mr-jp.zhoulo.com Open in urlscan Pro
205.185.120.103 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mr-jp.zhoulo.com/
Effective URL:
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
Submission: On December 21 via api (December 21st 2021, 8:36:01 am UTC) from JP — Scanned from JP

Summary HTTP 26 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 26 HTTP transactions. The main IP is 205.185.120.103, located in Las Vegas, United States and belongs to PONYNET, US. The main domain is mr-jp.zhoulo.com.
TLS certificate: Issued by R3 on December 21st 2021. Valid for: 3 months.

This is the only time mr-jp.zhoulo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mercari (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
1 7	205.185.120.103 205.185.120.103	53667 (PONYNET) (PONYNET)
2	199.232.210.128 199.232.210.128	54113 (FASTLY) (FASTLY)
3	199.232.210.131 199.232.210.131	54113 (FASTLY) (FASTLY)
3	2404:6800:400... 2404:6800:4004:80b::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1	() ()
1	2404:6800:400... 2404:6800:4004:827::200d	() ()
26	7

7 205.185.120.103 (Las Vegas, United States) 1 redirects

ASN53667 (PONYNET, US)
PTR: one.one.one.one

mr-jp.zhoulo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.210.128 (United States)

ASN54113 (FASTLY, US)

www.mercari.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.210.131 (United States)

ASN54113 (FASTLY, US)

pcweb-assets.mercdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4004:80b::200e (Australia)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f00f:8:face:b00c:0:1 (None, )

ASN- ()

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:827::200d (None, )

ASN- ()

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	zhoulo.com 1 redirects mr-jp.zhoulo.com	145 KB
4	google.com apis.google.com accounts.google.com	112 KB
3	mercdn.net pcweb-assets.mercdn.net	111 KB
2	facebook.net connect.facebook.net	84 KB
2	mercari.com www.mercari.com	52 KB
0	gstatic.com Failed ssl.gstatic.com Failed
0	bootcdn.net Failed cdn.bootcdn.net Failed
26	7

	Domain	Requested by
7	mr-jp.zhoulo.com	1 redirects mr-jp.zhoulo.com
3	apis.google.com	mr-jp.zhoulo.com apis.google.com
3	pcweb-assets.mercdn.net	mr-jp.zhoulo.com
2	connect.facebook.net	pcweb-assets.mercdn.net connect.facebook.net
2	www.mercari.com	mr-jp.zhoulo.com www.mercari.com
1	accounts.google.com	apis.google.com
0	ssl.gstatic.com Failed	accounts.google.com
0	cdn.bootcdn.net Failed	mr-jp.zhoulo.com
26	8

This site contains links to these domains. Also see Links.

Domain
www.mercari.com

Subject Issuer	Validity	Valid
zhoulo.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.mercari.com GlobalSign GCC R3 DV TLS CA 2020	`2021-06-03` - `2022-07-05`	a year	crt.sh
*.mercdn.net GlobalSign GCC R3 DV TLS CA 2020	`2021-04-15` - `2022-05-17`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-01` - `2021-12-28`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
Frame ID: FF1F13F86496F26DD09395BDD38AB3EB
Requests: 24 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 6C17E694870236DF7ADF3AF4525E7BC0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - メルカリスマホでかんたんフリマアプリ

Page URL History Show full URLs

https://mr-jp.zhoulo.com/ HTTP 302
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

65 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

7
IPs

2
Countries

503 kB
Transfer

1781 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.mercari.com/jp/signup/?after_save_callback=%2Fjp%2F
Title: 新規会員登録

Search URL Search Domain Scan URL

URL: https://www.mercari.com/jp/password/reset/start/
Title: パスワードをお忘れの方

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mr-jp.zhoulo.com/ HTTP 302
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.php Show response
mr-jp.zhoulo.com/login/
Redirect Chain

https://mr-jp.zhoulo.com/
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

10 KB
3 KB

151ms
151ms

Document
text/html

205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL

https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),

Reverse DNS

one.one.one.one

Software

nginx /

Resource Hash

2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
Accept-Language: jp-JP,jp;q=0.9

