www.meri-co.es-5.top
Open in
urlscan Pro
103.41.65.144
Malicious Activity!
Public Scan
Effective URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Submission: On November 24 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on November 21st 2021. Valid for: 3 months.
This is the only time www.meri-co.es-5.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mercari (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 13.76.85.56 13.76.85.56 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 7 | 103.41.65.144 103.41.65.144 | 38197 (SUNHK-DAT...) (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone) | |
2 | 199.232.210.128 199.232.210.128 | 54113 (FASTLY) (FASTLY) | |
3 | 199.232.210.131 199.232.210.131 | 54113 (FASTLY) (FASTLY) | |
3 | 2404:6800:400... 2404:6800:4004:827::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1 | () () | |
25 | 6 |
ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK)
www.meri-co.es-5.top |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
es-5.top
1 redirects
www.meri-co.es-5.top |
128 KB |
3 |
google.com
apis.google.com accounts.google.com Failed |
111 KB |
3 |
mercdn.net
pcweb-assets.mercdn.net |
138 KB |
2 |
facebook.net
connect.facebook.net |
84 KB |
2 |
mercari.com
www.mercari.com |
52 KB |
2 |
yam.com
2 redirects
s.yam.com |
574 B |
0 |
bootcdn.net
Failed
cdn.bootcdn.net Failed |
|
25 | 7 |
Domain | Requested by | |
---|---|---|
7 | www.meri-co.es-5.top |
1 redirects
www.meri-co.es-5.top
|
3 | apis.google.com |
www.meri-co.es-5.top
apis.google.com |
3 | pcweb-assets.mercdn.net |
www.meri-co.es-5.top
|
2 | connect.facebook.net |
pcweb-assets.mercdn.net
connect.facebook.net |
2 | www.mercari.com |
www.meri-co.es-5.top
www.mercari.com |
2 | s.yam.com | 2 redirects |
0 | accounts.google.com Failed |
apis.google.com
|
0 | cdn.bootcdn.net Failed |
www.meri-co.es-5.top
|
25 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mercari.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.meri-co.es-5.top R3 |
2021-11-21 - 2022-02-19 |
3 months | crt.sh |
*.mercari.com GlobalSign GCC R3 DV TLS CA 2020 |
2021-06-03 - 2022-07-05 |
a year | crt.sh |
*.mercdn.net GlobalSign GCC R3 DV TLS CA 2020 |
2021-04-15 - 2022-05-17 |
a year | crt.sh |
*.apis.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-09-02 - 2021-12-01 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Frame ID: 4E262F07B705268B9E236DE369FE224E
Requests: 24 HTTP requests in this frame
Frame:
https://accounts.google.com/o/oauth2/iframe
Frame ID: 1AC3C033346498F50FD73D266013F9E8
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ログイン - メルカリ スマホでかんたん フリマアプリPage URL History Show full URLs
-
http://s.yam.com/ccnGg
HTTP 302
https://s.yam.com/ccnGg HTTP 302
https://www.meri-co.es-5.top/ HTTP 302
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: 新規会員登録
Search URL Search Domain Scan URL
Title: パスワードをお忘れの方
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://s.yam.com/ccnGg
HTTP 302
https://s.yam.com/ccnGg HTTP 302
https://www.meri-co.es-5.top/ HTTP 302
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
www.meri-co.es-5.top/login/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.jp.css
www.mercari.com/jp/assets/css/ |
337 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-jquery.min.js
www.meri-co.es-5.top/admin/im/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.js
www.meri-co.es-5.top/admin/im/ |
284 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_login.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-gray.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api:client.js
apis.google.com/js/ |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
pcweb-assets.mercdn.net/assets/js/ |
435 KB 135 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laydate.css
www.meri-co.es-5.top/admin/im/css/modules/laydate/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
www.meri-co.es-5.top/admin/im/css/modules/layer/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.css
www.meri-co.es-5.top/admin/im/css/modules/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google.svg
www.mercari.com/jp/assets/img/common/common/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ |
308 KB 105 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/ja_JP/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ |
62 B 161 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sdk.js
connect.facebook.net/ja_JP/ |
285 KB 81 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
iframe
accounts.google.com/o/oauth2/ Frame 1AC3 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.bootcdn.net
- URL
- https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.ttf?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?70178290
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/o/oauth2/iframe
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mercari (E-commerce)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| layui function| lay number| errors object| layer object| jQuery110109640245245479621 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 511=qfgA170J5Cy1wiST3VgG7LqAnSCU0c8MgW_4WqkDevEhim4Y5dlncGu8i-m1zqxJCvko7RalhxYYgPN7Q47IoclpxVYjFyWjG99S8OVm7H9p5E5oZmVqz6fjejv_ECXyA8SM1PuWfxr-Z6qNFAZ9pc3iKxYErA7q0ybpMu5_-qw |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
apis.google.com
cdn.bootcdn.net
connect.facebook.net
pcweb-assets.mercdn.net
s.yam.com
www.mercari.com
www.meri-co.es-5.top
accounts.google.com
cdn.bootcdn.net
www.mercari.com
103.41.65.144
13.76.85.56
199.232.210.128
199.232.210.131
2404:6800:4004:827::200e
2a03:2880:f00f:8:face:b00c:0:1
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
158268a11b73a5116f96192d143c292cfabe44cf4223cc3763c129103e39bcad
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1
4c6bd4640bb1b2c799314f6a4536cf244fe09bba2de563026e61ed760b5f2321
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
5a5151087607b67ca97e5c84dc7768f603c1930ffc6e2d96cf3dd99d2d203ed0
7a58ac7ad95e4483fafdf8e225692f429c70db52e435cd2b37cd085d84f126de
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
d580668441c188a4a90fb48d1f77a014125f5983977b60535f6895580ede8b3c
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
ed31b02d89b700c4ba6e1c8fa36baa4ec5b8650f9b70e10763e7857a5e4aa211
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc