mitraglobalusaha.com

http://mitraglobalusaha.com/

148.66.3.117 · Netsec Limited

Location

Cheung Sha Wan, Hong Kong

Domain Age

23 days

HTTP

200 · 51.1s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Shopee"

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Shopee

Credential Phishing

E-Commerce · 4/5/2026

Summary

This page at mitraglobalusaha.com purports to be Shopee. The final URL shows a Shopee-like interface rendered via a SPA, but the domain is a recently registered, unrelated host. The page title identifies Shopee while the domain is not the official Shopee domain, indicating impersonation and credential collection risk. The page loads numerous external JS libraries and SPA assets, with POST requests to internal API endpoints, suggesting credential capture within a cloned Shopee UI.

Attack Techniques (5)

Brand impersonation on a newly registered domainSingle-Page Application (SPA) rendering form/content dynamically via JavaScriptCloned UI assets and external script loading to mimic Shopee brandingCredential harvesting likely via dynamic form submission (SPA) despite no static HTML formsDiverse external script sources and API calls indicating a malicious hosted app attempting to collect data

Indicators of Compromise (7)

▸Domain: mitraglobalusaha.com (newly registered, 23 days old, WHOIS shows 2026-02-03 creation)

▸Page Title: Shopee (brand impersonation)

▸Final URL: https://mitraglobalusaha.com/m/index (path contains a brand-like index page)

▸POST requests to /api/common/dictEnumMapAll and /api/common/dict/allMap (potential data exfiltration endpoints)

▸External script sources including mitraglobalusaha.com/lib/flexible.js, chunk-*.js, and multiple CDN-hosted libraries (SPA behavior)

▸SSL certificate from Let's Encrypt (valid only until May 2026) on a brand-impersonating host

▸No static login form in HTML; SPA likely renders credentials via JavaScript bundles

Risk AssessmentUsed in abuse reports

The site mitraglobalusaha.com is a recently registered domain presenting a Shopee-themed interface. Despite no static login form in the initial HTML, the numerous external script imports and SPA behavior indicate a credential collection mechanism likely embedded within the JavaScript bundles. The impersonation is evident from the page title and UI resembling Shopee, coupled with a non-official domain and suspicious POST endpoints. This configuration presents clear credential harvesting risk and warrants urgent takedown action. The combination of a new domain, WAF/CDN evasion signals via SPA and heavy script loading, and direct impersonation signals justify elevated attention from abuse teams.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence