![](/screenshots/94f43840-be6d-4098-8e6c-a1a7d1cc4c46.png)
zoxh.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Submission: On June 28 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.
This is the only time zoxh.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MercadoLibre (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 95.101.20.42 95.101.20.42 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::2003 | 15169 (GOOGLE) (GOOGLE) | |
5 | 143.204.89.80 143.204.89.80 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200d | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 143.204.89.46 143.204.89.46 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 162.247.241.14 162.247.241.14 | 23467 (NEWRELIC-...) (NEWRELIC-AS-1) | |
3 | 2a00:1450:400... 2a00:1450:4001:813::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 143.204.89.53 143.204.89.53 | 16509 (AMAZON-02) (AMAZON-02) | |
24 | 10 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-20-42.deploy.static.akamaitechnologies.com
http2.mlstatic.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-80.fra50.r.cloudfront.net
www.mercadolibre.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-46.fra50.r.cloudfront.net
www.mercadolivre.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-53.fra50.r.cloudfront.net
registration.mercadolibre.com.ar |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
mlstatic.com
http2.mlstatic.com — Cisco Umbrella Rank: 17564 |
218 KB |
5 |
mercadolibre.com
www.mercadolibre.com — Cisco Umbrella Rank: 28672 |
7 KB |
3 |
gstatic.com
www.gstatic.com |
313 KB |
3 |
zoxh.com
zoxh.com |
65 KB |
2 |
recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1898 |
2 KB |
1 |
mercadolibre.com.ar
registration.mercadolibre.com.ar |
702 B |
1 |
nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 284 |
725 B |
1 |
mercadolivre.com
www.mercadolivre.com — Cisco Umbrella Rank: 87925 |
814 B |
1 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 412 |
14 KB |
1 |
google.com
accounts.google.com — Cisco Umbrella Rank: 116 |
|
24 | 10 |
Domain | Requested by | |
---|---|---|
6 | http2.mlstatic.com |
zoxh.com
|
5 | www.mercadolibre.com |
zoxh.com
www.mercadolibre.com |
3 | www.gstatic.com |
www.recaptcha.net
|
3 | zoxh.com |
zoxh.com
|
2 | www.recaptcha.net |
zoxh.com
www.gstatic.com |
1 | registration.mercadolibre.com.ar | |
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | www.mercadolivre.com | |
1 | js-agent.newrelic.com |
zoxh.com
|
1 | accounts.google.com |
zoxh.com
|
24 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mercadolibre.com.ar |
ayuda.mercadolibre.com.ar |
registration.mercadolibre.com.ar |
policies.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-11 - 2023-05-11 |
a year | crt.sh |
*.mlstatic.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-05-29 - 2023-05-31 |
a year | crt.sh |
misc.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
www.mercadolibre.com DigiCert SHA2 Extended Validation Server CA |
2022-02-18 - 2023-02-21 |
a year | crt.sh |
accounts.google.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021 |
2021-10-06 - 2022-11-07 |
a year | crt.sh |
www.mercadolivre.com DigiCert SHA2 Extended Validation Server CA |
2022-02-18 - 2023-02-21 |
a year | crt.sh |
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-10 - 2023-02-10 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
*.mercadolibre.com.ar Amazon |
2022-02-02 - 2023-03-03 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/b2f21e09de8f89e4163a7162fd5a78abaa0ddcfa.html
Frame ID: 4C87D16901704FE2A074A0C84FB5889F
Requests: 19 HTTP requests in this frame
Frame:
https://www.mercadolibre.com/jms/lgz/background?dps=armor.ccd66281021f82e365441d85714c379b208a44c75d0a9e6ab6d3463f576617d209b9e31875f5b059985d9652470e6a7eb37c52aed6973c4750e66a55cbe3ad68cf560a8000d5ef947abfaadca42d4c98.494c839d1f8c4efeeefba39b1551e2a7
Frame ID: 1DC018841AC5A8DE0FD9FEEF7AA13E1C
Requests: 2 HTTP requests in this frame
Frame:
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeetcMeAAAAAHBLMG_uCF4A7QLR8ZHg8u4ulR5z&co=aHR0cHM6Ly96b3hoLmNvbTo0NDM.&hl=es-419&v=4rwLQsl5N_ccppoTAwwwMrEN&size=invisible&cb=mgd3zp7baiqj
Frame ID: C1780D11FA232FA748FA75F344BE0966
Requests: 3 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Title: Mercado Libre
Search URL Search Domain Scan URL
Title: Ayuda
Search URL Search Domain Scan URL
Title: Crear cuenta
Search URL Search Domain Scan URL
Title: Necesito ayuda para ingresar
Search URL Search Domain Scan URL
Title: Privacidad
Search URL Search Domain Scan URL
Title: Condiciones
Search URL Search Domain Scan URL
Title: Cómo cuidamos tu privacidad (abrirá una nueva ventana)
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
b2f21e09de8f89e4163a7162fd5a78abaa0ddcfa.html
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
201 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proximanova-light.woff2
http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proximanova-regular.woff2
http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
enterprise.js
www.recaptcha.net/recaptcha/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8f8131726acf28dd70ea330f6f05af7486e651de.css
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
51 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fecf10d4ce9782fd8af371df58f264b7ff6c4762.css
zoxh.com/web/bupxbubu/pxqt/mercadolibre.com.ar/html/ |
47 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo__large_plus.png
