safety.mercari.pics
Open in
urlscan Pro
34.146.216.235
Malicious Activity!
Public Scan
Effective URL: https://safety.mercari.pics/ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&...
Submission: On May 18 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on May 14th 2022. Valid for: 3 months.
This is the only time safety.mercari.pics was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mercari (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 34.146.216.235 34.146.216.235 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2404:6800:400... 2404:6800:4004:808::2008 | 15169 (GOOGLE) (GOOGLE) | |
3 | 49.102.154.13 49.102.154.13 | 9605 (DOCOMO NT...) (DOCOMO NTT DOCOMO) | |
2 | 2404:6800:400... 2404:6800:4004:827::200e | 15169 (GOOGLE) (GOOGLE) | |
27 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 235.216.146.34.bc.googleusercontent.com
safety.mercari.pics |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
mercari.pics
safety.mercari.pics |
189 KB |
3 |
docomo.ne.jp
id.smt.docomo.ne.jp — Cisco Umbrella Rank: 461526 |
717 B |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37 |
20 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71 |
64 KB |
27 | 4 |
Domain | Requested by | |
---|---|---|
21 | safety.mercari.pics |
safety.mercari.pics
|
3 | id.smt.docomo.ne.jp |
safety.mercari.pics
|
2 | www.google-analytics.com |
safety.mercari.pics
www.google-analytics.com |
1 | www.googletagmanager.com |
safety.mercari.pics
|
27 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
safety.mercari.pics R3 |
2022-05-14 - 2022-08-12 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-04-25 - 2022-07-18 |
3 months | crt.sh |
id.smt.docomo.ne.jp DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-07 - 2022-10-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://safety.mercari.pics/ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1
Frame ID: DCF0D34750AB42E09CB04916F81F9F8D
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
ログインPage URL History Show full URLs
- https://safety.mercari.pics/jp Page URL
- https://safety.mercari.pics/index.php?t=51b9158f4472eb8a96c3b6f2d21b5ae3e16f181024a88fb290df4d72edb82553 Page URL
- https://safety.mercari.pics/ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&actio... Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://safety.mercari.pics/jp Page URL
- https://safety.mercari.pics/index.php?t=51b9158f4472eb8a96c3b6f2d21b5ae3e16f181024a88fb290df4d72edb82553 Page URL
- https://safety.mercari.pics/ap/signin?_encoding=UTF8&openid.assoc_handle=jpflex&openid.claimed_id=&action=sign-in&path=home&ref_=nav_Account&signIn=1&useRedirectOnSuccess=1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
jp
safety.mercari.pics/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.23238u92u82.js
safety.mercari.pics/vendor/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.php
safety.mercari.pics/ |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
signin
safety.mercari.pics/ap/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.css
safety.mercari.pics/ap/css/ |
78 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.css
safety.mercari.pics/ap/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
safety.mercari.pics/ap/css/ |
3 KB 898 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkboxRadio.css
safety.mercari.pics/ap/css/ |
3 KB 939 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_layout_v5_pc.css
safety.mercari.pics/ap/style/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_layout_v5_style.css
safety.mercari.pics/ap/style/css/ |
22 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idk.css
safety.mercari.pics/ap/css/ |
43 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
safety.mercari.pics/ap/style/js/ |
48 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
safety.mercari.pics/ap/style/js/ |
187 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.min.js
safety.mercari.pics/ap/style/js/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_IDFPS-IJ0002_v6.js
safety.mercari.pics/ap/style/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_validation_v5.js
safety.mercari.pics/ap/style/js/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_dispCtl_v2.js
safety.mercari.pics/ap/style/js/ |
740 B 406 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
auth_accordion.js
safety.mercari.pics/ap/style/js/ |
608 B 360 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beacon.js
safety.mercari.pics/ap/style/js/ |
426 B 289 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mercari.png
safety.mercari.pics/ap/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
safety.mercari.pics/ap/css/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
214 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_spring.png
id.smt.docomo.ne.jp/img/ |
102 B 279 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
empty.gif
id.smt.docomo.ne.jp/img/ |
