mercarisecese.ml Open in urlscan Pro
5.188.38.199 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mercarisecese.ml/
Submission: On December 29 via api (December 29th 2021, 12:11:02 am UTC) from JP — Scanned from JP

Summary HTTP 10 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 5.188.38.199, located in Khabarovsk, Russian Federation and belongs to GHOST, LU. The main domain is mercarisecese.ml.

This is the only time mercarisecese.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mercari (E-commerce)

Domain & IP information

	IP Address		AS Autonomous System
10	5.188.38.199 5.188.38.199		202422 (GHOST) (GHOST)
10	1

10 5.188.38.199 (Khabarovsk, Russian Federation)

ASN202422 (GHOST, LU)
PTR: a42475207.example.com

mercarisecese.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	mercarisecese.ml mercarisecese.ml	295 KB
10	1

	Domain	Requested by
10	mercarisecese.ml	mercarisecese.ml
10	1

This site contains links to these domains. Also see Links.

Domain
www.mercari.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://mercarisecese.ml/
Frame ID: 0400BA31C156E0C7916B24840825F1A6
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - メルカリスマホでかんたんフリマアプリ

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

295 kB
Transfer

711 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.mercari.com/jp/

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/password/reset/start/
Title: パスワードをお忘れの方

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/privacy/
Title: プライバシーポリシー

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/tos/
Title: メルカリ利用規約

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/tokutei/
Title: 特定商取引に関する表記

