mr-jp.zhoulo.com
Open in
urlscan Pro
205.185.120.103
Malicious Activity!
Public Scan
Effective URL: https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
Submission: On December 21 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on December 21st 2021. Valid for: 3 months.
This is the only time mr-jp.zhoulo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Mercari (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 205.185.120.103 205.185.120.103 | 53667 (PONYNET) (PONYNET) | |
2 | 199.232.210.128 199.232.210.128 | 54113 (FASTLY) (FASTLY) | |
3 | 199.232.210.131 199.232.210.131 | 54113 (FASTLY) (FASTLY) | |
3 | 2404:6800:400... 2404:6800:4004:80b::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1 | () () | |
1 | 2404:6800:400... 2404:6800:4004:827::200d | () () | |
26 | 7 |
ASN53667 (PONYNET, US)
PTR: one.one.one.one
mr-jp.zhoulo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
zhoulo.com
1 redirects
mr-jp.zhoulo.com |
145 KB |
4 |
google.com
apis.google.com accounts.google.com |
112 KB |
3 |
mercdn.net
pcweb-assets.mercdn.net |
111 KB |
2 |
facebook.net
connect.facebook.net |
84 KB |
2 |
mercari.com
www.mercari.com |
52 KB |
0 |
gstatic.com
Failed
ssl.gstatic.com Failed |
|
0 |
bootcdn.net
Failed
cdn.bootcdn.net Failed |
|
26 | 7 |
Domain | Requested by | |
---|---|---|
7 | mr-jp.zhoulo.com |
1 redirects
mr-jp.zhoulo.com
|
3 | apis.google.com |
mr-jp.zhoulo.com
apis.google.com |
3 | pcweb-assets.mercdn.net |
mr-jp.zhoulo.com
|
2 | connect.facebook.net |
pcweb-assets.mercdn.net
connect.facebook.net |
2 | www.mercari.com |
mr-jp.zhoulo.com
www.mercari.com |
1 | accounts.google.com |
apis.google.com
|
0 | ssl.gstatic.com Failed |
accounts.google.com
|
0 | cdn.bootcdn.net Failed |
mr-jp.zhoulo.com
|
26 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mercari.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
zhoulo.com R3 |
2021-12-21 - 2022-03-21 |
3 months | crt.sh |
*.mercari.com GlobalSign GCC R3 DV TLS CA 2020 |
2021-06-03 - 2022-07-05 |
a year | crt.sh |
*.mercdn.net GlobalSign GCC R3 DV TLS CA 2020 |
2021-04-15 - 2022-05-17 |
a year | crt.sh |
*.apis.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-10-01 - 2021-12-28 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
accounts.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F
Frame ID: FF1F13F86496F26DD09395BDD38AB3EB
Requests: 24 HTTP requests in this frame
Frame:
https://accounts.google.com/o/oauth2/iframe
Frame ID: 6C17E694870236DF7ADF3AF4525E7BC0
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
ログイン - メルカリ スマホでかんたん フリマアプリPage URL History Show full URLs
-
https://mr-jp.zhoulo.com/
HTTP 302
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: 新規会員登録
Search URL Search Domain Scan URL
Title: パスワードをお忘れの方
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mr-jp.zhoulo.com/
HTTP 302
https://mr-jp.zhoulo.com/login/index.php?login_callback=%2Fjp%2F Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
mr-jp.zhoulo.com/login/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.jp.css
www.mercari.com/jp/assets/css/ |
337 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-jquery.min.js
mr-jp.zhoulo.com/admin/im/ |
91 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layui.js
mr-jp.zhoulo.com/admin/im/ |
284 KB 105 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
layer.min.css
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_login.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-gray.svg
pcweb-assets.mercdn.net/assets/img/common/common/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api:client.js
apis.google.com/js/ |
13 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
pcweb-assets.mercdn.net/assets/js/ |
435 KB 108 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
laydate.css
mr-jp.zhoulo.com/admin/im/css/modules/laydate/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layer.css
mr-jp.zhoulo.com/admin/im/css/modules/layer/default/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code.css
mr-jp.zhoulo.com/admin/im/css/modules/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google.svg
www.mercari.com/jp/assets/img/common/common/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.ttf.woff2
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-font.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Semibold.otf.woff
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf
www.mercari.com/jp/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ |
309 KB 105 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/ja_JP/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.qv6viowpwpE.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOaUfPxgj7Tq1y4CPKAnKfHQ9ZJNQ/ |
62 B 86 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe
accounts.google.com/o/oauth2/ Frame 6C17 |
513 B 892 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sdk.js
connect.facebook.net/ja_JP/ |
290 KB 82 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
2013763852-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame 6C17 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdn.bootcdn.net
- URL
- https://cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf.woff2?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.woff?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.ttf.woff2?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/icon-font.ttf?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.otf.woff?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Semibold.otf.woff?81088520
- Domain
- www.mercari.com
- URL
- https://www.mercari.com/jp/assets/fonts/SourceSansPro-Regular.ttf?81088520
- Domain
- ssl.gstatic.com
- URL
- https://ssl.gstatic.com/accounts/o/2013763852-idpiframe.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Mercari (E-commerce)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| layui function| lay number| errors object| layer object| jQuery1101099755606969740621 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mr-jp.zhoulo.com/ | Name: PHPSESSID Value: 46ndbcnoo7qf1mrqk146dr8s70 |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
apis.google.com
cdn.bootcdn.net
connect.facebook.net
mr-jp.zhoulo.com
pcweb-assets.mercdn.net
ssl.gstatic.com
www.mercari.com
cdn.bootcdn.net
ssl.gstatic.com
www.mercari.com
199.232.210.128
199.232.210.131
205.185.120.103
2404:6800:4004:80b::200e
2404:6800:4004:827::200d
2a03:2880:f00f:8:face:b00c:0:1
041a273bfb003335c0fd399fea7d926a982e031acc0cb0a6d3d6d9fbb9de09de
09d6bb4377e0cc0acf7c2041bbddd4d861d3bf1d3b1cd67acb52d1d11246cbe3
09e1d85fc39ec223ad08421bf0c333b6438fd65d63c3cac51810d3bcf44fa93b
0f34f7d169129d40b428ac87ea520dce5c3acafe7d25699aaddf13a3b381d150
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
2e950674873dd49040d8253e3eb99d9452e291678e10274b546be2cbd9475bf1
58b083ee9bd9478f9dbd9713c9190308cd649db6537c78961bb28c1f88b905fc
5994332aadd364a7350ad226ef61c1c75dc97372f739e01682e190be3abaf672
8c7097538a1faabda95894caae8429b86dcb7e093d3e8ef6789b528b79b05124
a2a64c25931dafec4df2ffa1ecc78b799b3ff76a6cc0a5dad300b335b7018e29
bbfe1536a99000acceb61f549aa59354cc596efc9f10d3843aab6b273f5adb1e
e7da0f54124149beabcfbf394ab24c825c88d5c6990ee84e7e46cf5b4bf86bb4
f4c823301da0441f633837b7b207f4711269ff5c49e8d82f66df3324031a30cc
fa94a1a63282356f244092a1f94f159c1add94fbec471be8722da55b260794fc