Response headers

server: nginx
date: Tue, 21 Dec 2021 08:35:29 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-credentials: true
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip

Redirect headers

server: nginx
date: Tue, 21 Dec 2021 08:35:29 GMT
content-type: text/html;charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-credentials: true
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
location: /login/index.php?login_callback=%2Fjp%2F
strict-transport-security: max-age=31536000

GET
H2 200 app.jp.css
www.mercari.com/jp/assets/css/ 337 KB
51 KB 36ms
29ms Stylesheet
text/css 199.232.210.128
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mercari.com/jp/assets/css/app.jp.css?2948830063

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.210.128 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8c7097538a1faabda95894caae8429b86dcb7e093d3e8ef6789b528b79b05124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
x-cache: MISS
x-cache-hits: 0
x-xss-protection: 1; mode=block
x-served-by: cache-hnd18744-HND
last-modified: Mon, 20 Dec 2021 04:03:45 GMT
x-timer: S1640075729.413028,VS0,VE28
date: Tue, 21 Dec 2021 08:35:29 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
cache-control: max-age=2592000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 08:35:29 GMT

GET
H2 200 site-jquery.min.js Show response
mr-jp.zhoulo.com/admin/im/ 91 KB
36 KB 235ms
234ms Script
application/javascript 205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL

https://mr-jp.zhoulo.com/admin/im/site-jquery.min.js

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),

Reverse DNS

one.one.one.one

Software

nginx /

Resource Hash

5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
content-encoding: gzip
last-modified: Mon, 23 Aug 2021 08:34:16 GMT
server: nginx
etag: W/"61235d88-16b60"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Tue, 21 Dec 2021 20:35:29 GMT

GET
H2 200 layui.js Show response
mr-jp.zhoulo.com/admin/im/ 284 KB
105 KB 352ms
351ms Script
application/javascript 205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL

https://mr-jp.zhoulo.com/admin/im/layui.js

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),

Reverse DNS

one.one.one.one

Software

nginx /

Resource Hash

bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
content-encoding: gzip
last-modified: Tue, 06 Jul 2021 04:01:50 GMT
server: nginx
etag: W/"60e3d5ae-471da"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Tue, 21 Dec 2021 20:35:29 GMT

GET layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ 0
0

GET
H2 200 logo_login.svg
pcweb-assets.mercdn.net/assets/img/common/common/ 2 KB
1 KB 14ms
6ms Image
image/svg+xml 199.232.210.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcweb-assets.mercdn.net/assets/img/common/common/logo_login.svg?1110959694

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.210.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
content-encoding: br
age: 28180
x-guploader-uploadid: ADPycduNh1csL8JxPRbVoVpzuhJ_J3-cgbqxGJ-FSISl1D2KmSjB6bQtnBJygUkaemqx6JOfXU-CGUKGltihbtFHWIc
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=31557600
content-length: 1052
via: 1.1 varnish
x-served-by: cache-hnd18744-HND
last-modified: Mon, 20 Dec 2021 04:05:23 GMT
server: UploadServer
vary: Origin,Accept-Encoding
x-goog-hash: crc32c=PEBIuw==, md5=oLXy9fBO1WcgkVR6N8cFcw==
x-goog-generation: 1639973123792591
access-control-allow-origin: *
expires: Wed, 22 Dec 2021 00:45:49 GMT
cache-control: public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length: 1130
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 29

GET
H2 200 logo-gray.svg
pcweb-assets.mercdn.net/assets/img/common/common/ 2 KB
1 KB 14ms
6ms Image
image/svg+xml 199.232.210.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcweb-assets.mercdn.net/assets/img/common/common/logo-gray.svg?1110959694