http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/mercadolibre/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.woff2
http2.mlstatic.com/frontend-assets/ui-navigation/5.18.1/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
etid
www.mercadolibre.com/jms/lgz/background/ |
0 738 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ServiceLogin
accounts.google.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-1216.min.js
js-agent.newrelic.com/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
armor.ccd66281021f82e365441d85714c379b208a44c75d0a9e6ab6d3463f576617d209b9e31875f5b059985d9652470e6a7eb37c52aed6973c4750e66a55cbe3ad68cf560a8000d5ef947abfaadca42d4c98.494c839d1f8c4efeeefba39b1551e2a7
www.mercadolivre.com/jms/mlb/lgz/background/session/ |
78 B 814 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
armor.ccd66281021f82e365441d85714c379b208a44c75d0a9e6ab6d3463f576617d209b9e31875f5b059985d9652470e6a7eb37c52aed6973c4750e66a55cbe3ad68cf560a8000d5ef947abfaadca42d4c98.494c839d1f8c4efeeefba39b1551e2a7
www.mercadolibre.com/jms/lgz/background/session/ |
78 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background
www.mercadolibre.com/jms/lgz/ Frame 1DC0 |
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.cb09e3de.js
http2.mlstatic.com/frontend-assets/auth-login-frontend/ |
267 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email_nickname.e4eb3df5.js
http2.mlstatic.com/frontend-assets/auth-login-frontend/ |
471 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
backgr_logo.png
www.mercadolibre.com/jms/mla/lgz/sp/ |
74 B 681 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NRJS-689ffbd95eae88e39ac
bam.nr-data.net/1/ |
49 B 725 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__es_419.js
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ |
366 KB 145 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preconnect_pixel.gif
registration.mercadolibre.com.ar/ |
43 B 702 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsonp
www.mercadolibre.com/jms/lgz/background/session/armor.ccd66281021f82e365441d85714c379b208a44c75d0a9e6ab6d3463f576617d209b9e31875f5b059985d9652470e6a7eb37c52aed6973c4750e66a55cbe3ad68cf560a8000d5ef9... Frame 1DC0 |
21 B 767 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame C178 |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame C178 |
51 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__es_419.js
www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/ Frame C178 |
366 KB 144 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MercadoLibre (Consumer)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| NREUM object| newrelic function| __nr_require string| GoogleAnalyticsObject function| meli_ga boolean| inDapIF function| detectWebcam function| getEtag function| getUrlEtag function| c function| isPrivateMode function| t function| x function| createIframe function| getSrcIframe function| getLiteralColors function| getTimeBasedFp function| getModesArray function| getModesMatrix string| mlbp_etag object| mlbp_login_detection object| x64h object| mlbp object| armor.ccd66281021f82e365441d85714c379b208a44c75d0a9e6ab6d3463f576617d209b9e31875f5b059985d9652470e6a7eb37c52aed6973c4750e66a55cbe3ad68cf560a8000d5ef947abfaadca42d4c98.494c839d1f8c4efeeefba39b1551e2a7 string| mlbp_literal_colors string| mode number| mlbp_time_based_fp undefined| AUTOFILLED undefined| NOTAUTOFILLED undefined| onAutoFillStart undefined| onAnimationStart function| melidata object| _0x18d4 boolean| mlbp_incognito boolean| mlbp_webcam object| dp string| msg object| __PRELOADED_STATE__ function| onloadCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| _perfill object| recaptcha object| closure_lm_38753 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nr-data.net/ | Name: JSESSIONID Value: 8c4d99c676658b99 |
|
.mercadolibre.com/ | Name: dsid Value: 34894533-45bf-4ab9-8c29-732e0e1bc8f8-1656423019185 |
|
.mercadolibre.com/ | Name: edsid Value: b0198524-da6c-4508-b233-722483c6f0db-1656423019185 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
bam.nr-data.net
http2.mlstatic.com
js-agent.newrelic.com
registration.mercadolibre.com.ar
www.gstatic.com
www.mercadolibre.com
www.mercadolivre.com
www.recaptcha.net
zoxh.com
143.204.89.46
143.204.89.53
143.204.89.80
151.101.130.137
162.247.241.14
2a00:1450:4001:80f::200d
2a00:1450:4001:810::2003
2a00:1450:4001:813::2003
2a06:98c1:3120::3
95.101.20.42
01b58ddb2f86a768f91751b62f25395417f6cf526191a4aefc1ebe4f8beacdcb
05c98c98552c3fcb60ec4f6970faacd70257bbf579763aac5bc54051b65c7f93
0e72d474e90e6654a9dec6ad41da4e6619069b6696c06a3776c469ec68d1844e
1a5bb92d3a4f3d6c5260b0cebc7fd5fc9da5afc7dbba4716771abbb64922fcce
1be8d20212e558b03175d97e31f623cc653fc9a1a44971ea49bb4d7df6ace4c3
29762488a177113ae02732674f74c3bfc0b821f37c00b55fe9a93c331e3750c9
48faab2780cd9f1cc56015acf9b8e4f7240f8798fa2826f214aed2b4c4020057
4abde68cc3ebcb8653668a78058b74a9a67cc03fa87b142616b4041e4f0971e1
5061f9d696e9945ee1e71f03dfccf03e8de79052ab1a3bd623f39523c9d03cd0
5a3e215565daff6ca6716a7faa5da242a0ea55c7aaebad1380ccdea8f70db17f
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
9411ab12b8dd65ce03ea7e1c62557fc2d1eaa1d5d1493609a14a2e29b8342918
9bb769c5a9f25f8d52e9ba56881641ec0ca019da478cf2910457fdbea01fcd14
a71c05becdfaa61f2a749b2bebea308096fd8a0c757bcce86e6b4976429964da
ad5770044116d111d04046d3099c4ea0139255e89aa01f2df012d4437ee9eb6d
c07f7495aa7ae402f4d5bbaa1652fc89ba73a513500c95054a88ea39aa17348b
c22b4c1d91fb99d37e988009fa5280723cb0639a18905ec7a081cf8e9c451f1c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48