Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://listado.mercadolibre.com.uy/inmuebles/alquiler/_DisplayType_M_OrderId_PRICE_PriceRange_0UYU-25000UYU_NoIndex_True_item*location_lat:-34.88855955951541*-34.84334775923067
Detected Brand
MercadoLibre
Country
International
Confianza
100%
HTTP Status
200
Report ID
c051cefc-80d…
Analyzed
2026-02-17 07:20
Final URL (after redirects)
https://www.mercadolibre.com.uy/gz/account-verification?go=https%3A%2F%2Flistado.mercadolibre.com.uy%2Finmuebles%2Falquiler%2F_DisplayType_M_OrderId_PRICE_PriceRange_0UYU-25000UYU_NoIndex_True_item%2Alocation_lat%3A-34.88855955951541%2A-34.84334775923067&tid=c99d75f7-e1f4-4568-a3bc-df432c3868be
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1525177D22A169D3E3FB346DAF191BB9471D291CEC8903844E94607F601CADE4D98E30F |
|
CONTENT
ssdeep
|
48:BNgvT8xlM8CVqlM8Obl9+z3N/NW0wVWQr4RudXcv2k8oubcc4n3rIj3:M6aVeiAz3VI0wVWdAXs2k8lcf3rIj3 |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a627218d8d8d3737 |
|
VISUAL
aHash
|
000024ffffffffff |
|
VISUAL
dHash
|
8c2849320c000000 |
|
VISUAL
wHash
|
000000fbf0f0f0f0 |
|
VISUAL
colorHash
|
07e00000000 |
|
VISUAL
cropResistant
|
8c2849320c000000 |
Análisis de Código
Risk Score
79/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de MercadoLibre
• Método: Suplantación
• Exfil: Desconocido
• Indicadores: Dominio sospechoso, imitación de marca, ofuscación.
• Riesgo: Alto
🔒 Obfuscation Detected
- atob
- unescape
- base64_strings
🎯 Kit Endpoints
- https://www.fontspring.com
- https://www.mercadolibre.com.uy/registration?confirmation_url=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/started.js&registrationType=negative_traffic
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-semibold.woff2
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-semibold.woff
- https://www.mercadolibre.com.uy/registration?confirmation_url=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/ready.js&registrationType=negative_traffic
- https://api.mercadolibre.com/tracks/internal_admin
- https://o11y-proxy-otel-frontend.meli.com
- https://http2.mlstatic.com/frontend-assets/web-monitoring/1.4.0-alpha.11/agent.min.js
- https://www.mercadolibre.com.uy/registration?confirmation_url=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/client-events/dist/iife/init.js&registrationType=negative_traffic
- https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/client-events/dist/iife/init.js
- https://events.mercadolibre.com/dom
- http://custom.transaction
- https://www.mercadolibre.com.uy/privacy-preferences/cookies
- https://www.mercadolibre.com/jms/mlu/lgz/login?platform_id=ml&go=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/client-events/dist/iife/init.js&loginType=negative_traffic
- https://melidata.
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-light.woff2
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-regular.woff2
- https://http2.mlstatic.com/frontend-assets/web-monitoring/1.4.0-alpha.11/${this.featureName}.min.js`,wm_c.type=
- https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/started.js
- https://api.mercadolibre.com/pixel.gif
- https://http2.mlstatic.com/storage/melidata-js-sdk/js/3/0.7.2/melidata.min.js
- https://melidata.adminml.com/tracks
- https://mercadolibre.com
- https://http2.mlstatic.com
- https://www.mercadolibre.com/jms/mlu/lgz/login?platform_id=ml&go=https://listado.mercadolibre.com.uy/inmuebles/alquiler/_DisplayType_M_OrderId_PRICE_PriceRange_0UYU-25000UYU_NoIndex_True_item*location_lat:-34.88855955951541*-34.84334775923067&loginType=negative_traffic
- https://http2.mlstatic.com/frontend-assets/ui-navigation/5.21.22/mercadolibre/[email protected]
- https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/ready.js
- https://js-agent.newrelic.com/
- https://www.mercadolibre.com.uy/v3/security.js
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-regular.woff
- https://http2.mlstatic.com/ui/webfonts/v3.0.0/proxima-nova/proximanova-light.woff
- https://www.mercadolibre.com/jms/mlu/lgz/login?platform_id=ml&go=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/ready.js&loginType=negative_traffic
- https://www.mercadolibre.com/jms/mlu/lgz/login?platform_id=ml&go=https://listado.mercadolibre.com.uy/inmuebles/alquiler/@nordic/page-lifecycle/dist/iife/started.js&loginType=negative_traffic
📡 API Calls Detected
- PUT
- inPrivate
- POST
📊 Desglose de Puntuación de Riesgo
Total Risk Score
95/100
Contributing Factors
Suspicious Domain
The domain is not the official MercadoLibre domain.
Impersonation
The site mimics the design and function of a MercadoLibre login page.
Obfuscation
Javascript Obfuscation detected.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
MercadoLibre users (International)
Método de Ataque
Brand impersonation + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 8 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
MercadoLibre
Official Website
https://www.mercadolibre.com.uy/
Fake Service
Login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker attempts to steal user credentials by creating a fake login page that mimics the appearance of the MercadoLibre login.
🌐 Indicadores de Compromiso de Infraestructura
🦠 Malicious Files
Main File
melidata.min.js
File Size
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
785,7 KB
🔗 API Endpoints Detected
Other
38
🔐 Obfuscation Detected
- : Light
- : Light
- : Light
- : Light
- : Light
🤖 AI-Extracted Threat Intelligence
🎯 Malicious Files Identified
Main Drainer
melidata.min.jsFile Size
786KB
Scan History for listado.mercadolibre.com.uy
Found 10 other scans for this domain
-
https://www.mercadolibre.com.uy/gz/account-verific...
http://listado.mercadolibre.com.uy/otras-categoria...
https://listado.mercadolibre.com.uy/pagina/sticker...
https://listado.mercadolibre.com.uy/otras-categori...
https://listado.mercadolibre.com.uy/inmuebles/apar...
https://listado.mercadolibre.com.uy/inmuebles/alqu...
https://listado.mercadolibre.com.uy/inmuebles/alqu...
https://listado.mercadolibre.com.uy/inmuebles/alqu...
https://listado.mercadolibre.com.uy/inmuebles/alqu...
https://listado.mercadolibre.com.uy/inmuebles/alqu...
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.