www.meri-co.es-5.top
Open in
urlscan Pro
103.41.65.144
Malicious Activity!
Public Scan
Effective URL: https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Submission Tags: phishing mercari Search All
Submission: On November 22 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on November 21st 2021. Valid for: 3 months.
This is the only time www.meri-co.es-5.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mercari (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 13.76.85.56 13.76.85.56 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 7 | 103.41.65.144 103.41.65.144 | 38197 (SUNHK-DAT...) (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone) | |
2 | 199.232.214.128 199.232.214.128 | 54113 (FASTLY) (FASTLY) | |
3 | 199.232.210.131 199.232.210.131 | 54113 (FASTLY) (FASTLY) | |
3 | 2404:6800:400... 2404:6800:4004:827::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1 | () () | |
1 | 2404:6800:400... 2404:6800:4004:80b::200d | () () | |
26 | 7 |
ASN38197 (SUNHK-DATA-AS-AP Sun Network Hong Kong Limited - HongKong Backbone, HK)
www.meri-co.es-5.top |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
es-5.top
1 redirects
www.meri-co.es-5.top |
128 KB |
4 |
google.com
apis.google.com accounts.google.com |
112 KB |
3 |
mercdn.net
pcweb-assets.mercdn.net |
111 KB |
2 |
facebook.net
connect.facebook.net |
85 KB |
2 |
mercari.com
www.mercari.com |
52 KB |
1 |
yam.com
1 redirects
s.yam.com |
290 B |
0 |
gstatic.com
Failed
ssl.gstatic.com Failed |
|
0 |
bootcdn.net
Failed
cdn.bootcdn.net Failed |
|
26 | 8 |
Domain | Requested by | |
---|---|---|
7 | www.meri-co.es-5.top |
1 redirects
www.meri-co.es-5.top
|
3 | apis.google.com |
www.meri-co.es-5.top
apis.google.com |
3 | pcweb-assets.mercdn.net |
www.meri-co.es-5.top
|
2 | connect.facebook.net |
pcweb-assets.mercdn.net
connect.facebook.net |
2 | www.mercari.com |
www.meri-co.es-5.top
www.mercari.com |
1 | accounts.google.com |
apis.google.com
|
1 | s.yam.com | 1 redirects |
0 | ssl.gstatic.com Failed |
accounts.google.com
|
0 | cdn.bootcdn.net Failed |
www.meri-co.es-5.top
|
26 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mercari.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.meri-co.es-5.top R3 |
2021-11-21 - 2022-02-19 |
3 months | crt.sh |
*.mercari.com GlobalSign GCC R3 DV TLS CA 2020 |
2021-06-03 - 2022-07-05 |
a year | crt.sh |
*.mercdn.net GlobalSign GCC R3 DV TLS CA 2020 |
2021-04-15 - 2022-05-17 |
a year | crt.sh |
*.apis.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-08-31 - 2021-11-29 |
3 months | crt.sh |
accounts.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F
Frame ID: 21E61A9D3F013AFE07408C6D7D385E09
Requests: 24 HTTP requests in this frame
Frame:
https://accounts.google.com/o/oauth2/iframe
Frame ID: CC1DB39D816275B8C62E235E68868ABA
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
ログイン - メルカリ スマホでかんたん フリマアプリPage URL History Show full URLs
-
https://s.yam.com/ccnGg
HTTP 302
https://www.meri-co.es-5.top/ HTTP 302
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: 新規会員登録
Search URL Search Domain Scan URL
Title: パスワードをお忘れの方
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.yam.com/ccnGg
HTTP 302
https://www.meri-co.es-5.top/ HTTP 302
https://www.meri-co.es-5.top/login/index.php?login_callback=%2Fjp%2F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
www.meri-co.es-5.top/login/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.jp.css
www.mercari.com/jp/assets/css/ |
337 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-jquery.min.js
www.meri-co.es-5.top/admin/im/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.js
www.meri-co.es-5.top/admin/im/ |
284 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_login.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-gray.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api:client.js
apis.google.com/js/ |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
pcweb-assets.mercdn.net/assets/js/ |
435 KB 108 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laydate.css
www.meri-co.es-5.top/admin/im/css/modules/laydate/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
www.meri-co.es-5.top/admin/im/css/modules/layer/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.css
www.meri-co.es-5.top/admin/im/css/modules/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google.svg
www.mercari.com/jp/assets/img/common/common/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ |
308 KB 105 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/ja_JP/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.7Qaqnm_1sO0.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMlhJgy_5nQ_Wt0jHMAZa6UDzBuWQ/ |
62 B 161 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sdk.js
connect.facebook.net/ja_JP/ |
291 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe
accounts.google.com/o/oauth2/ Frame CC1D |
511 B 902 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
73375047-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame CC1D |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.bootcdn.net
- URL
- https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.ttf?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?70178290
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?70178290
- Domain
- ssl.gstatic.com
- URL
- https://ssl.gstatic.com/accounts/o/73375047-idpiframe.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mercari (E-commerce)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| layui function| lay number| errors object| layer object| jQuery1101084234815457037681 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 511=gDpWZeMCP7RgYeKHzRItfekZKh165RuYlUPR5Tm3-SeF-ciPjiqBvJDkKL3WjMGdw6Ag5tpw_mx_qC4fA8oRSzVkP72D5iwiZZt61ctTXKgqyCwnAfyEvl9g8-HruCFHEI4pe3RKoXwzefCShk7_XWUj3V5JnEqLtWZSNeMikHY |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
apis.google.com
cdn.bootcdn.net
connect.facebook.net
pcweb-assets.mercdn.net
s.yam.com
ssl.gstatic.com
www.mercari.com
www.meri-co.es-5.top
cdn.bootcdn.net
ssl.gstatic.com
www.mercari.com
103.41.65.144
13.76.85.56
199.232.210.131
199.232.214.128
2404:6800:4004:80b::200d
2404:6800:4004:827::200e
2a03:2880:f00f:8:face:b00c:0:1
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
158268a11b73a5116f96192d143c292cfabe44cf4223cc3763c129103e39bcad
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1
34edc54611c432412ca774acf27ce12c1efd6919412c1f948014d5a10b88df1d
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
601793a6578f6ec0fcd77fcfb5c3c7751679ebd33696ab0336ec4976464ccdd1
7a58ac7ad95e4483fafdf8e225692f429c70db52e435cd2b37cd085d84f126de
7d6991b64d5ae53c70ce3c0487de5f2e2f88805040f5b5bd19ef18167a2c1292
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
ed31b02d89b700c4ba6e1c8fa36baa4ec5b8650f9b70e10763e7857a5e4aa211
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc
fc976b14e2312ac31099a5095e7c5b35d24e4ab2143c68885e2a56d02e2bb985