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.210.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
content-encoding: br
age: 6031
x-guploader-uploadid: ADPycdsnzSeHgUssAMJRFkhN_4-Tx_fF1sx7g5vSCL3m3BRR5ecgPclhU2NvlRLukaeIHKf2yr6ow3CvqOo9YVJJyAcRrA_p6w
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=31557600
content-length: 993
via: 1.1 varnish
x-served-by: cache-hnd18744-HND
last-modified: Mon, 20 Dec 2021 04:05:23 GMT
server: UploadServer
vary: Origin,Accept-Encoding
x-goog-hash: crc32c=TBiAXQ==, md5=GFhbSvBVuMcyLaEscMaTjQ==
x-goog-generation: 1639973123717124
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 06:46:37 GMT
cache-control: public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length: 1065
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 3

GET
H2 200 api:client.js Show response
apis.google.com/js/ 13 KB
6 KB 393ms
311ms Script
application/javascript 2404:6800:4004:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api:client.js

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

041a273bfb003335c0fd399fea7d926a982e031acc0cb0a6d3d6d9fbb9de09de

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-DcCpuH5KDdJZK7acH6mnyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
cross-origin-opener-policy: same-origin
etag: "cfb54ebf8ddc0d01cadd7b4aa02f3d99"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'nonce-DcCpuH5KDdJZK7acH6mnyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Tue, 21 Dec 2021 08:35:30 GMT

GET
H2 200 app.js Show response
pcweb-assets.mercdn.net/assets/js/ 435 KB
108 KB 10ms
1ms Script
text/javascript 199.232.210.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://pcweb-assets.mercdn.net/assets/js/app.js?2409678128

Requested by

Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.210.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09d6bb4377e0cc0acf7c2041bbddd4d861d3bf1d3b1cd67acb52d1d11246cbe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
content-encoding: br
age: 9198
x-guploader-uploadid: ADPycdtvSx-yAXK_Hrtuby7LHHQFYeZmVHsQX2J5D8dOQqnoiNalw05_JK_TTBmvV5Cf1XVE_r7Ll_U9p-Mv6wObEqxoAbYx8Q
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=31557600
content-length: 110059
via: 1.1 varnish
x-served-by: cache-hnd18744-HND
last-modified: Mon, 20 Dec 2021 04:05:25 GMT
server: UploadServer
vary: Origin,Accept-Encoding
x-goog-hash: crc32c=Lhj4ww==, md5=yWLTJunrZOB+XWtPRZmoXg==
x-goog-generation: 1639973125689228
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 06:00:52 GMT
cache-control: public,max-age=0,s-maxage=86400,no-transform
x-goog-stored-content-length: 137564
accept-ranges: bytes
content-type: text/javascript
x-cache-hits: 2

GET
H2 404 laydate.css
mr-jp.zhoulo.com/admin/im/css/modules/laydate/default/ 0
0 118ms
118ms Stylesheet
text/html 205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL: https://mr-jp.zhoulo.com/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
Requested by: Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),
Reverse DNS: one.one.one.one
Software: nginx /
Resource Hash

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
server: nginx
content-length: 146
content-type: text/html

GET
H2 404 layer.css
mr-jp.zhoulo.com/admin/im/css/modules/layer/default/ 0
0 117ms
117ms Stylesheet
text/html 205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL: https://mr-jp.zhoulo.com/admin/im/css/modules/layer/default/layer.css?v=3.5.1
Requested by: Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),
Reverse DNS: one.one.one.one
Software: nginx /
Resource Hash

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
server: nginx
content-length: 146
content-type: text/html

GET
H2 404 code.css
mr-jp.zhoulo.com/admin/im/css/modules/ 0
0 117ms
117ms Stylesheet
text/html 205.185.120.103
PONYNET

General

Check archive.org

Show headers Download Go to

Full URL: https://mr-jp.zhoulo.com/admin/im/css/modules/code.css?v=2
Requested by: Host: mr-jp.zhoulo.com
URL: https://mr-jp.zhoulo.com/admin/im/layui.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 205.185.120.103 Las Vegas, United States, ASN53667 (PONYNET, US),
Reverse DNS: one.one.one.one
Software: nginx /
Resource Hash

