xtoearn.co Open in urlscan Pro
88.218.193.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://xtoearn.co/
Submission: On December 06 via api (December 6th 2022, 12:09:39 am UTC) from JP — Scanned from JP

Summary HTTP 11 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 88.218.193.18, located in Germany and belongs to XNNET, US. The main domain is xtoearn.co.

This is the only time xtoearn.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online) Amazon Japan (Online)

Domain & IP information

	IP Address	AS Autonomous System
9	88.218.193.18 88.218.193.18	6134 (XNNET) (XNNET)
2	2600:9000:213... 2600:9000:2138:2200:10:1731:ff49:ac01	16509 (AMAZON-02) (AMAZON-02)
11	2

9 88.218.193.18 (Germany)

ASN6134 (XNNET, US)
PTR: 88.218.193.18.static.xtom.com

xtoearn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2138:2200:10:1731:ff49:ac01 (United States)

ASN16509 (AMAZON-02, US)

images-cn.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	xtoearn.co xtoearn.co	281 KB
2	ssl-images-amazon.com images-cn.ssl-images-amazon.com — Cisco Umbrella Rank: 288928	32 KB
11	2

	Domain	Requested by
9	xtoearn.co	xtoearn.co
2	images-cn.ssl-images-amazon.com	xtoearn.co
11	2

This site contains links to these domains. Also see Links.

Domain
www.amazon.co.jp

Subject Issuer	Validity	Valid
images-cn.ssl-images-amazon.com Amazon	`2022-11-14` - `2023-12-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://xtoearn.co/
Frame ID: 6F2AD747C501804300FC6576F829994C
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazonサインイン

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

313 kB
Transfer

311 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.co.jp/ref=ap_frn_logo

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_cookie_error_help

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_signin_notification_condition_of_use?ie=UTF8&nodeId=643006
Title: 利用規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_signin_notification_privacy_notice?ie=UTF8&nodeId=643000
Title: プライバシー規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/ap/forgotpassword?showRememberMe=true&openid.pape.max_auth_age=0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=jpflex&openid.return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_signin&prevRID=4QE2103KANJXJ27C9VJM&openid.assoc_handle=jpflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: パスワードを忘れた場合

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/account-issues/ref=ap_login_with_otp_claim_collection?ie=UTF8
Title: その他のログインに関する問題

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/ap/register?showRememberMe=true&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_signin&prevRID=4QE2103KANJXJ27C9VJM&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=jpflex&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Amazonアカウントを作成する

