jp-meircari-com.te79r.cn Open in urlscan Pro
2606:4700:3037::ac43:94bb Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://jp-meircari-com.te79r.cn/
Effective URL:
https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F
Submission: On December 28 via api (December 28th 2021, 4:03:30 pm UTC) from JP — Scanned from JP

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3037::ac43:94bb, located in United States and belongs to CLOUDFLARENET, US. The main domain is jp-meircari-com.te79r.cn.
TLS certificate: Issued by R3 on December 26th 2021. Valid for: 3 months.

This is the only time jp-meircari-com.te79r.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mercari (E-commerce)

Domain & IP information

	IP Address		AS Autonomous System
3 12	2606:4700:303... 2606:4700:3037::ac43:94bb		13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	1

12 2606:4700:3037::ac43:94bb (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

jp-meircari-com.te79r.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	te79r.cn 3 redirects jp-meircari-com.te79r.cn	242 KB
9	1

	Domain	Requested by
12	jp-meircari-com.te79r.cn	3 redirects jp-meircari-com.te79r.cn
9	1

This site contains links to these domains. Also see Links.

Domain
www.mercari.com

Subject Issuer	Validity	Valid
*.te79r.cn R3	`2021-12-26` - `2022-03-26`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F
Frame ID: AA24975DA7F308ABD2383B7EFDAE1D30
Requests: 6 HTTP requests in this frame

Frame: https://jp-meircari-com.te79r.cn/jp/login/index_3.html
Frame ID: FAFE69FFB59148DD334C489EB8553D66
Requests: 1 HTTP requests in this frame

Frame: https://jp-meircari-com.te79r.cn/jp/login/index_4.html
Frame ID: C3762C5EAD431A35E194EA2FBB204809
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - メルカリスマホでかんたんフリマアプリ

Page URL History Show full URLs

https://jp-meircari-com.te79r.cn/ HTTP 302
https://jp-meircari-com.te79r.cn/jp/login?login_callback=%2Fjp%2F HTTP 301
http://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F HTTP 301
https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

241 kB
Transfer

562 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.mercari.com/jp/

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/signup/
Title: 新規会員登録

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/password/reset/start/
Title: パスワードをお忘れの方

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/privacy/
Title: プライバシーポリシー

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/tos/
Title: メルカリ利用規約

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/tokutei/
Title: 特定商取引に関する表記

