www.meri-co.es-5.top
103.41.65.144  Malicious Activity!

Submitted URL: http://s.yam.com/ccnGg
Effective URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Submission: On November 24 via manual from JP — Scanned from JP

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 25 HTTP transactions. The main IP is 103.41.65.144, located in Hong Kong and belongs to SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK. The main domain is www.meri-co.es-5.top.
TLS certificate: Issued by R3 on November 21st 2021. Valid for: 3 months.
This is the only time www.meri-co.es-5.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mercari (E-commerce)

Domain & IP information

IP Address AS Autonomous System
2 2 13.76.85.56 8075 (MICROSOFT...)
1 7 103.41.65.144 38197 (SUNHK-DAT...)
2 199.232.210.128 54113 (FASTLY)
3 199.232.210.131 54113 (FASTLY)
3 2404:6800:400... 15169 (GOOGLE)
2 2a03:2880:f00... ()
25 6
Domain
Subdomains
Transfer
7 es-5.top
www.meri-co.es-5.top
128 KB
3 google.com
apis.google.com
accounts.google.com Failed
111 KB
3 mercdn.net
pcweb-assets.mercdn.net
138 KB
2 facebook.net
connect.facebook.net
84 KB
2 mercari.com
www.mercari.com
52 KB
2 yam.com
s.yam.com
574 B
0 bootcdn.net Failed
cdn.bootcdn.net Failed
0 B
25 7
Domain Requested by
7 www.meri-co.es-5.top 1 redirects www.meri-co.es-5.top
3 apis.google.com www.meri-co.es-5.top
apis.google.com
3 pcweb-assets.mercdn.net www.meri-co.es-5.top
2 connect.facebook.net pcweb-assets.mercdn.net
connect.facebook.net
2 www.mercari.com www.meri-co.es-5.top
www.mercari.com
2 s.yam.com 2 redirects
0 accounts.google.com Failed apis.google.com
0 cdn.bootcdn.net Failed www.meri-co.es-5.top
25 8

This site contains links to these domains. Also see Links.

Domain
www.mercari.com
Subject Issuer Validity Valid
www.meri-co.es-5.top
R3
2021-11-21 -
2022-02-19
3 months crt.sh
*.mercari.com
GlobalSign GCC R3 DV TLS CA 2020
2021-06-03 -
2022-07-05
a year crt.sh
*.mercdn.net
GlobalSign GCC R3 DV TLS CA 2020
2021-04-15 -
2022-05-17
a year crt.sh
*.apis.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-02 -
2021-12-01
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Frame ID: 4E262F07B705268B9E236DE369FE224E
Requests: 24 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 1AC3C033346498F50FD73D266013F9E8
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://s.yam.com/ccnGg HTTP 302
    https://s.yam.com/ccnGg HTTP 302
    https://www.meri-co.es-5.top/ HTTP 302
    https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL

Page Statistics

25
Requests

64 %
HTTPS

33 %
IPv6

7
Domains

8
Subdomains

6
IPs

4
Countries

512 kB
Transfer

1775 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://s.yam.com/ccnGg HTTP 302
    https://s.yam.com/ccnGg HTTP 302
    https://www.meri-co.es-5.top/ HTTP 302
    https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.php?login_callback=%2Fjp%2F
www.meri-co.es-5.top/login/
Redirect Chain
  • http://s.yam.com/ccnGg
  • https://s.yam.com/ccnGg
  • https://www.meri-co.es-5.top/
  • https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
10 KB
3 KB
Document
General
Full URL
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash
2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

access-control-allow-origin
*
access-control-allow-methods
*
access-control-allow-credentials
true
vary
Accept-Encoding
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
2878
content-type
text/html;charset=utf-8
date
Wed, 24 Nov 2021 01:27:10 GMT
server
Apache

