www.metroexodus.work Open in urlscan Pro
62.171.180.179 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://metroexodus.work/
Effective URL:
https://www.metroexodus.work/en/event/metroexodus/
Submission: On November 28 via manual (November 28th 2020, 4:01:56 am UTC) from GB

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 5 domains to perform 24 HTTP transactions. The main IP is 62.171.180.179, located in United Kingdom and belongs to CONTABO, DE. The main domain is www.metroexodus.work.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 27th 2020. Valid for: 3 months.

This is the only time www.metroexodus.work was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
1 18	62.171.180.179 62.171.180.179	51167 (CONTABO) (CONTABO)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba29	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	51.15.189.129 51.15.189.129	12876 (Online SAS) (Online SAS)
1	163.172.219.20 163.172.219.20	12876 (Online SAS) (Online SAS)
24	7

18 62.171.180.179 (United Kingdom) 1 redirects

ASN51167 (CONTABO, DE)
PTR: vmi479372.contaboserver.net

metroexodus.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.metroexodus.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba29 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

www.pubgmobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.15.189.129 (France)

ASN12876 (Online SAS, FR)
PTR: 51-15-189-129.rev.poneytelecom.eu

l.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.172.219.20 (Amsterdam, Netherlands)

ASN12876 (Online SAS, FR)
PTR: 163-172-219-20.rev.poneytelecom.eu

a.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	metroexodus.work 1 redirects metroexodus.work www.metroexodus.work	1 MB
2	top4top.io l.top4top.io a.top4top.io	37 KB
2	pubgmobile.com www.pubgmobile.com	75 KB
1	jquery.com code.jquery.com	32 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
24	5

	Domain	Requested by
17	www.metroexodus.work	www.metroexodus.work
2	www.pubgmobile.com	www.metroexodus.work www.pubgmobile.com
1	a.top4top.io	www.metroexodus.work
1	l.top4top.io	www.metroexodus.work
1	code.jquery.com	www.metroexodus.work
1	cdnjs.cloudflare.com	www.metroexodus.work
1	metroexodus.work	1 redirects
24	7

This site contains no links.

Subject Issuer	Validity	Valid
*.metroexodus.work Let's Encrypt Authority X3	`2020-11-27` - `2021-02-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
wetv.acc.qq.com DigiCert Secure Site ECC CA-1	`2020-09-17` - `2021-04-10`	7 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
top4top.io Let's Encrypt Authority X3	`2020-10-26` - `2021-01-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.metroexodus.work/en/event/metroexodus/
Frame ID: 41892B9E4D466BC35C6D05AEAB17A4D5
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://metroexodus.work/ HTTP 301
https://www.metroexodus.work/en/event/metroexodus/ Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

24
Requests

96 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

5
Countries

1329 kB
Transfer

1458 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://metroexodus.work/ HTTP 301
https://www.metroexodus.work/en/event/metroexodus/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.metroexodus.work/en/event/metroexodus/
Redirect Chain

http://metroexodus.work/
https://www.metroexodus.work/en/event/metroexodus/

29 KB
6 KB

306ms
163ms

Document
text/html

62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: ca937c26927a0a60479b541724fbf6553681dcaf7af99b1689481b70865a101f

Request headers

:method: GET
:authority: www.metroexodus.work
:scheme: https
:path: /en/event/metroexodus/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Nov 2020 04:01:37 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

Redirect headers

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 706
Date: Sat, 28 Nov 2020 04:01:36 GMT
Server: LiteSpeed
Location: https://www.metroexodus.work/en/event/metroexodus/

GET
H3-Q050 404 facebook.css
www.metroexodus.work/en/event/metroexodus/css/ 0
0 115ms
58ms Stylesheet
text/html 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.metroexodus.work/en/event/metroexodus/css/facebook.css
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Nov 2020 04:01:37 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
content-length: 1237
content-type: text/html

