zoxh.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
-1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request f81ea72a9e0db85271a32d4f93761424abf13ab5.html Show response zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/	114 KB 26 KB	322ms 248ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash cc3daeac9b37c8d3911af15c83cd964a9d4da831051db89c5983afb19d9edc24 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=1, private, must-revalidate cf-cache-status DYNAMIC cf-ray 72349e0a8b11b778-AMS content-encoding br content-type text/html; charset=utf-8 date Thu, 30 Jun 2022 05:49:12 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Sat, 02 Jul 2022 05:49:12 GMT last-modified Tue, 28 Jun 2022 09:18:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=469tqNRyFe4tVF2vIV9PgwP24naWjsMCLy9oVhw0KCBvzKUo7RmumpIYBn8pt6boO8Zhi75zDVK1gPoNE%2FSDuxBJb0wjxVx0GihSxi6F5LCaPhZeyZYlPMH9Lj%2By%2B5RqmvcWe8cekQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PleskLin
GET H2	200	proximanova-light.woff2 http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/	14 KB 14 KB	168ms 51ms	Font application/octet-stream	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-light.woff2 Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash 9bb769c5a9f25f8d52e9ba56881641ec0ca019da478cf2910457fdbea01fcd14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://zoxh.com/ Origin https://zoxh.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-object-meta-x-swift-migration-status migrated date Thu, 30 Jun 2022 05:49:13 GMT x-content-type-options nosniff x-d2id 71b1c9f9-2e15-48b8-bd74-55285d20988e x-cdn a id 98794 content-length 14076 x-xss-protection 1; mode=block x-request-id 71b1c9f9-2e15-48b8-bd74-55285d20988e last-modified Tue, 25 Jun 2019 04:55:16 GMT server Tengine etag 0de1fd16bf20e0b68646e390d439ab42 content-type application/octet-stream access-control-allow-origin * x-timestamp 1561438515 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	proximanova-regular.woff2 http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/	14 KB 14 KB	199ms 83ms	Font application/octet-stream	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-regular.woff2 Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash 9411ab12b8dd65ce03ea7e1c62557fc2d1eaa1d5d1493609a14a2e29b8342918 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://zoxh.com/ Origin https://zoxh.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-object-meta-x-swift-migration-status migrated date Thu, 30 Jun 2022 05:49:13 GMT x-content-type-options nosniff x-d2id ce73384c-e6a9-47d2-a7ef-1dd2ef08b99f x-cdn a id 49473 content-length 14076 x-xss-protection 1; mode=block x-request-id ce73384c-e6a9-47d2-a7ef-1dd2ef08b99f last-modified Tue, 25 Jun 2019 04:55:17 GMT server Tengine etag 67ff311675dbd02ddb898f02af6fddaf content-type application/octet-stream access-control-allow-origin * x-timestamp 1561438516 cache-control public, max-age=31536000 accept-ranges bytes
GET H2	200	8f8131726acf28dd70ea330f6f05af7486e651de.css zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/	51 KB 11 KB	35ms 35ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/8f8131726acf28dd70ea330f6f05af7486e651de.css Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash c22b4c1d91fb99d37e988009fa5280723cb0639a18905ec7a081cf8e9c451f1c Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 30 Jun 2022 05:49:12 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 71428 x-powered-by PleskLin cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Tue, 28 Jun 2022 09:16:04 GMT server cloudflare etag W/"62bac6d4-cb07" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3IqJYsbsHZfre7sj1DwgvZYtB5xMYmrkwlo9gnVthjGq980lEKC8gq8dVnW5B1157K8jJVpEsIfebC%2FbD7zi7h5B4UATHoUksi65rR%2FBixb3jsbDBAlSULeUfi7Rj6J4oVmvitGKg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 72349e0c2d1db778-AMS expires Fri, 28 Jun 2024 09:58:44 GMT
GET H3	200	fecf10d4ce9782fd8af371df58f264b7ff6c4762.css zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/	47 KB 10 KB	39ms 39ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/fecf10d4ce9782fd8af371df58f264b7ff6c4762.css Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash c07f7495aa7ae402f4d5bbaa1652fc89ba73a513500c95054a88ea39aa17348b Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 30 Jun 2022 05:49:13 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 71567 x-powered-by PleskLin cf-bgj minify alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Tue, 28 Jun 2022 09:16:04 GMT server cloudflare etag W/"62bac6d4-b9e4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ldHeVh6LW38wV9tIpgsfqgLLYyd%2FhjKKr5JHOufSkquyDLESAG7USXObCycEJeAXS5Kidg05PR9jtEQrDmG9MdyCftvXzCo3NeahB4fPU6e3CPCvae9dGspI0yjTAjSsHe%2FAzJ0IQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 cf-ray 72349e0cce73b7a3-AMS expires Fri, 28 Jun 2024 09:56:26 GMT