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response mercarisecese.ml/	12 KB 4 KB	497ms 494ms	Document text/html	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `cd2457fc93165fe994a012da213ea3846572042f5a1995fdfef213683add9884` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Server nginx Date Wed, 29 Dec 2021 00:10:57 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Content-Encoding gzip
GET H/1.1	200 OK	app.jp.css mercarisecese.ml/static/css/	432 KB 73 KB	44ms 44ms	Stylesheet text/css	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/static/css/app.jp.css Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `185cc62c9f53070516ad7db50f43837630aed0431766913b288d5daba7d2209c` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Content-Encoding gzip Last-Modified Sun, 19 Sep 2021 13:58:58 GMT Server nginx ETag W/"61474222-6be5d" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 29 Dec 2021 12:10:57 GMT
GET H/1.1	200 OK	logo_login.svg mercarisecese.ml/static/picture/	2 KB 3 KB	78ms 77ms	Image image/svg+xml	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://mercarisecese.ml/static/picture/logo_login.svg Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sat, 18 Sep 2021 14:36:34 GMT Server nginx ETag "6145f972-933" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 2355
GET H/1.1	200 OK	logo-gray.svg mercarisecese.ml/static/picture/	2 KB 2 KB	84ms 82ms	Image image/svg+xml	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://mercarisecese.ml/static/picture/logo-gray.svg Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sat, 18 Sep 2021 14:37:02 GMT Server nginx ETag "6145f98e-8fe" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 2302
GET H/1.1	200 OK	load2.gif mercarisecese.ml/static/images/	701 B 1004 B	63ms 62ms	Image image/gif	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://mercarisecese.ml/static/images/load2.gif Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `7c6380e9985c8e4982f41f8dba64d6b1c4a7997d0aa635d9f4bb7643ab815248` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sun, 19 Sep 2021 20:11:00 GMT Server nginx ETag "61479954-2bd" Content-Type image/gif Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 701 Expires Fri, 28 Jan 2022 00:10:57 GMT
GET H/1.1	200 OK	jquery.js Show response mercarisecese.ml/admin/static/js/	85 KB 33 KB	78ms 77ms	Script application/javascript	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/admin/static/js/jquery.js Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/ Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `1ca6e9440f352a20fc8eb9d779d890eeb883a48051ce3653e4b9c142a1bd9e62` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Content-Encoding gzip Last-Modified Sat, 18 Sep 2021 15:39:20 GMT Server nginx ETag W/"61460828-1528e" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Wed, 29 Dec 2021 12:10:57 GMT
GET H/1.1	200 OK	google.svg mercarisecese.ml/static/images/	4 KB 4 KB	44ms 44ms	Image image/svg+xml	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Show image Full URL http://mercarisecese.ml/static/images/google.svg Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/static/css/app.jp.css Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4` Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://mercarisecese.ml/static/css/app.jp.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sun, 19 Sep 2021 13:58:02 GMT Server nginx ETag "614741ea-f0f" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 3855
GET H/1.1	200 OK	sourcesanspro-regular.ttf.woff2 mercarisecese.ml/static/fonts/	85 KB 85 KB	38ms 38ms	Font font/woff2	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/static/fonts/sourcesanspro-regular.ttf.woff2 Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/static/css/app.jp.css Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `27c06ca531d01f12d9e28d869000985e4cf84dd0724afe578e942d44f09d19c2` Request headers Referer http://mercarisecese.ml/static/css/app.jp.css Origin http://mercarisecese.ml Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sat, 18 Sep 2021 14:37:02 GMT Server nginx ETag "6145f98e-1533c" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 86844
GET H/1.1	200 OK	icon-font.woff mercarisecese.ml/static/fonts/	5 KB 6 KB	44ms 44ms	Font font/woff	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/static/fonts/icon-font.woff Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/static/css/app.jp.css Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `5785a9af97c15030786e995ac7451fa114c2394f233250caba5e57376aa45d73` Request headers Referer http://mercarisecese.ml/static/css/app.jp.css Origin http://mercarisecese.ml Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sat, 18 Sep 2021 14:36:36 GMT Server nginx ETag "6145f974-15b8" Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 5560
GET H/1.1	200 OK	sourcesanspro-semibold.ttf.woff2 mercarisecese.ml/static/fonts/	84 KB 84 KB	40ms 40ms	Font font/woff2	5.188.38.199 GHOST
General Check archive.org Show headers Download Go to Full URL http://mercarisecese.ml/static/fonts/sourcesanspro-semibold.ttf.woff2 Requested by Host: mercarisecese.ml URL: http://mercarisecese.ml/static/css/app.jp.css Protocol HTTP/1.1 Server 5.188.38.199 Khabarovsk, Russian Federation, ASN202422 (GHOST, LU), Reverse DNS a42475207.example.com Software nginx / Resource Hash `b96f55ccea2c4ad959ca841fa881a893e7df33a2e575d621a81d2f1063b429c4` Request headers Referer http://mercarisecese.ml/static/css/app.jp.css Origin http://mercarisecese.ml Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers Date Wed, 29 Dec 2021 00:10:57 GMT Last-Modified Sat, 18 Sep 2021 14:36:38 GMT Server nginx ETag "6145f976-150b4" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 86196

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mercari (E-commerce)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| dataLayer function| tijiao

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mercarisecese.ml/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4bggapnh3gq7edq608b0v47j8h

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mercarisecese.ml
5.188.38.199
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
185cc62c9f53070516ad7db50f43837630aed0431766913b288d5daba7d2209c
1ca6e9440f352a20fc8eb9d779d890eeb883a48051ce3653e4b9c142a1bd9e62
27c06ca531d01f12d9e28d869000985e4cf84dd0724afe578e942d44f09d19c2
5785a9af97c15030786e995ac7451fa114c2394f233250caba5e57376aa45d73
7c6380e9985c8e4982f41f8dba64d6b1c4a7997d0aa635d9f4bb7643ab815248
b96f55ccea2c4ad959ca841fa881a893e7df33a2e575d621a81d2f1063b429c4
cd2457fc93165fe994a012da213ea3846572042f5a1995fdfef213683add9884
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc

mercarisecese.ml Open in urlscan Pro 5.188.38.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

295 kBTransfer

711 kBSize

1 Cookies

5 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

mercarisecese.ml Open in urlscan Pro
5.188.38.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

295 kB
Transfer

711 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!