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 13ms
12ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 666212
x-via: cfworker/kv
cross-origin-resource-policy: cross-origin
content-length: 5631
cf-request-id: 06ae9c85350000dfcf00923000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OeowDzITllQ7eGEnTdZRZ3kuQDtGoKlXLpuXtsZCmMfu9adi0WEpmMO1%2BQ8UyGDjAk6gGbrjMsMeAnhiWzrvitbwJy9kxHwFeE0x3C3n8DQOZyL4b95rMFcFmV7u8fw3bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5f91304ebc92dfcf-FRA
expires: Thu, 18 Nov 2021 04:01:37 GMT

GET
H3-Q050 200 banner.png
www.metroexodus.work/en/event/metroexodus/img/ 150 KB
150 KB 115ms
60ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/banner.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 27dd4fba79ab2d8de7fc27e42b1364ace1323595a1df36e74b63aff6d8e728ae

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 153217
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 jadi.png
www.metroexodus.work/en/event/metroexodus/img/ 342 KB
342 KB 116ms
61ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/jadi.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: cd256d70b82eb8b5ac044424c3f719c209fa7b65de31bdf9ac7a7755cd017ffe

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 350635
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 o5.png
www.metroexodus.work/en/event/metroexodus/media/ 60 KB
60 KB 117ms
62ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/media/o5.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 648daa4f9b22e0f4b8569beb8c80a9859bbbf93479854372c58b1862ba3b03c9

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 61463
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 draw3.png
www.metroexodus.work/en/event/metroexodus/img/ 11 KB
11 KB 116ms
61ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/draw3.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 69f40de1ac53d98166ed05e3332c00468fb1c9cc516be0c92cfd77733b0c1e77

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 11415
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 draw3off.png
www.metroexodus.work/en/event/metroexodus/img/ 4 KB
4 KB 112ms
58ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/draw3off.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: f9bef7dfdb5e6893d4e12750f734cd7ee8b331c64766961e61b9958a763943a6

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4111
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 6.png
www.metroexodus.work/en/event/metroexodus/img/reward/ 48 KB
48 KB 116ms
61ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/reward/6.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 137e954650f2bef73874c9ce257ac0352ad8fe587f4f96fa1c93f535ed269fcb

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 48985
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 tombol.png
www.metroexodus.work/en/event/metroexodus/img/ 18 KB
18 KB 115ms
61ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/tombol.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: cbc8caf2fa5ac6813b30761b8572173d7428ce57002fb9137aa49043961488e3

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 18252
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H2 200 footer.css
www.pubgmobile.com/common/css/ 3 KB
1 KB 37ms
6ms Stylesheet
text/css 2a02:26f0:6c00::210:ba29
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.pubgmobile.com/common/css/footer.css
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba29 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: cfb997b573954367d40f5dea3fda39bb85a2918e07a2b5e76e594f9801205c03

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
content-encoding: gzip
last-modified: Thu, 05 Nov 2020 11:42:14 GMT
server: nginx
etag: W/"5fa3e516-db2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=60
content-length: 1192
expires: Sat, 28 Nov 2020 04:02:37 GMT

GET
H3-Q050 200 twitter_text.png
www.metroexodus.work/en/event/metroexodus/img/ 2 KB
2 KB 111ms
58ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/twitter_text.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: b117e4296fc97013582b519d966d9fb9f80226e3e7e58f5e07da384f9f2bb60c

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2063
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 facebook_text.png
www.metroexodus.work/en/event/metroexodus/img/ 10 KB
11 KB 108ms
55ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/facebook_text.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: ea58ff52652614a17103ea5bf08c73ef48cbdad11f5796cbf554ec81dd55601e

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10634
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H2 200 icon_logo.jpg
www.pubgmobile.com/id/event/royalepass10/images/ 73 KB
74 KB 36ms
7ms Image
image/jpeg 2a02:26f0:6c00::210:ba29
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba29 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Thu, 16 Apr 2020 11:54:49 GMT
server: nginx
accept-ranges: bytes
etag: "5e984789-1258d"
content-length: 75149
content-type: image/jpeg

