xxrphoto.com
Open in
urlscan Pro
43.163.216.217
Malicious Activity!
Public Scan
Effective URL: https://xxrphoto.com/tokenszz886/
Submission Tags: phishing amazon Search All
Submission: On July 11 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R11 on July 11th 2024. Valid for: 3 months.
This is the only time xxrphoto.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon Japan (Online) Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.181.224 172.67.181.224 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 28 | 43.163.216.217 43.163.216.217 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
27 | 2 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
xxrphoto.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
xxrphoto.com
1 redirects
xxrphoto.com |
328 KB |
1 |
ezjili.club
1 redirects
87.ezjili.club |
494 B |
27 | 2 |
Domain | Requested by | |
---|---|---|
28 | xxrphoto.com |
1 redirects
xxrphoto.com
|
1 | 87.ezjili.club | 1 redirects |
27 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
shenmeite.com R11 |
2024-07-11 - 2024-10-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://xxrphoto.com/tokenszz886/
Frame ID: 66BDE946379A2701F6E3898B0576A40C
Requests: 28 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://87.ezjili.club/7856
HTTP 301
https://xxrphoto.com/tokenszz886 HTTP 302
https://xxrphoto.com/tokenszz886/ Page URL
Detected technologies
Socket.io (JavaScript Frameworks) ExpandDetected patterns
- socket\.io.*\.js
Vue.js (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://87.ezjili.club/7856
HTTP 301
https://xxrphoto.com/tokenszz886 HTTP 302
https://xxrphoto.com/tokenszz886/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
xxrphoto.com/tokenszz886/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-f92e3725.js
xxrphoto.com/tokenszz886/assets/ |
164 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f6170fbbbzfMi.css
xxrphoto.com/tokenszz886/assets/ |
952 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2ad8bb9aYidjP.js
xxrphoto.com/tokenszz886/assets/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
99b15e6fYidjP.js
xxrphoto.com/tokenszz886/assets/ |
29 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
00e2dfd7bzfMi.css
xxrphoto.com/tokenszz886/assets/ |
256 B 583 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
xxrphoto.com/ |
65 KB 65 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
785a3b45YidjP.js
xxrphoto.com/tokenszz886/assets/ |
112 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adbb12e3YidjP.js
xxrphoto.com/tokenszz886/assets/ |
103 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
09bf01f8YidjP.js
xxrphoto.com/tokenszz886/assets/ |
987 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
edff4021YidjP.js
xxrphoto.com/tokenszz886/assets/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2fa353d8YidjP.js
xxrphoto.com/tokenszz886/assets/ |
21 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
xxrphoto.com/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
U2FsdGVkX18feHq7OCPAZXLgLXclW8AQYhIicYkY
xxrphoto.com/api/ |
484 B 802 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
xxrphoto.com/socket.io/ |
118 B 339 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
U2FsdGVkX1%7CInx%2B6Ylsgkrw1TWBB86XhWXKnVNtIMNoG
xxrphoto.com/api/ |
24 B 261 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
xxrphoto.com/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
xxrphoto.com/socket.io/ |
32 B 252 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e37448f8YidjP.js
xxrphoto.com/tokenszz886/assets/ |
98 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e9841a77bzfMi.css
xxrphoto.com/tokenszz886/assets/ |
389 B 716 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
xxrphoto.com/socket.io/ |
133 B 354 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
xxrphoto.com/socket.io/ |
2 B 205 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
xxrphoto.com/socket.io/ |
98 B 318 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
U2FsdGVkX1%2BqSCctRQ7ivxnyiUXeud2EBn4IbzEs
xxrphoto.com/api/ |
28 B 265 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet_0.css
xxrphoto.com/pc/loginPage/ |
50 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylesheet_0.css
xxrphoto.com/pc/addressPage/ |
89 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.png
xxrphoto.com/pc/loginPage/images/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon Japan (Online) Amazon (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| IMask boolean| __vite_is_modern_browser boolean| __VUE__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
87.ezjili.club
xxrphoto.com
172.67.181.224
43.163.216.217
00e2dfd740f73781fabff7c8000a6dc3999638837396919507297de0154b09f2
09a8962b4eb71ed524c2b1b2efeba84d97c320ea2824ea23d36467fbca3a7078
0f61fda0a5e2d9c64cf878cf411d0f1be0ae8dc04270473d830cbb9db1a6f4b7
156a70a97bb33620c7b187a454cb85dd1cc952c43af5f93c0236b4149fd9857d
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09
1d11f8a9a90efd3ad98f877db4c67e2c06182d3e66f2a1c8f6711c27084c422e
25139cead6d8c86d40c7ace6dfa545d7bb4a4b6eca3eca58699aef2c8e7e185c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2aa6d2e976a625f8b23221e04ec13fb1288b0f524a9458365ad4a062fff1b465
334353cae9ad8253eedab15c693c9ce7c6562518394cd8381e88bf337e7d195c
38f05d9134e3270f538b45e58676ab29317c2c4e9746d0338d30ec2e8565b1ec
7b176c6ae8b86c7f643c303eab6c9a2b0195dbf73ce8aa6fa4885ec91872e64e
7baf70db6a2666a4de1814aa50486081330dbfdd8bc2e963068b7d6c36d0bcf0
90757593670d835ae93cfed95170f1455de3a750451dd21716c669828f86279a
9ab72ed51615f77d126eb7458672f9138ac67a28ec5d7e1a7e1804d3ac357174
a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483
a75dd9dbb839047dff4d49527f40be3fb82dec9fee73cf3204569452bb89f6c1
b21b2536b8b09e0f0749ddb2f1437c7aadfdee87666f81e1547bfb835e970201
c312d0fc2706fd4d28dd037fd2e3fab7059f91f774cdff021ea21d28ae6fd2a4
ca01085144e98baa3d8d56a789e2fe9ffaee08647941ada1c8c1431ca5b3f017
cce11c240133d917a0e2a6d9be15f96c13272b0882ffe4f3b5b065bf8a18fccb
d451d1a27841a7bf3cdbfaf704fe7e8972f261d0ddbe3d107bfb97f0d75e01a8
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d
e9841a77f4566e799dbcc67059041cd351a5cdb626be21b2db57b8c0ad660021
f3e97d48082d53e3795456c7045988c7e48161060ff23acdda8bdf7e5e7f229e
f4b3c9cf1ba615b1a2feb4d4e781b874b073da0c6713cff0d404afcf57e1a4a4
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911