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Tue, 21 Dec 2021 08:35:29 GMT
server: nginx
content-length: 146
content-type: text/html

GET
H2 200 google.svg
www.mercari.com/jp/assets/img/common/common/ 4 KB
1 KB 20ms
19ms Image
image/svg+xml 199.232.210.128
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mercari.com/jp/assets/img/common/common/google.svg

Requested by

Host: www.mercari.com
URL: https://www.mercari.com/jp/assets/css/app.jp.css?2948830063

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.232.210.128 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://www.mercari.com/jp/assets/css/app.jp.css?2948830063
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
x-cache: MISS
x-cache-hits: 0
x-xss-protection: 1; mode=block
x-served-by: cache-hnd18744-HND
last-modified: Mon, 20 Dec 2021 04:00:31 GMT
x-timer: S1640075759.414794,VS0,VE17
date: Tue, 21 Dec 2021 08:35:59 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish
cache-control: max-age=2592000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 08:35:59 GMT

GET SourceSansPro-Regular.ttf.woff2
www.mercari.com/jp/assets/fonts/ 0
0

GET icon-font.woff
www.mercari.com/jp/assets/fonts/ 0
0

GET SourceSansPro-Semibold.ttf.woff2
www.mercari.com/jp/assets/fonts/ 0
0

GET icon-font.ttf
www.mercari.com/jp/assets/fonts/ 0
0

GET SourceSansPro-Regular.otf.woff
www.mercari.com/jp/assets/fonts/ 0
0

GET SourceSansPro-Semibold.otf.woff
www.mercari.com/jp/assets/fonts/ 0
0

GET SourceSansPro-Regular.ttf
www.mercari.com/jp/assets/fonts/ 0
0

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 309 KB
105 KB 5ms
4ms Script
text/javascript 2404:6800:4004:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api:client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa94a1a63282356f244092a1f94f159c1add94fbec471be8722da55b260794fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Wed, 15 Dec 2021 05:52:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 528213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107197
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 04:25:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Dec 2022 05:52:27 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/ja_JP/ 3 KB
2 KB 135ms
9ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ja_JP/sdk.js

Requested by

Host: pcweb-assets.mercdn.net
URL: https://pcweb-assets.mercdn.net/assets/js/app.js?2409678128

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 -, , ASN (),

Reverse DNS

Software

Resource Hash

58b083ee9bd9478f9dbd9713c9190308cd649db6537c78961bb28c1f88b905fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7e/OcZRlfcNy7lfk3wBsIQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: IzXvv3sXkkJ7bb9k4tW9I/XPasDiNZQWWp6D7dy3/a93gxq89UOUby/JgLyFReZA1bHCElC6+fB+GItz7gBiJQ==
x-fb-trip-id: 382461245
x-fb-content-md5: 539fee150500e40d471ee11cc1c82026
x-frame-options: DENY
date: Tue, 21 Dec 2021 08:36:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "295a49223d4239342195d0e21ec9f4b4"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 21 Dec 2021 08:55:10 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ 62 B
86 B 4ms
4ms Script
text/javascript 2404:6800:4004:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api:client.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2404:6800:4004:80b::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

date: Wed, 15 Dec 2021 05:52:27 GMT
x-content-type-options: nosniff
age: 528213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62
x-xss-protection: 0
last-modified: Wed, 01 Dec 2021 04:25:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Dec 2022 05:52:27 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 6C17 513 B
892 B 128ms
49ms Document
text/html 2404:6800:4004:827::200d

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:827::200d -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

09e1d85fc39ec223ad08421bf0c333b6438fd65d63c3cac51810d3bcf44fa93b

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-hO+US+rBFyhVjSxIG/VqwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
Accept-Language: jp-JP,jp;q=0.9
Referer: https://mr-jp.zhoulo.com/

