EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of nodeunblocker.net

Detection Info

http://nodeunblocker.net/proxy/https:/www.mercadolibre.com/jms/mlm/lgz/msl/login?logintype=explicit
Detected Brand
Mercado Libre
Country
International
Confidence
100%
HTTP Status
200
Report ID
dcc243b8-a5c…
Analyzed
2025-12-25 07:36
Final URL (after redirects)
https://nodeunblocker.net/proxy/https:/www.mercadolibre.com/jms/mlm/lgz/msl/login?logintype=explicit

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T12662C8B5B609053B316346CAF581E388609EC20CDA47B4C9D9F503F856CEEAE6C9E747
CONTENT ssdeep
192:QQ+FV4WeHUNkfMUaEWQuqwf8Sy9g8y2+z:QJHve0PUan1Avsz

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ec6c1b1b1b436764
VISUAL aHash
00fff3ffffffffff
VISUAL dHash
3816a61032000000
VISUAL wHash
0081e3c30f3fff00

Code Analysis

Risk Score 100/100
Threat Level CRITICAL
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing attack.
• Target: Mercado Libre users.
• Method: Fake login page hosted on a proxy service to steal email and password.
• Exfil: Likely a custom API or bot to capture and store credentials.
• Indicators: Domain mismatch (nodeunblocker.net vs mercadolibre.com), served through a proxy, login form.
• Risk: HIGH - Credentials stolen directly from the login form.

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Mercado Libre
https://nodeunblocker.net/proxy/https:/www.mercadolibre.com/...
Dec 29, 2025

Scan History for nodeunblocker.net

Found 8 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.