zoxh.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission: On June 30 via api from PH — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.
This is the only time zoxh.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MercadoLibre (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 23.36.163.224 23.36.163.224 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 13.32.99.115 13.32.99.115 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.138.7.127 108.138.7.127 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 162.247.241.14 162.247.241.14 | 23467 (NEWRELIC-...) (NEWRELIC-AS-1) | |
15 | 7 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-224.deploy.static.akamaitechnologies.com
http2.mlstatic.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-115.fra60.r.cloudfront.net
www.mercadolibre.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-127.fra56.r.cloudfront.net
registration.mercadolibre.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
mlstatic.com
http2.mlstatic.com — Cisco Umbrella Rank: 17564 |
191 KB |
4 |
zoxh.com
zoxh.com |
48 KB |
1 |
nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 284 |
720 B |
1 |
mercadolibre.com.ar
registration.mercadolibre.com.ar |
702 B |
1 |
mercadolibre.com
www.mercadolibre.com — Cisco Umbrella Rank: 28672 |
679 B |
1 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 412 |
14 KB |
15 | 6 |
Domain | Requested by | |
---|---|---|
6 | http2.mlstatic.com |
zoxh.com
|
4 | zoxh.com |
zoxh.com
|
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | registration.mercadolibre.com.ar | |
1 | www.mercadolibre.com | |
1 | js-agent.newrelic.com |
zoxh.com
|
15 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mercadolibre.com.ar |
ayuda.mercadolibre.com.ar |
registration.mercadolibre.com.ar |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-11 - 2023-05-11 |
a year | crt.sh |
*.mlstatic.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-29 - 2023-05-31 |
a year | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021 |
2021-10-06 - 2022-11-07 |
a year | crt.sh |
www.mercadolibre.com DigiCert SHA2 Extended Validation Server CA |
2022-02-18 - 2023-02-21 |
a year | crt.sh |
*.mercadolibre.com.ar Amazon |
2022-02-02 - 2023-03-03 |
a year | crt.sh |
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-10 - 2023-02-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/f81ea72a9e0db85271a32d4f93761424abf13ab5.html
Frame ID: E96EC3CA755AC5009CF00E723DA489E7
Requests: 14 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Mercado Libre
Search URL Search Domain Scan URL
Title: Ayuda
Search URL Search Domain Scan URL
Title: Crear cuenta
Search URL Search Domain Scan URL
Title: Cómo cuidamos tu privacidad (abrirá una nueva ventana)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
f81ea72a9e0db85271a32d4f93761424abf13ab5.html
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
114 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proximanova-light.woff2
http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/ |
14 KB 14 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proximanova-regular.woff2
http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/ |
14 KB 14 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8f8131726acf28dd70ea330f6f05af7486e651de.css
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
51 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fecf10d4ce9782fd8af371df58f264b7ff6c4762.css
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
47 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
583753866512d7d96bee77330199e7f8ed7d92ab.jpg
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
43 B 700 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo__large_plus.png
http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/mercadolibre/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.woff2
http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-1216.min.js
js-agent.newrelic.com/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.cb09e3de.js
http2.mlstatic.com/frontend-assets/auth-login-frontend/ |
267 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
not_registered.041698d2.js
http2.mlstatic.com/frontend-assets/auth-login-frontend/ |
325 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
backgr_logo.png
www.mercadolibre.com/jms/mla/lgz/sp/ |
74 B 679 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preconnect_pixel.gif
registration.mercadolibre.com.ar/ |
43 B 702 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NRJS-689ffbd95eae88e39ac
bam.nr-data.net/1/ |
49 B 720 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MercadoLibre (Consumer)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| meli_ga boolean| inDapIF undefined| AUTOFILLED undefined| NOTAUTOFILLED undefined| onAutoFillStart undefined| onAnimationStart object| _0x18d4 object| __PRELOADED_STATE__ function| _perfill1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nr-data.net/ | Name: JSESSIONID Value: 75aadb83d367ce6e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bam.nr-data.net
http2.mlstatic.com
js-agent.newrelic.com
registration.mercadolibre.com.ar
www.mercadolibre.com
zoxh.com
108.138.7.127
13.32.99.115
151.101.130.137
162.247.241.14
23.36.163.224
2a06:98c1:3121::3
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
0e72d474e90e6654a9dec6ad41da4e6619069b6696c06a3776c469ec68d1844e
5061f9d696e9945ee1e71f03dfccf03e8de79052ab1a3bd623f39523c9d03cd0
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
840b7683ed0bc8948ad003a3cb2bbe8b73220fc1b45310fb7af49dbd37d9a97d
9411ab12b8dd65ce03ea7e1c62557fc2d1eaa1d5d1493609a14a2e29b8342918
9bb769c5a9f25f8d52e9ba56881641ec0ca019da478cf2910457fdbea01fcd14
ad5770044116d111d04046d3099c4ea0139255e89aa01f2df012d4437ee9eb6d
c07f7495aa7ae402f4d5bbaa1652fc89ba73a513500c95054a88ea39aa17348b
c22b4c1d91fb99d37e988009fa5280723cb0639a18905ec7a081cf8e9c451f1c
cc3daeac9b37c8d3911af15c83cd964a9d4da831051db89c5983afb19d9edc24
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855