GET H3	200	583753866512d7d96bee77330199e7f8ed7d92ab.jpg zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/	43 B 700 B	33ms 32ms	Image image/jpeg	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/583753866512d7d96bee77330199e7f8ed7d92ab.jpg Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 30 Jun 2022 05:49:13 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 50888 x-powered-by PleskLin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43 last-modified Tue, 28 Jun 2022 09:18:03 GMT server cloudflare etag "2b-5e27e8386d4c2" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UUT2J15pj0RvzcopCy4ksK9dmLIokoxvTO%2B7FpZukzp1ZNybd9Ze0OaXoCDl8IDkPPz03PWNu108g%2FGWFY0d1pQVbZjV%2FMY6PkW2nE%2BLlZH%2FRXWIvmbZvtgb6Sm9konT4y9f%2B71tHA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg x-accel-version 0.01 cache-control public, max-age=2592000 accept-ranges bytes cf-ray 72349e0cce75b7a3-AMS expires Fri, 28 Jun 2024 15:41:05 GMT
GET H2	200	logo__large_plus.png http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/mercadolibre/	2 KB 3 KB	107ms 35ms	Image image/png	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/mercadolibre/logo__large_plus.png Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/8f8131726acf28dd70ea330f6f05af7486e651de.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash ad5770044116d111d04046d3099c4ea0139255e89aa01f2df012d4437ee9eb6d Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers strict-transport-security max-age=15552000; includeSubDomains x-content-type-options nosniff x-d2id 2d8bd1bb-e395-4ba1-ac04-98eec2f67c90 x-permitted-cross-domain-policies none x-dns-prefetch-control on x-envoy-upstream-service-time 4 content-length 2494 x-xss-protection 1; mode=block x-request-id 2d8bd1bb-e395-4ba1-ac04-98eec2f67c90 x-cdn a referrer-policy no-referrer-when-downgrade server Tengine etag "9be-JJU+AwfoxyOS54jrSnd/kdUU4pM" x-download-options noopen expect-ct max-age=0 content-type image/png access-control-allow-origin * cache-control public, max-age=31536000, immutable accept-ch-lifetime 60 accept-ch device-memory, dpr, viewport-width, rtt, downlink, ect, save-data timing-allow-origin * date Thu, 30 Jun 2022 05:49:13 GMT x-request-device-id 2d8bd1bb-e395-4ba1-ac04-98eec2f67c90
GET H2	200	navigation.woff2 http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/	11 KB 11 KB	78ms 66ms	Font font/woff2	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/navigation.woff2 Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/8f8131726acf28dd70ea330f6f05af7486e651de.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash 0e72d474e90e6654a9dec6ad41da4e6619069b6696c06a3776c469ec68d1844e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://zoxh.com/ Origin https://zoxh.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-amz-version-id 6bY0X8cf2d4p3k5NyCkOAUeZRMyLmVw6 content-encoding gzip x-content-type-options nosniff x-d2id 9d696d8c-048c-414b-872a-ef5a3b36b518 x-cdn a x-amz-request-id E7ZXJ97569CVK3JE x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 18 x-amz-replication-status COMPLETED content-length 10819 x-amz-id-2 ur3ETJDaQGJnmDvGkfTfjbXsUrHJQujYd5orIJQ1MCDcTMzMPzj4zCy9cVujoq1DMnUEzGeynsE= x-request-id 9d696d8c-048c-414b-872a-ef5a3b36b518 referrer-policy no-referrer-when-downgrade last-modified Thu, 18 Nov 2021 19:34:52 GMT server Tengine etag "27f855e4d56d04d5d1d6f1253333af07" vary Accept-Encoding content-type font/woff2 access-control-allow-origin * x-xss-protection 1; mode=block cache-control public, max-age=31536000, immutable accept-ranges bytes timing-allow-origin * date Thu, 30 Jun 2022 05:49:13 GMT x-request-device-id 9d696d8c-048c-414b-872a-ef5a3b36b518