Redirect headers

access-control-allow-origin
*
access-control-allow-methods
*
access-control-allow-credentials
true
location
/login/index.php?login_callback=%2Fjp%2F
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
0
content-type
text/html;charset=utf-8
date
Wed, 24 Nov 2021 01:27:09 GMT
server
Apache
app.jp.css?2948830063
www.mercari.com/jp/assets/css/
337 KB
51 KB
Stylesheet
General
Full URL
https://www.mercari.com/jp/assets/css/app.jp.css?2948830063
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.210.128 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ed31b02d89b700c4ba6e1c8fa36baa4ec5b8650f9b70e10763e7857a5e4aa211
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
x-xss-protection
1; mode=block
x-served-by
cache-hnd18741-HND
last-modified
Mon, 22 Nov 2021 02:04:33 GMT
x-timer
S1637717232.243271,VS0,VE24
date
Wed, 24 Nov 2021 01:27:12 GMT
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 24 Dec 2021 01:27:12 GMT
site-jquery.min.js
www.meri-co.es-5.top/admin/im/
91 KB
32 KB
Script
General
Full URL
https://www.meri-co.es-5.top/admin/im/site-jquery.min.js
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Aug 2021 08:34:16 GMT
server
Apache
etag
"16b60-5ca35e1ec7200-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
32817
x-xss-protection
1; mode=block
layui.js
www.meri-co.es-5.top/admin/im/
284 KB
92 KB
Script
General
Full URL
https://www.meri-co.es-5.top/admin/im/layui.js
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 06 Jul 2021 04:01:50 GMT
server
Apache
etag
"471da-5c66c7b3e4780-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
x-xss-protection
1; mode=block
layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/
0
0