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://jp-meircari-com.te79r.cn/ HTTP 302
https://jp-meircari-com.te79r.cn/jp/login?login_callback=%2Fjp%2F HTTP 301
http://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F HTTP 301
https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response jp-meircari-com.te79r.cn/jp/login/ Redirect Chain https://jp-meircari-com.te79r.cn/ https://jp-meircari-com.te79r.cn/jp/login?login_callback=%2Fjp%2F http://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F	18 KB 5 KB	285ms 284ms	Document text/html	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a044f2a1649ad18e04a7e48204e6b651fa68f8189de95a4be62ac0db17168702` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4giegulmvQTaRme9yNdY2tlZZD7H8oQDN5zH9%2F00K%2BfKBGVyJcm%2BwF4mEcIJ8GLK7jTo7qJd%2BVVvdmrPAJEMeeCBL6XhyqTEZqN7TKcM59SBq9ohbLYy31q%2FZcKNPrldBE5VLCfWgrO9EsYxgYPvZZJCKi2f1o%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6c4c04c68a851ed4-NRT content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers Date Tue, 28 Dec 2021 16:03:25 GMT Transfer-Encoding chunked Connection keep-alive Cache-Control max-age=3600 Expires Tue, 28 Dec 2021 17:03:25 GMT Location https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSQTlk6uL%2Bv6x7TaVRpZMoW68pc83EbKPm11LfQxKLJAdTwxEE1vyv0SWlRcJjcjK74E9%2F5DFVZROBfNUfDgsNSuYG0wTYA%2Brq0cJzKA2LSRZOTu59yd5IH%2Bdg%2Bx0G95wkIWB7BLK436xGOADdrtRJaiTbTlJYk%3D"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary Accept-Encoding Server cloudflare CF-RAY 6c4c04c678421ed0-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	app.jp.css jp-meircari-com.te79r.cn/jp/login/	342 KB 54 KB	15ms 15ms	Stylesheet text/css	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/app.jp.css Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `44551cd3256d56a204f8499e425b5fe94c70fe67b824b30dc2365f9f06b09863` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 24274 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare etag W/"60eeae28-5595c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=206jKmTrhf3NCedoex%2FrIt%2FFsFiiKl4gW2gdoyiA4ZGws6ZSWaSK8pNBgLu%2F8fTJPLK6xswdhxMT2AGL2GGMqjqxalUWM%2FpRQNx7x0MZ4JSV2PuXPJzVsUyPKqRSY6olCTpTKB8oDobidv1UYWH3xbO9s86N1os%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 6c4c04c8ad711ed4-NRT expires Tue, 28 Dec 2021 21:18:52 GMT
GET H3	200	logo_login.svg jp-meircari-com.te79r.cn/jp/login/	2 KB 2 KB	11ms 11ms	Image image/svg+xml	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://jp-meircari-com.te79r.cn/jp/login/logo_login.svg Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-encoding br cf-cache-status HIT last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare age 3434 etag W/"60eeae28-933" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsPz5%2FN8cZiHnbaITpgmft70TVdjN2h1oE7pLErdktSZAVUHeRGYGYWzNcxNXve6uqfSbjJG5VW6NPjgz4rzmiZ9cCVc95%2FML5QoYdYfoyzuaQDKmDRgKi5rgZNiYhdOYnqW3rfM2ABqfZ%2BZIWTNryC6oxCa6Y%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6c4c04c8ad731ed4-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	logo-gray.svg jp-meircari-com.te79r.cn/jp/login/	2 KB 2 KB	10ms 9ms	Image image/svg+xml	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://jp-meircari-com.te79r.cn/jp/login/logo-gray.svg Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-encoding br cf-cache-status HIT last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare age 3434 etag W/"60eeae28-8fe" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsayPAoUVUl%2BPK%2F3b1UB%2FIW%2FG2NKqLlsgiA9Pi37vtUT1J8fJ94Jd1mTQh8ggcfS8CoZZQccxRxK8KA5ojUmezYS6bdXJGlpZfmBwUx%2BI%2BQgfO3RV1Xh9apVJyOBtc6sjZzbGv6DSnrqrdVXq1yYH8aOuJymBoM%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6c4c04c8ad741ed4-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	index_3.html Show response jp-meircari-com.te79r.cn/jp/login/ Frame FAFE	418 B 772 B	135ms 135ms	Document text/html	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/index_3.html Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dfcd53112239cabceb6a7777dd8acecd6bf94ecbc87afd5a476a2642771e3472` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-type text/html last-modified Wed, 14 Jul 2021 09:28:08 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vbfpsbPUpZoQ9BFC2aZFpJ3muWNxBwEfm%2BEcq4GLq7DW%2FjoQF0LHml5o4%2BvStPmkbv%2FqgZr1uWf7jhRP8c%2FWd3hUapADuftkwKQjrMWmYRDamifnLBnRBky43VTWlZ24kxcNXaeOVd8ak2gzEKPZD1%2Bq75mNuhc%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6c4c04c8bd7e1ed4-NRT content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	index_4.html Show response jp-meircari-com.te79r.cn/jp/login/ Frame C376	5 KB 1 KB	257ms 257ms	Document text/html	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/index_4.html Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `32e5a3c12f3bf4706a0e5eec3b83896aac5963cdf53436c4513ce4f799668886` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-type text/html last-modified Wed, 14 Jul 2021 09:28:08 GMT vary Accept-Encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM%2BGx0PcR15YfEXm5FclOAa2Tbqf5C%2FnAWEY7KmqQNVhJrBuCCFoUX9fF86VsbLhcOfc7321ijVW8Z0kdhQwNjX%2BDSwEIMzYxB%2FZJag02zVqWjoyG3cgu867OfvIWoa9qO4MLmp6%2BlIut20AWchRh3pF4%2BOWSHg%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6c4c04c8bd7f1ed4-NRT content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	SourceSansPro-Regular.ttf.woff2 jp-meircari-com.te79r.cn/jp/login/	85 KB 85 KB	10ms 10ms	Font font/woff2	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/SourceSansPro-Regular.ttf.woff2 Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/app.jp.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `27c06ca531d01f12d9e28d869000985e4cf84dd0724afe578e942d44f09d19c2` Request headers Referer https://jp-meircari-com.te79r.cn/jp/login/app.jp.css Origin https://jp-meircari-com.te79r.cn Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3434 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 86844 last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare etag "60eeae28-1533c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ub7%2F8iPNSH4XMxEZ%2ByeQnzr%2FANx7MDFzTR0yS07HQTY5kUvGO3yM7XDjGv2Kql5fliGx1LGPm5N06%2FU7OObC13WBZOCkx2XUNRP%2FgfSbROnAbRE5%2FqW8bzY5aHss8Rew%2B6E8jhVR0isi5Hzs9HaF0Wk0Wi4%2FX4%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 6c4c04c8edb61ed4-NRT
GET H3	200	SourceSansPro-Semibold.ttf.woff2 jp-meircari-com.te79r.cn/jp/login/	84 KB 85 KB	9ms 9ms	Font font/woff2	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/SourceSansPro-Semibold.ttf.woff2 Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/app.jp.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b96f55ccea2c4ad959ca841fa881a893e7df33a2e575d621a81d2f1063b429c4` Request headers Referer https://jp-meircari-com.te79r.cn/jp/login/app.jp.css Origin https://jp-meircari-com.te79r.cn Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3434 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 86196 last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare etag "60eeae28-150b4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kB7cBMlodenEx4ZcBhR6MPrHJ1Yohm1q9s6Ed%2BkDaXwj8OU8qUyRPLgPJIvCHDxc9rcNjdbu4bAlIJid4A5%2FicLU0VIuvAP%2BxNjzBZyRbMpUhwnCwWw2nKZCOWhU%2FivrpQMj0a%2FMQ1YH65YvwjaKv0kyDd%2BCATw%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 6c4c04c8edc11ed4-NRT
GET H3	200	styles__ltr.css jp-meircari-com.te79r.cn/jp/login/ Frame C376	23 KB 5 KB	12ms 11ms	Stylesheet text/css	2606:4700:3037::ac43:94bb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://jp-meircari-com.te79r.cn/jp/login/styles__ltr.css Requested by Host: jp-meircari-com.te79r.cn URL: https://jp-meircari-com.te79r.cn/jp/login/index_4.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:94bb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f13a85a437b6c04df85a5864d0e07b4931cef12e09a6bd2e2cd5d8723a47a917` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://jp-meircari-com.te79r.cn/jp/login/index_4.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Tue, 28 Dec 2021 16:03:26 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 24274 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Wed, 14 Jul 2021 09:28:08 GMT server cloudflare etag W/"60eeae28-5abb" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWbJKMsSRgvzhHK2MhhUhNnuH8yu1aajz37YgM1bqaABebOTLJcFyJLd7SSxN1%2BDswwd1kr7chxjiTh2TOCdT3v81jOU7laORlZUZP%2BAEUUGSSazKq%2BkymZHqAihJVHR8B9RncVeNBlZYWq4yjiK%2BocqyBhEmVc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 6c4c04ca8fcc1ed4-NRT expires Tue, 28 Dec 2021 21:18:52 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mercari (E-commerce)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			jp-meircari-com.te79r.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: anr4vqmu7srda9o4i4p9r4kn51