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 21 Dec 2021 08:36:00 GMT
content-language: en-US
content-security-policy: script-src 'nonce-hO+US+rBFyhVjSxIG/VqwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sdk.js Show response
connect.facebook.net/ja_JP/ 290 KB
82 KB 21ms
9ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ja_JP/sdk.js?hash=a4cda9c5168860430a5d5bed58d29c53

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ja_JP/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 -, , ASN (),

Reverse DNS

Software

Resource Hash

a2a64c25931dafec4df2ffa1ecc78b799b3ff76a6cc0a5dad300b335b7018e29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://mr-jp.zhoulo.com/
Origin: https://mr-jp.zhoulo.com
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: SHoZ3xMPeu99jwp+pMqZHg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 83541
x-fb-rlafr: 0
x-fb-debug: tGaKw0RGu4+9DFH8jTXQDkgv4kksJNuNf13ApBj3WrUPim4y8K/qKlvvkCXBzJ0Bi0oo0ZnTcKalfDLNcRSL3A==
x-fb-content-md5: 1da8136668e823beb8338f5b7d08bb00
x-frame-options: DENY
date: Tue, 21 Dec 2021 08:36:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "745f91282cd9c012e5307212fdf3dc1f"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 21 Dec 2022 06:47:56 GMT

GET 2013763852-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame 6C17 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.bootcdn.net
URL: https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/icon-font.woff?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/icon-font.ttf?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?81088520

Domain: www.mercari.com
URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?81088520

Domain: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/2013763852-idpiframe.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mercari (E-commerce)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mr-jp.zhoulo.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 46ndbcnoo7qf1mrqk146dr8s70

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mr-jp.zhoulo.com/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mr-jp.zhoulo.com/admin/im/css/modules/layer/default/layer.css?v=3.5.1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mr-jp.zhoulo.com/admin/im/css/modules/code.css?v=2 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/icon-font.woff?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/icon-font.woff?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/icon-font.ttf?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/icon-font.ttf?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?81088520 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Message: Access to font at 'https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?81088520' from origin 'https://mr-jp.zhoulo.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?81088520 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css Message: Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
cdn.bootcdn.net
connect.facebook.net
mr-jp.zhoulo.com
pcweb-assets.mercdn.net
ssl.gstatic.com
www.mercari.com
cdn.bootcdn.net
ssl.gstatic.com
www.mercari.com
199.232.210.128
199.232.210.131
205.185.120.103
2404:6800:4004:80b::200e
2404:6800:4004:827::200d
2a03:2880:f00f:8:face:b00c:0:1
041a273bfb003335c0fd399fea7d926a982e031acc0cb0a6d3d6d9fbb9de09de
09d6bb4377e0cc0acf7c2041bbddd4d861d3bf1d3b1cd67acb52d1d11246cbe3
09e1d85fc39ec223ad08421bf0c333b6438fd65d63c3cac51810d3bcf44fa93b
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1
58b083ee9bd9478f9dbd9713c9190308cd649db6537c78961bb28c1f88b905fc
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
8c7097538a1faabda95894caae8429b86dcb7e093d3e8ef6789b528b79b05124
a2a64c25931dafec4df2ffa1ecc78b799b3ff76a6cc0a5dad300b335b7018e29
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc
fa94a1a63282356f244092a1f94f159c1add94fbec471be8722da55b260794fc

mr-jp.zhoulo.com Open in urlscan Pro 205.185.120.103 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

65 %HTTPS

50 %IPv6

7 Domains

8 Subdomains

7 IPs

2 Countries

503 kBTransfer

1781 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

18 Console Messages

Security Headers

Indicators

mr-jp.zhoulo.com Open in urlscan Pro
205.185.120.103 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

65 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

7
IPs

2
Countries

503 kB
Transfer

1781 kB
Size

1
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!