logo_login.svg?1110959694
pcweb-assets.mercdn.net/assets/img/common/common/
2 KB
2 KB
Image
General
Full URL
https://pcweb-assets.mercdn.net/assets/img/common/common/logo_login.svg?1110959694
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.210.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
content-encoding
gzip
age
608
x-guploader-uploadid
ADPycdtW0lEgB_HlDbvIodHp81_Xjt3Q95OqXjDLMXJIO1junIE5mBaj4c1msRQ1HRQmi5rowBR02MMnHCUleCADZlc
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
strict-transport-security
max-age=31557600
content-length
1130
via
1.1 varnish
x-served-by
cache-hnd18745-HND
last-modified
Mon, 22 Nov 2021 02:06:09 GMT
server
UploadServer
etag
"3a6480bc4b445a09c55271d16b3db016"
vary
Origin, Accept-Encoding
x-goog-hash
crc32c=Dk06SA==, md5=OmSAvEtEWgnFUnHRaz2wFg==
x-goog-generation
1637546769280519
access-control-allow-origin
*
expires
Tue, 23 Nov 2021 07:45:16 GMT
cache-control
public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length
1130
accept-ranges
bytes
content-type
image/svg+xml
x-cache-hits
1
logo-gray.svg?1110959694
pcweb-assets.mercdn.net/assets/img/common/common/
2 KB
1 KB
Image
General
Full URL
https://pcweb-assets.mercdn.net/assets/img/common/common/logo-gray.svg?1110959694
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.210.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
content-encoding
gzip
age
4534
x-guploader-uploadid
ADPycdsAjUd9U-Z3aW8rjbUfOsH5fD11B7neSYRwBBNDEu83YrqJ57bixrrYNGlGmfwyufXCI3AanJIwcDm8lyRv2PQm7Rq5qQ
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
strict-transport-security
max-age=31557600
content-length
1065
via
1.1 varnish
x-served-by
cache-hnd18745-HND
last-modified
Mon, 22 Nov 2021 02:06:09 GMT
server
UploadServer
etag
"9e3d8ae31c721624ed662bed825951b9"
vary
Origin, Accept-Encoding
x-goog-hash
crc32c=JTxkFQ==, md5=nj2K4xxyFiTtZivtgllRuQ==
x-goog-generation
1637546769240441
access-control-allow-origin
*
expires
Tue, 23 Nov 2021 18:49:51 GMT
cache-control
public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length
1065
accept-ranges
bytes
content-type
image/svg+xml
x-cache-hits
1
api:client.js
apis.google.com/js/
13 KB
6 KB
Script
General
Full URL
https://apis.google.com/js/api:client.js
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:827::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
158268a11b73a5116f96192d143c292cfabe44cf4223cc3763c129103e39bcad
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8M3/p7nVVMh6ocn8uPRmIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"66290f8e8baecda84f0b464835839a41"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-8M3/p7nVVMh6ocn8uPRmIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Wed, 24 Nov 2021 01:27:12 GMT
app.js?2409678128
pcweb-assets.mercdn.net/assets/js/
435 KB
135 KB
Script
General
Full URL
https://pcweb-assets.mercdn.net/assets/js/app.js?2409678128
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.210.131 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
UploadServer /
Resource Hash
d580668441c188a4a90fb48d1f77a014125f5983977b60535f6895580ede8b3c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
content-encoding
gzip
age
80767
x-guploader-uploadid
ADPycdskp5Bwzy6JbRV2S3CYopKpfGToTPxgbWZUPveWnt5yzEMwsJOGoPWpZX3cfnX9R0SKmDPgnCssHr2LnDJTFg0
x-cache
HIT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
strict-transport-security
max-age=31557600
content-length
137563
via
1.1 varnish
x-served-by
cache-hnd18745-HND
last-modified
Mon, 22 Nov 2021 02:06:11 GMT
server
UploadServer
etag
"f1e6ca142e3b319aa9aca9d423a64610"
vary
Origin, Accept-Encoding
x-goog-hash
crc32c=LmP0nQ==, md5=8ebKFC47MZqprKnUI6ZGEA==
x-goog-generation
1637546771100644
access-control-allow-origin
*
expires
Wed, 24 Nov 2021 03:01:05 GMT
cache-control
public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length
137563
accept-ranges
bytes
content-type
text/javascript
x-cache-hits
1
laydate.css?v=5.3.1
www.meri-co.es-5.top/admin/im/css/modules/laydate/default/
0
0
Stylesheet
General
Full URL
https://www.meri-co.es-5.top/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/admin/im/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
server
Apache
content-length
267
content-type
text/html; charset=iso-8859-1
layer.css?v=3.5.1
www.meri-co.es-5.top/admin/im/css/modules/layer/default/
0
0
Stylesheet
General
Full URL
https://www.meri-co.es-5.top/admin/im/css/modules/layer/default/layer.css?v=3.5.1
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/admin/im/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
server
Apache
content-length
267
content-type
text/html; charset=iso-8859-1
code.css?v=2
www.meri-co.es-5.top/admin/im/css/modules/
0
0
Stylesheet
General
Full URL
https://www.meri-co.es-5.top/admin/im/css/modules/code.css?v=2
Requested by
Host: www.meri-co.es-5.top
URL: https://www.meri-co.es-5.top/admin/im/layui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.41.65.144 , Hong Kong, ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:27:12 GMT
server
Apache
content-length
267
content-type
text/html; charset=iso-8859-1
google.svg
www.mercari.com/jp/assets/img/common/common/
4 KB
1 KB
Image
General
Full URL
https://www.mercari.com/jp/assets/img/common/common/google.svg
Requested by
Host: www.mercari.com
URL: https://www.mercari.com/jp/assets/css/app.jp.css?2948830063
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.210.128 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.mercari.com/jp/assets/css/app.jp.css?2948830063
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS
x-cache-hits
0
x-xss-protection
1; mode=block
x-served-by
cache-hnd18741-HND
last-modified
Mon, 22 Nov 2021 02:01:11 GMT
x-timer
S1637717262.291195,VS0,VE9
date
Wed, 24 Nov 2021 01:27:42 GMT
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 24 Dec 2021 01:27:42 GMT
SourceSansPro-Regular.ttf.woff2?70178290
www.mercari.com/jp/assets/fonts/
0
0