43 B 219 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 208 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
empty.gif
id.smt.docomo.ne.jp/img/ |
43 B 219 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mercari (E-commerce)83 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery string| DCMID_COOKIE number| DCMID_EXPIRE number| BTN_CTL_ENABLE number| BTN_CTL_DISABLE boolean| COOKIE_SECURE number| BTN_TIMEOUT string| BTN_TYPE string| BTN_TYPE_IMG string| COOKIE_DOMAIN string| DOCOMOID_FORM string| DOCOMOID_UID string| DOCOMOID_PASS string| DOCOMONAME_SAVE string| BTN_NAME number| AUTH_TYPE_PW number| AUTH_TYPE_SEC string| DISP_AUTH_PW string| DISP_AUTH_SEC string| IDMSN_CHANGE_SEPARATOR undefined| userErrMsg number| submitFlg function| loginFormOnLoad function| chgDispById function| chgDisp function| setLoginForm function| setCookie function| getCookie function| doBeforeLogin0 function| doBeforeLogin2 function| changeIDMSNCookie0 function| getCharCDFromString function| getStringFromCharCD function| checkForm0 function| checkFormOneTime0 function| checkLength function| getByteStringLength function| buttonControl function| doBeforeLogin1 function| doBeforeLogin3 function| checkForm3 function| doBeforeLogin4 function| checkForm4 function| doBeforeLogin5 function| checkForm5 function| setDispAuth function| isSet function| isLength function| isLengthUnder function| isLengthUpper function| isBounds function| isAgree function| isCharCode function| isPwCharCode function| isNwPwCharCode function| getMsg function| setErr function| focusErr function| clearErr function| dispCtl function| launchApp function| launchApp2 function| setImg number| isEasyExec number| isEasyUnKnown number| secondDeviceFlg string| scrid object| dataLayer object| google_tag_data function| ga object| gaplugins object| google_tag_manager string| GoogleAnalyticsObject function| _auth_pv_ga object| _autha function| _authb object| gaGlobal object| gaData7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
safety.mercari.pics/ | Name: PHPSESSID Value: qtg8tmf8jcbonh60kkn56gdg6p |
|
.safety.mercari.pics/ | Name: 62345ba76168db0033ce8ae6a90ce5a762956614 Value: nwcMGFHjQc7nDOZDxhWlbg%3D%3D |
|
.safety.mercari.pics/ | Name: ak_bmsc Value: 4zeEvajla5VXwOLAS9VKlsr0%2BWOGgJY%2BbQmxh%2BGjxwggt%2BpOsS0PkLwchMK46pZ8w3nUh%2FbWFuOGsbuBKlTWggKp7t0r9mF9eqtHl2ICT5sOcx3tzCdXtlIm%2FBQLg6oT31xsLIgFKPd9UFCo7RIDLuMLFTGWuToJLNoqaa9tCdsJfam5evilpRNJWuVkhx5dFFCPzNeWfEoQsMDuIx0UWmnAluioyuMFpTfEjNk5zOWu1FC5V541N1IweIKPI8EyUKqjl4f6OEn6DzJbsqL%2BKK3JXI9%2FynUUdWMTmKfRzzrMmvOKlK45WZIEiLSYXyiRpVc6uMyYnzBt93M4Z0yBkLJswtU%2BR4SC8uriBIUDH1x7b3x4m42ooZpiOdPaueHIUC81Tz39JkVVkAIkDoyTnne2tZuIPa0REZoOLky1JnAJuQ8ZrqadvRxjdqdGVrvNiKBA2tF8wNBhf6nmiS23lIjmghcJ7VW9pDX5j6jC17fMGHiOKwjIkhaQLg1%2BejibTHoX8BUAwN9iswWdwk3sofsFYfsFHgd%2BZj94vysW7q2bEXJAhu2EBzZziXi9CiS2JJGWM6heMbZYtEZUNHVUNj%2FXUfHpZiOs9qDEpSgs5tZ1h69336fOLzXUPIUP%2Fknh13%2FoyjLkh8dPPJkDxYiH3hv9vj0%2BK7OZfMIICDLtz3NcvF%2F5A7MThDLBD05RZ7fjCoofJ4X1kWR%2FNqMVyehWgSdkR%2FyrZDrANyEx2DD66n4%3D |
|
.safety.mercari.pics/ | Name: _amkc Value: 7995301c-2561-40a2-a944-068c9d45b11d |
|
.mercari.pics/ | Name: _auth_pv Value: GA1.2.1483294483.1652840572 |
|
.mercari.pics/ | Name: _auth_pv_gid Value: GA1.2.137927207.1652840572 |
|
.mercari.pics/ | Name: _gat_UA-47453928-10 Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'none' |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
id.smt.docomo.ne.jp
safety.mercari.pics
www.google-analytics.com
www.googletagmanager.com
2404:6800:4004:808::2008
2404:6800:4004:827::200e
34.146.216.235
49.102.154.13
0159d9ba2fba6ff0e211a5cc9a5147519f391b64fd4283528945c66af2c7b51e
04bed74cb3990bbd567a9990de2b479020705026ab58182a5c85a9f58008cb08
2099b96e5926889f45e5ee5613a8ddc2b81b8ba8a164711d80882523e1353091
293b57cc384290eab34796b4a5be203a7de0bbd6c6bcfb9bc41596fe622b5ee9
2c998067e7d2c5d49964e2daca460c3e5e2f81e4dfa9b8637c5aa13eb375bd30
2e16a67f6d66d11462890ffbb47a2d9097ac0a9fa09695ab78637ef0cc66766a
3ad02a59d69b6a6001aab493d9734260075707ac2bb71f0e10cf112102527d2e
3b4a493be4a3d49f41c289ad95f655725cbfe6d53cc3c400f0d564395fb4bebd
46cddb9ec8f08619abaaf564e247a204bf1580ce0cdcb5e62a043bd3e200c813
4ac2d652afb70293e9b3763d5bb9866010a5b58c031c8e80a2c984369cf96f26
52e33a8577de91c095569ac146a3d4165244decbbe82a7dbf85a4af70b9d62c5
6133eaf1a84019a054750bd9da1d6ed981baaa38c58fee9b87633be6ef4d656a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7683b4e530ca40f167b5695ba3ae55c2922d447d8ff764e8faf08579d7593e85
87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51
88c7f436124f03d80bedbe94d8a7beab68ab1785248d9ee3f0226591f76798e5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b873af2cb3674cb4c47edddb6614b4542c4f09b404c3ad278013cbdca192a6ac
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d512d0da9cc205fec87268246523fcb9991a3f3401909e75fc680d14b5fddfec
db5d64a9ea32ed3abb874f295003ef2465cecc2f669efe951930e182c34a5013
f9e4f59d586a04355cb00b2514cd80a8e90ac3469470ebf29c2d49c0ac0a0977