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F(Line 155) Message: Error while parsing the 'sandbox' attribute: 'allow-storage-access-by-user-activation' is an invalid sandbox flag.
other	error	URL: https://jp-meircari-com.te79r.cn/jp/login/?login_callback=%2Fjp%2F(Line 155) Message: Error while parsing the 'sandbox' attribute: 'allow-storage-access-by-user-activation' is an invalid sandbox flag.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jp-meircari-com.te79r.cn
2606:4700:3037::ac43:94bb
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
27c06ca531d01f12d9e28d869000985e4cf84dd0724afe578e942d44f09d19c2
32e5a3c12f3bf4706a0e5eec3b83896aac5963cdf53436c4513ce4f799668886
44551cd3256d56a204f8499e425b5fe94c70fe67b824b30dc2365f9f06b09863
a044f2a1649ad18e04a7e48204e6b651fa68f8189de95a4be62ac0db17168702
b96f55ccea2c4ad959ca841fa881a893e7df33a2e575d621a81d2f1063b429c4
dfcd53112239cabceb6a7777dd8acecd6bf94ecbc87afd5a476a2642771e3472
f13a85a437b6c04df85a5864d0e07b4931cef12e09a6bd2e2cd5d8723a47a917
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc

jp-meircari-com.te79r.cn Open in urlscan Pro 2606:4700:3037::ac43:94bb Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

241 kBTransfer

562 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

jp-meircari-com.te79r.cn Open in urlscan Pro
2606:4700:3037::ac43:94bb Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

241 kB
Transfer

562 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!