ghostmarket.io

.io crawl

First seen 2026-05-09 · Last seen 2026-05-15 · ok HTTP/1.1 200 2200 ms crawled 2026-05-15

US · 76.76.21.61 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: GhostMarket • Sell, Explore, Buy and Create Collectibles
Description: The first cross-chain NFT marketplace. Explore, create and trade any NFT on various blockchains.
Language: en

Open Graph

title: GhostMarket • Sell, Explore, Buy and Create Collectibles
site name: GhostMarket
description: The first cross-chain NFT marketplace. Explore, create and trade any NFT on various blockchains.

Technology

CDN: Vercel
CMS: Nuxt

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

DNS records live

NS

ivy.ns.cloudflare.com
stan.ns.cloudflare.com

MX

10 mail.onblock.io

TXT

wallet-connect-dns-verification=03ffcca10c1da6c51fad4c816ee738e59b6d4261fa0caf492479719e26402fa4
google-site-verification=ba0ArK-jvZP4pltJGLG7pYwo7xolEpssDGeLrBJls8g
google-site-verification=p_LcM5I8GNlkWeikITEaVz4ueyh3sRXPPppBxJp1FSQ

Email authentication strong

SPF

v=spf1 include:_spf.mlsend.com include:_spf.google.com include:amazonses.com ~all

softfail (~all)

DMARC

v=DMARC1;p=quarantine;pct=100;rua=mailto:admin@ghostmarket.io;ri=86400;aspf=s;adkim=s;fo=1

policy: quarantine

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46zS0dsYJZRopYKgdFAUkjM/D/e76jxo4cCsadX0UtKVrqkz3gtIosOfJGIA7WUPRkimwL2HBYRpCvwlbl…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKO6dd+XVU9OMnMFcJA+sj4GOSy01l6Xk4dG4q6K14Lf2Bdf+DOTWi9PXZzQtTonZ9FEHGl3Q7XDNAF5kZ…

selectors probed

Certificate (current)

R13

from 2026-04-22 to 2026-07-21

Expires in 63 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://ghostmarket.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: fullscreen=*,autoplay=*,camera=*,display-capture=*
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src * blob:; img-src https: data: blob:; media-src https: data:; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.ghostmarket.io; font-src 'self' 'unsafe-inline' *.ghostmarket.io; object-src 'none'; frame-src buy.moonpay.com pay.inst.money; frame-ancestors *.pavillionhub.com 'self';
strict-transport-security: max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin

Links to (5)

Linked from (1)

red4sec.com×1