GET H2	200	nr-1216.min.js Show response js-agent.newrelic.com/	38 KB 14 KB	297ms 96ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-1216.min.js Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708 Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-amz-version-id mHHzJIqOizHibcYt0xqAszRr0gQRiNYy content-encoding gzip etag "9f533d8cd24b2c5e3b4dc886ecbd43e8" x-amz-request-id XHMCMP6XEQRQNPS8 x-cache HIT cross-origin-resource-policy cross-origin content-length 14391 x-amz-id-2 2umcovIMoGm5isiTYC/0lU4bIF2M5rR7hkLWEiUKecyxVjNrT7aGF+OEW0JzjnjIXDGBvD+nKto= x-served-by cache-ewr18154-EWR last-modified Thu, 14 Apr 2022 16:45:57 GMT server AmazonS3 x-timer S1656568153.438053,VS0,VE0 date Thu, 30 Jun 2022 05:49:13 GMT vary Accept-Encoding content-type application/javascript via 1.1 varnish cache-control public, max-age=7200, stale-if-error=604800 accept-ranges bytes x-cache-hits 586
GET H2	200	vendor.cb09e3de.js Show response http2.mlstatic.com/frontend-assets/auth-login-frontend/	267 KB 72 KB	35ms 34ms	Script application/javascript	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://http2.mlstatic.com/frontend-assets/auth-login-frontend/vendor.cb09e3de.js Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash 5061f9d696e9945ee1e71f03dfccf03e8de79052ab1a3bd623f39523c9d03cd0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://zoxh.com/ Origin https://zoxh.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-amz-version-id TkLSpQpQKcwXZRsuA5NM_Om0qmqzCFVl content-encoding br x-envoy-decorator-operation prod.assets-traffic.melifrontends.com x-d2id a78c8afd-12f2-485e-aaba-258607ff2193 x-cdn a x-amz-request-id JTQJC08EHKZCAYS2 x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 663 x-amz-replication-status COMPLETED content-length 72447 x-amz-id-2 mfzuebhhdPjQOiuOX+d6p1wzszQvXQhttLbmAdvsAZQV4CgnRdawUVymTPciXjWpJZKU3ApaZdM= x-request-id a78c8afd-12f2-485e-aaba-258607ff2193 referrer-policy no-referrer-when-downgrade last-modified Tue, 12 Apr 2022 03:57:30 GMT server Tengine date Thu, 30 Jun 2022 05:49:13 GMT vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-xss-protection 1; mode=block cache-control public, max-age=31536000, immutable etag W/"617e7e3eca545d69575683eba9dc09c4" timing-allow-origin * x-content-type-options nosniff x-request-device-id a78c8afd-12f2-485e-aaba-258607ff2193
GET H2	200	not_registered.041698d2.js Show response http2.mlstatic.com/frontend-assets/auth-login-frontend/	325 KB 76 KB	71ms 71ms	Script application/javascript	23.36.163.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://http2.mlstatic.com/frontend-assets/auth-login-frontend/not_registered.041698d2.js Requested by Host: zoxh.com URL: https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.163.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-163-224.deploy.static.akamaitechnologies.com Software Tengine / Resource Hash 840b7683ed0bc8948ad003a3cb2bbe8b73220fc1b45310fb7af49dbd37d9a97d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://zoxh.com/ Origin https://zoxh.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers x-amz-version-id ReTs55sPTo251uekEkvQOhHvnyaQ.HQZ content-encoding br x-envoy-decorator-operation prod.assets-traffic.melifrontends.com x-d2id 3c062c88-5cdb-43df-8150-550950a0a638 x-cdn a x-amz-request-id 5E5MWV9RADFKEZQ8 x-amz-server-side-encryption AES256 x-envoy-upstream-service-time 1012 x-amz-replication-status COMPLETED content-length 77457 x-amz-id-2 kukEZ+Ujmy6I8srH/4cJfSS6g4gquv5Dm2Ap49LDF/A6IhiFuCK5JWBPYzG2I8/7r8A3pc6YjH0= x-request-id 3c062c88-5cdb-43df-8150-550950a0a638 referrer-policy no-referrer-when-downgrade last-modified Wed, 22 Jun 2022 19:04:34 GMT server Tengine date Thu, 30 Jun 2022 05:49:13 GMT vary Accept-Encoding content-type application/javascript access-control-allow-origin * x-xss-protection 1; mode=block cache-control public, max-age=31536000, immutable etag W/"10d2fee13239bed485841d3ffee31faf" timing-allow-origin * x-content-type-options nosniff x-request-device-id 3c062c88-5cdb-43df-8150-550950a0a638
GET H2	200	backgr_logo.png www.mercadolibre.com/jms/mla/lgz/sp/	74 B 679 B	596ms 403ms	Image image/png	13.32.99.115 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.mercadolibre.com/jms/mla/lgz/sp/backgr_logo.png?profile=https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.99.115 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-99-115.fra60.r.cloudfront.net Software Tengine / Resource Hash 01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 30 Jun 2022 05:49:13 GMT x-envoy-decorator-operation prod-web-scope.seginf-pixel.melifrontends.com x-content-type-options nosniff x-d2id ab0abe7a-5304-46af-9620-22294d86d64e x-amz-cf-pop FRA60-P3 x-cache Miss from cloudfront x-envoy-upstream-service-time 2 content-length 74 x-xss-protection 1; mode=block x-request-id ab0abe7a-5304-46af-9620-22294d86d64e referrer-policy no-referrer-when-downgrade server Tengine content-type image/png via 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront) x-amz-cf-id hfaNbde66-mJUfbSpmi_5jiLkagLdCYaVKI52zEX8F7zh1CMVrKKZg== x-request-device-id ab0abe7a-5304-46af-9620-22294d86d64e