GET
H2 200 jquery-1.9.1.min.js Show response
code.jquery.com/ 90 KB
32 KB 31ms
10ms Script
application/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.min.js
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-169d5"
vary: Accept-Encoding
x-hw: 1606536097.dop164.fr8.t,1606536097.cds272.fr8.hn,1606536097.cds018.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 32772

GET
H3-Q050 200 timer.js Show response
www.metroexodus.work/en/event/metroexodus/js/ 667 B
254 B 115ms
60ms Script
application/javascript 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.metroexodus.work/en/event/metroexodus/js/timer.js
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: ecec37564ef2dd3740e56ffb07e1916548734c199d833084d9d9fc1c8cb067b9

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
content-encoding: br
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 196
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 bg_02.jpg
www.metroexodus.work/en/event/metroexodus/img/ 92 KB
92 KB 58ms
56ms Image
image/jpeg 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/bg_02.jpg
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: f46c70d4d2f4a32f04ad5ab41dd96fc2080357794bee338adcda3f37e73666db

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 94163
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 bg_01.png
www.metroexodus.work/en/event/metroexodus/img/ 136 KB
136 KB 59ms
56ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/bg_01.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 2ce8f1e8094c09ad61d52bb785b7b5bae3994a527b4f1c86aa81263f68f6a474

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 139675
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 bgspin.png
www.metroexodus.work/en/event/metroexodus/img/ 173 KB
173 KB 59ms
56ms Image
image/png 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.metroexodus.work/en/event/metroexodus/img/bgspin.png
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 45cd432a00678d3245aef58a9c680af697d564a454764f14550099221e70a486

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 177497
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 200 pubg.ttf
www.metroexodus.work/en/event/metroexodus/css/ 58 KB
34 KB 57ms
55ms Font
font/ttf 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.metroexodus.work/en/event/metroexodus/css/pubg.ttf
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: d672eb87a3787bdaf8f75df50f9ade864e2d5c9cdec5b07ce6de9d7d39433ea2

Request headers

Origin: https://www.metroexodus.work
Referer: https://www.metroexodus.work/en/event/metroexodus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 28 Nov 2020 04:01:37 GMT
content-encoding: br
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35177
expires: Sat, 05 Dec 2020 04:01:37 GMT

GET
H3-Q050 206 putar.mp3
www.metroexodus.work/en/event/metroexodus/media/ 90 KB
90 KB 57ms
57ms Media
audio/mpeg 62.171.180.179
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://www.metroexodus.work/en/event/metroexodus/media/putar.mp3
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 62.171.180.179 , United Kingdom, ASN51167 (CONTABO, DE),
Reverse DNS: vmi479372.contaboserver.net
Software: LiteSpeed /
Resource Hash: 9d75aee8bcc5636d3d2dcd95370a55468121ae7a484509b23160c192a95254aa

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-92511/92512
date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Fri, 27 Nov 2020 12:30:32 GMT
server: LiteSpeed
Content-Length: 92512
content-type: audio/mpeg

GET teko_regular.ttf
www.pubgmobile.com/common/font/ 0
0

GET
H2 206 m_1725u5z7i1.mp3
l.top4top.io/ 19 KB
20 KB 198ms
89ms Media
audio/mpeg 51.15.189.129
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://l.top4top.io/m_1725u5z7i1.mp3
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.15.189.129 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 51-15-189-129.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 4bc5852e5cec62ceab9260f712961f59609868151e01b63e7b7cae2b00efed54

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-file-id: x34392023x
date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Mon, 21 Sep 2020 07:16:33 GMT
server: nginx
etag: "5f685351-4d45"
content-type: audio/mpeg
Content-Range: bytes 0-19780/19781
cache-control: max-age=7200
content-disposition: inline; filename="open_reward_tab.mp3"
Content-Length: 19781
expires: Sat, 28 Nov 2020 06:01:37 GMT

