopee.vn — Cisco Umbrella Rank: 21004	271 B
2	surge.sh marketplace-metamax.surge.sh	10 KB
1	dustytravellers.com 1 redirects dustytravellers.com	674 B
3	3

	Domain	Requested by
2	marketplace-metamax.surge.sh
1	shopee.vn	marketplace-metamax.surge.sh
1	s.shopee.vn	1 redirects
1	dustytravellers.com	1 redirects
3	4

This site contains no links.

Subject Issuer	Validity	Valid
*.surge.sh Sectigo RSA Domain Validation Secure Server CA	`2024-04-19` - `2025-05-18`	a year	crt.sh
*.shopee.vn GlobalSign GCC R6 AlphaSSL CA 2023	`2024-04-19` - `2025-05-21`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://marketplace-metamax.surge.sh/
Frame ID: 24B1CBF14AFE62B4F0C7BDB1BA642E07
Requests: 2 HTTP requests in this frame

Frame: https://shopee.vn/shop/1259237022?uls_trackid=5192ih43013q&utm_campaign=id_GDDcl7iRoF&utm_content=----&utm_medium=affiliates&utm_source=an_17347470040&utm_term=c3u8jexka839
Frame ID: C44581EB54718BE5C83D982F76F17D53
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Business Help Center

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

4
Countries

10 kB
Transfer

9 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://dustytravellers.com/ HTTP 302
https://s.shopee.vn/9Uj8f1TPH8 HTTP 301
https://shopee.vn/shop/1259237022?uls_trackid=5192ih43013q&utm_campaign=id_GDDcl7iRoF&utm_content=----&utm_medium=affiliates&utm_source=an_17347470040&utm_term=c3u8jexka839

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
marketplace-metamax.surge.sh/ 987 B
1 KB 505ms
161ms Document
text/html 138.197.235.123
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://marketplace-metamax.surge.sh/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: fe23c560f8f8a910cf1adda3b0f16eb94086d24a1b9cae0bb9b9d2e00669f65f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 161623
Cache-Control: public, max-age=0, must-revalidate
Connection: close
Content-Length: 987
Content-Type: text/html; charset=UTF-8
Date: Sat, 16 Nov 2024 15:34:38 GMT
ETag: "fe23c560f8f8a910cf1adda3b0f16eb94086d24a1b9cae0bb9b9d2e00669f65f"
Response-Time: 2ms
Server: Surge
Surge-Cache: HIT
Surge-Stamp: 528::1731587702771-53d2220c8986d0d00d97e8719e12b132
Vary: Accept-Encoding

GET
H2

200

1259237022
shopee.vn/shop/ Frame C445
Redirect Chain

https://dustytravellers.com/
https://s.shopee.vn/9Uj8f1TPH8
https://shopee.vn/shop/1259237022?uls_trackid=5192ih43013q&utm_campaign=id_GDDcl7iRoF&utm_content=----&utm_medium=affiliates&utm_source=an_17347470040&utm_term=c3u8jexka839

0
0

953ms
423ms

Document
text/html

143.92.75.82
SHOPEE-AS SHOPEE ...

General

Check archive.org

Show headers Download Go to

Full URL

https://shopee.vn/shop/1259237022?uls_trackid=5192ih43013q&utm_campaign=id_GDDcl7iRoF&utm_content=----&utm_medium=affiliates&utm_source=an_17347470040&utm_term=c3u8jexka839

Requested by

Host: marketplace-metamax.surge.sh
URL: https://marketplace-metamax.surge.sh/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

143.92.75.82 , Singapore, ASN138341 (SHOPEE-AS SHOPEE SINGAPORE PRIVATE LIMITED, SG),

Reverse DNS

Software

SGW /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .wallet.airpay.vn .shopee.kr .airpay.vn .shopeemobile.com .shopee.vn .shopee.cn .shopee.io .facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;

Request headers

Referer: https://marketplace-metamax.surge.sh/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.wallet.airpay.vn *.shopee.kr *.airpay.vn *.shopeemobile.com *.shopee.vn *.shopee.cn *.shopee.io *.facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;
content-type: text/html; charset=utf-8
date: Sat, 16 Nov 2024 15:34:41 GMT
server: SGW
vary: Accept-Encoding

Redirect headers

cache-control: no-cache
content-length: 227
content-type: text/html; charset=utf-8
date: Sat, 16 Nov 2024 15:34:40 GMT
location: https://shopee.vn/shop/1259237022?uls_trackid=5192ih43013q&utm_campaign=id_GDDcl7iRoF&utm_content=----&utm_medium=affiliates&utm_source=an_17347470040&utm_term=c3u8jexka839
server: SGW
x-request-id: ba18337827096c0371eb30d968740b00:000000e655e6493a:0000000000000000

GET
H/1.1 404
Not Found favicon.ico
marketplace-metamax.surge.sh/ 8 KB
8 KB 581ms
199ms Other
text/html 138.197.235.123
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://marketplace-metamax.surge.sh/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.197.235.123 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://marketplace-metamax.surge.sh/

Response headers

Surge-Cache: HIT
ETag: W/"2037-Bpq88syl4OLNTwUiR08il4/lN+0"
Surge-Stamp: 540::1731587702771
Connection: close
Content-Length: 8247
Date: Sat, 16 Nov 2024 15:34:42 GMT
Content-Type: text/html; charset=utf-8
Server: Surge

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on November 16th 2024, 3:36:05 pm UTC — From United States

Threats: Brand Impersonation Phishing
Brands: Facebook US
Comment: Facebook IM with this phishing URL pretending to be their security.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Refused to frame 'https://shopee.vn/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' .wallet.airpay.vn .shopee.kr .airpay.vn .shopeemobile.com .shopee.vn .shopee.cn .shopee.io .facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com".
network	error	URL: https://marketplace-metamax.surge.sh/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dustytravellers.com
marketplace-metamax.surge.sh
s.shopee.vn
shopee.vn
103.117.241.2
138.197.235.123
143.92.75.82
188.114.97.3
5d37f9379291a60f698c2ed035bf47041f32a53251424774300f079e73d33468
fe23c560f8f8a910cf1adda3b0f16eb94086d24a1b9cae0bb9b9d2e00669f65f

marketplace-metamax.surge.sh Open in urlscan Pro 138.197.235.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

2 IPs

4 Countries

10 kBTransfer

9 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on November 16th 2024, 3:36:05 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

marketplace-metamax.surge.sh Open in urlscan Pro
138.197.235.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

4
Countries

10 kB
Transfer

9 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Malicious page.url
Submitted on November 16th 2024, 3:36:05 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!