icon-font.woff?70178290
www.mercari.com/jp/assets/fonts/
0
0

SourceSansPro-Semibold.ttf.woff2?70178290
www.mercari.com/jp/assets/fonts/
0
0

SourceSansPro-Semibold.otf.woff?70178290
www.mercari.com/jp/assets/fonts/
0
0

SourceSansPro-Regular.otf.woff?70178290
www.mercari.com/jp/assets/fonts/
0
0

icon-font.ttf?70178290
www.mercari.com/jp/assets/fonts/
0
0

SourceSansPro-Regular.ttf?70178290
www.mercari.com/jp/assets/fonts/
0
0

cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/
308 KB
105 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api:client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:827::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a58ac7ad95e4483fafdf8e225692f429c70db52e435cd2b37cd085d84f126de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 21:39:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13718
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106947
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Nov 2022 21:39:05 GMT
sdk.js
connect.facebook.net/ja_JP/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/ja_JP/sdk.js
Requested by
Host: pcweb-assets.mercdn.net
URL: https://pcweb-assets.mercdn.net/assets/js/app.js?2409678128
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a5151087607b67ca97e5c84dc7768f603c1930ffc6e2d96cf3dd99d2d203ed0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
s7NVL88ca7oOhncEsArR5g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Wed, 24 Nov 2021 01:41:27 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1689
x-fb-rlafr
0
x-fb-debug
J0KfbsLXJDcntkRvoaD43+18JCxNjhwB5hp3JqZrl73lYkxV5a9m9aLMd2ZnMkiToAxcu7uG0V6K5VJm9PAIUw==
x-fb-trip-id
382461245
x-fb-content-md5
6467033aa635bf14330a5c869992e55f
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 24 Nov 2021 01:27:43 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"97c84608353fcf09999557b5720eabbf"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/
62 B
161 B
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api:client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:827::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.meri-co.es-5.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 17 Nov 2021 13:38:55 GMT
x-content-type-options
nosniff
age
560928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Nov 2022 13:38:55 GMT
sdk.js?hash=3341055275231f5ae830849b9797cbdc
connect.facebook.net/ja_JP/
285 KB
81 KB
Script
General
Full URL
https://connect.facebook.net/ja_JP/sdk.js?hash=3341055275231f5ae830849b9797cbdc
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00f:8:face:b00c:0:1 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c6bd4640bb1b2c799314f6a4536cf244fe09bba2de563026e61ed760b5f2321
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.meri-co.es-5.top/
Origin
https://www.meri-co.es-5.top
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
JSXbRoZp0EqYZlJkZYWOyg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Thu, 24 Nov 2022 01:17:41 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
82970
x-fb-rlafr
0
x-fb-debug
8pIRnJgVO6BgAs7+bb0CWwMi0SjLpC5O6NbQMAV1OC8Jw2PrUFyuON2bo+JuoyNE3172Qf8yqvBtEna6UHhh2A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
a5d93f3e795157c57046d1a7774578df
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 24 Nov 2021 01:27:43 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"fde22b3c0a46b4a969ef5ad7921e152d"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
iframe
accounts.google.com/o/oauth2/ Frame 1AC3
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.bootcdn.net
URL
https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/icon-font.woff?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/icon-font.ttf?70178290
Domain
www.mercari.com
URL
https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?70178290
Domain
accounts.google.com
URL
https://accounts.google.com/o/oauth2/iframe

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mercari (E-commerce)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| layui function| lay number| errors object| layer object| jQuery11010964024524547962

1 Cookies

Domain/Path Name / Value
.google.com/ Name: NID
Value: 511=qfgA170J5Cy1wiST3VgG7LqAnSCU0c8MgW_4WqkDevEhim4Y5dlncGu8i-m1zqxJCvko7RalhxYYgPN7Q47IoclpxVYjFyWjG99S8OVm7H9p5E5oZmVqz6fjejv_ECXyA8SM1PuWfxr-Z6qNFAZ9pc3iKxYErA7q0ybpMu5_-qw

18 Console Messages

Source Level URL
Text
network error URL: https://www.meri-co.es-5.top/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.meri-co.es-5.top/admin/im/css/modules/layer/default/layer.css?v=3.5.1
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.meri-co.es-5.top/admin/im/css/modules/code.css?v=2
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/icon-font.woff?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/icon-font.woff?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/icon-font.ttf?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/icon-font.ttf?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?70178290
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Message:
Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?70178290' from origin 'https://www.meri-co.es-5.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?70178290
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
Message:
Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block