GET
H2 206 m_1725zobal2.mp3
a.top4top.io/ 17 KB
18 KB 156ms
67ms Media
audio/mpeg 163.172.219.20
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.top4top.io/m_1725zobal2.mp3
Requested by: Host: www.metroexodus.work
URL: https://www.metroexodus.work/en/event/metroexodus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 163.172.219.20 Amsterdam, Netherlands, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-219-20.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 22e1575a06426f427b46598d6599c565e80ed3e937b1872b0d5d928bfe5b2d65

Request headers

Referer: https://www.metroexodus.work/en/event/metroexodus/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-file-id: x34392024x
date: Sat, 28 Nov 2020 04:01:37 GMT
last-modified: Mon, 21 Sep 2020 07:16:33 GMT
server: nginx
etag: "5f685351-451b"
content-type: audio/mpeg
Content-Range: bytes 0-17690/17691
cache-control: max-age=7200
content-disposition: inline; filename="close_reward_popup.mp3"
Content-Length: 17691
expires: Sat, 28 Nov 2020 06:01:37 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.pubgmobile.com
URL: https://www.pubgmobile.com/common/font/teko_regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.top4top.io
cdnjs.cloudflare.com
code.jquery.com
l.top4top.io
metroexodus.work
www.metroexodus.work
www.pubgmobile.com
www.pubgmobile.com
163.172.219.20
2001:4de0:ac19::1:b:1a
2606:4700::6810:135e
2a02:26f0:6c00::210:ba29
51.15.189.129
62.171.180.179
0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef
137e954650f2bef73874c9ce257ac0352ad8fe587f4f96fa1c93f535ed269fcb
22e1575a06426f427b46598d6599c565e80ed3e937b1872b0d5d928bfe5b2d65
27dd4fba79ab2d8de7fc27e42b1364ace1323595a1df36e74b63aff6d8e728ae
2ce8f1e8094c09ad61d52bb785b7b5bae3994a527b4f1c86aa81263f68f6a474
45cd432a00678d3245aef58a9c680af697d564a454764f14550099221e70a486
4bc5852e5cec62ceab9260f712961f59609868151e01b63e7b7cae2b00efed54
648daa4f9b22e0f4b8569beb8c80a9859bbbf93479854372c58b1862ba3b03c9
69f40de1ac53d98166ed05e3332c00468fb1c9cc516be0c92cfd77733b0c1e77
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9d75aee8bcc5636d3d2dcd95370a55468121ae7a484509b23160c192a95254aa
b117e4296fc97013582b519d966d9fb9f80226e3e7e58f5e07da384f9f2bb60c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
ca937c26927a0a60479b541724fbf6553681dcaf7af99b1689481b70865a101f
cbc8caf2fa5ac6813b30761b8572173d7428ce57002fb9137aa49043961488e3
cd256d70b82eb8b5ac044424c3f719c209fa7b65de31bdf9ac7a7755cd017ffe
cfb997b573954367d40f5dea3fda39bb85a2918e07a2b5e76e594f9801205c03
d672eb87a3787bdaf8f75df50f9ade864e2d5c9cdec5b07ce6de9d7d39433ea2
ea58ff52652614a17103ea5bf08c73ef48cbdad11f5796cbf554ec81dd55601e
ecec37564ef2dd3740e56ffb07e1916548734c199d833084d9d9fc1c8cb067b9
f46c70d4d2f4a32f04ad5ab41dd96fc2080357794bee338adcda3f37e73666db
f9bef7dfdb5e6893d4e12750f734cd7ee8b331c64766961e61b9958a763943a6

www.metroexodus.work Open in urlscan Pro 62.171.180.179 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

96 %HTTPS

50 %IPv6

5 Domains

7 Subdomains

7 IPs

5 Countries

1329 kBTransfer

1458 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

0 Cookies

Indicators

www.metroexodus.work Open in urlscan Pro
62.171.180.179 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

96 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

5
Countries

1329 kB
Transfer

1458 kB
Size

0
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!