GET H2	200	preconnect_pixel.gif registration.mercadolibre.com.ar/	43 B 702 B	441ms 307ms	Image image/gif	108.138.7.127 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://registration.mercadolibre.com.ar/preconnect_pixel.gif Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.7.127 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-7-127.fra56.r.cloudfront.net Software Tengine / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Thu, 30 Jun 2022 05:49:13 GMT via 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront) x-content-type-options nosniff x-d2id 6e0ca1e8-37b9-4e3b-808b-8607e1b9badb x-amz-cf-pop FRA56-P6 x-cache Miss from cloudfront content-length 43 x-xss-protection 1; mode=block x-request-id 6e0ca1e8-37b9-4e3b-808b-8607e1b9badb referrer-policy no-referrer-when-downgrade last-modified Mon, 28 Sep 1970 06:00:00 GMT server Tengine x-frame-options SAMEORIGIN content-type image/gif cache-control max-age=0, must-revalidate, no-store content-security-policy frame-ancestors 'self' x-amz-cf-id Rl3ujwIBEdsGztzp5TuxJM6x-eRYvjCWJjnaif03hbPlV6zCrN1YcQ== x-request-device-id 6e0ca1e8-37b9-4e3b-808b-8607e1b9badb
GET H/1.1	200 OK	NRJS-689ffbd95eae88e39ac Show response bam.nr-data.net/1/	49 B 720 B	229ms 154ms	Script text/javascript	162.247.241.14 NEWRELIC-AS-1
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-689ffbd95eae88e39ac?a=42549344&v=1216.487a282&to=YlZQYEVZC0QEV0BZV1sccUFETApaSkJdVU8aXV1AGkoAUAxHQFVKUFc%3D&rst=861&ck=1&ref=https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html&ap=6.3118&be=345&fe=548&dc=488&tt=e9b87c2f770edd2b&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1656568152636,%22n%22:0,%22f%22:0,%22dn%22:2,%22dne%22:19,%22c%22:19,%22s%22:44,%22ce%22:75,%22rq%22:75,%22rp%22:323,%22rpe%22:426,%22dl%22:327,%22di%22:488,%22ds%22:488,%22de%22:488,%22dc%22:548,%22l%22:548,%22le%22:550%7D,%22navigation%22:%7B%7D%7D&fp=484&fcp=484&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1216.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US), Reverse DNS Software cloudflare / Resource Hash dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Request headers accept-language nl-NL,nl;q=0.9 Referer https://zoxh.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Thu, 30 Jun 2022 05:49:13 GMT Content-Encoding gzip CF-Cache-Status DYNAMIC Server cloudflare Expect-CT max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Vary Accept-Encoding access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS Content-Type text/javascript Access-Control-Allow-Origin * Transfer-Encoding chunked Cross-Origin-Resource-Policy cross-origin Connection keep-alive access-control-allow-credentials true CF-Ray 72349e0febc6417e-AMS

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MercadoLibre (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| meli_ga boolean| inDapIF undefined| AUTOFILLED undefined| NOTAUTOFILLED undefined| onAutoFillStart undefined| onAnimationStart object| _0x18d4 object| __PRELOADED_STATE__ function| _perfill

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 75aadb83d367ce6e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
http2.mlstatic.com
js-agent.newrelic.com
registration.mercadolibre.com.ar
www.mercadolibre.com
zoxh.com
108.138.7.127
13.32.99.115
151.101.130.137
162.247.241.14
23.36.163.224
2a06:98c1:3121::3
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
0e72d474e90e6654a9dec6ad41da4e6619069b6696c06a3776c469ec68d1844e
5061f9d696e9945ee1e71f03dfccf03e8de79052ab1a3bd623f39523c9d03cd0
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
840b7683ed0bc8948ad003a3cb2bbe8b73220fc1b45310fb7af49dbd37d9a97d
9411ab12b8dd65ce03ea7e1c62557fc2d1eaa1d5d1493609a14a2e29b8342918
9bb769c5a9f25f8d52e9ba56881641ec0ca019da478cf2910457fdbea01fcd14
ad5770044116d111d04046d3099c4ea0139255e89aa01f2df012d4437ee9eb6d
c07f7495aa7ae402f4d5bbaa1652fc89ba73a513500c95054a88ea39aa17348b
c22b4c1d91fb99d37e988009fa5280723cb0639a18905ec7a081cf8e9c451f1c
cc3daeac9b37c8d3911af15c83cd964a9d4da831051db89c5983afb19d9edc24
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855