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_desktop_footer_cou?ie=UTF8&nodeId=643006
Title: 利用規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_desktop_footer_privacy_notice?ie=UTF8&nodeId=643000
Title: プライバシー規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/help
Title: ヘルプ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response xtoearn.co/	12 KB 12 KB	113ms 57ms	Document text/html	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/ Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `e3d30b93b0b9757b01d125acc45068aa1d8cc252098fed70bb5545d797080a6f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Connection keep-alive Content-Length 12176 Content-Type text/html
GET H/1.1	200 OK	61Tlxk0K9QL._RC_11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31GjtQRomzL.css_.css xtoearn.co/static/file_pc/index_files/	131 KB 131 KB	117ms 63ms	Stylesheet text/css	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/file_pc/index_files/61Tlxk0K9QL._RC_11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31GjtQRomzL.css_.css Requested by Host: xtoearn.co URL: http://xtoearn.co/ Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `f8398641cd3b832deaf47e23bd07e052e17bcaad4fdfa60ab9d674741df81b9f` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 133768 Content-Type text/css
GET H/1.1	200 OK	01SdjaY0ZsL._RC_31jdWD+JB+L.css,41CoXfMtudL.css_.css xtoearn.co/static/file_pc/index_files/	36 KB 36 KB	118ms 62ms	Stylesheet text/css	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/file_pc/index_files/01SdjaY0ZsL._RC_31jdWD+JB+L.css,41CoXfMtudL.css_.css Requested by Host: xtoearn.co URL: http://xtoearn.co/ Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `d677760fa69d216fe4dafd1a4548587e1b482f74b34f08e57085796d2187fd3d` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 36584 Content-Type text/css
GET H/1.1	200 OK	11JNAJswl5L.css xtoearn.co/static/file_pc/index_files/	2 KB 3 KB	115ms 59ms	Stylesheet text/css	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/file_pc/index_files/11JNAJswl5L.css Requested by Host: xtoearn.co URL: http://xtoearn.co/ Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `e0d431809e06e686cfe3bd266b39e35964eaa28507eff4751f9fb99717854e72` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 2537 Content-Type text/css
GET H/1.1	200 OK	main.js Show response xtoearn.co/static/main/	3 KB 3 KB	118ms 63ms	Script application/x-javascript	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/main/main.js Requested by Host: xtoearn.co URL: http://xtoearn.co/ Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `7774ec42f1109d7dd18222b1b97839c964a786112ff76da2652dc74402b1c19c` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 3060 Content-Type application/x-javascript
GET H/1.1	200 OK	loading.css xtoearn.co/static/main/	2 KB 2 KB	59ms 57ms	Stylesheet text/css	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/main/loading.css Requested by Host: xtoearn.co URL: http://xtoearn.co/static/main/main.js Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `5b2e0604209e9726a0ae78837a04455dda0a6b53ccb4a88deed788ddeb553ab7` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 1576 Content-Type text/css
GET H/1.1	200 OK	jquery-1.9.1.min.js Show response xtoearn.co/static/main/	90 KB 91 KB	60ms 57ms	Script application/x-javascript	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/main/jquery-1.9.1.min.js Requested by Host: xtoearn.co URL: http://xtoearn.co/static/main/main.js Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 92629 Content-Type application/x-javascript
GET H/1.1	200 OK	loading.js Show response xtoearn.co/static/main/	1 KB 2 KB	61ms 60ms	Script application/x-javascript	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/main/loading.js Requested by Host: xtoearn.co URL: http://xtoearn.co/static/main/main.js Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `e8badccc3c42bb234fc7db5ddc5487307a795faf01dee904ea439823becc4ad5` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 1503 Content-Type application/x-javascript
GET H/1.1	200 OK	jquery.cookie.js Show response xtoearn.co/static/main/	3 KB 3 KB	62ms 61ms	Script application/x-javascript	88.218.193.18 XNNET
General Check archive.org Show headers Download Go to Full URL http://xtoearn.co/static/main/jquery.cookie.js Requested by Host: xtoearn.co URL: http://xtoearn.co/static/main/main.js Protocol HTTP/1.1 Server 88.218.193.18 , Germany, ASN6134 (XNNET, US), Reverse DNS 88.218.193.18.static.xtom.com Software / Resource Hash `b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers Connection keep-alive Content-Length 3121 Content-Type application/x-javascript
GET H2	200	mPGmT0r6IeTyIee.png images-cn.ssl-images-amazon.com/images/S/sash/	27 KB 28 KB	35ms 3ms	Image image/png	2600:9000:2138:2200:10:1731:ff49:ac01 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://images-cn.ssl-images-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png Requested by Host: xtoearn.co URL: http://xtoearn.co/static/file_pc/index_files/61Tlxk0K9QL._RC_11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31GjtQRomzL.css_.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2138:2200:10:1731:ff49:ac01 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Wed, 09 Nov 2022 03:46:48 GMT via 1.1 b4fb3cede6d11b735dc8f5d78841f470.cloudfront.net (CloudFront) x-amz-cf-pop NRT12-C2 age 2319767 edge-cache-tag x-cache-394,/images/S/sash/mPGmT0r6IeTyIee x-cache Hit from cloudfront x-nginx-cache-status HIT content-length 27972 surrogate-key x-cache-394 /images/S/sash/mPGmT0r6IeTyIee last-modified Tue, 17 Nov 2020 23:31:33 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 64fea2ed-7cc1-47c1-a285-3244cce89a0d timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id 3e4AQ7YlSgIkZ0yBTB91Oic2z_8lD0R9VdiTBajO0tPOpp9Gr1e8Qw== expires Sun, 02 Nov 2042 03:00:24 GMT
GET H2	200	EYzhM86N6ZcDPtA.png images-cn.ssl-images-amazon.com/images/S/sash/	4 KB 4 KB	37ms 5ms	Image image/png	2600:9000:2138:2200:10:1731:ff49:ac01 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://images-cn.ssl-images-amazon.com/images/S/sash/EYzhM86N6ZcDPtA.png Requested by Host: xtoearn.co URL: http://xtoearn.co/static/file_pc/index_files/61Tlxk0K9QL._RC_11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31GjtQRomzL.css_.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2138:2200:10:1731:ff49:ac01 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483` Request headers accept-language jp-JP,jp;q=0.9 Referer http://xtoearn.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36 Response headers date Thu, 10 Nov 2022 13:01:35 GMT via 1.1 b4fb3cede6d11b735dc8f5d78841f470.cloudfront.net (CloudFront) x-amz-cf-pop NRT12-C2 age 2200080 edge-cache-tag x-cache-741,/images/S/sash/EYzhM86N6ZcDPtA x-cache Hit from cloudfront x-nginx-cache-status HIT content-length 3589 surrogate-key x-cache-741 /images/S/sash/EYzhM86N6ZcDPtA last-modified Tue, 17 Nov 2020 23:31:29 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 8a1663f1-b85d-4779-8495-08275354e8b2 accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id 1s92jH4sLbIoUWW6CJB2wVAb4Ah0VUhIEHCNG74sfxp_JtRJZZjM9A== expires Tue, 04 Nov 2042 13:16:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Amazon Japan (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xtoearn.co/	1969-12-31 23:59:59	Name: Token_ID Value: 583084030508883827

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images-cn.ssl-images-amazon.com
xtoearn.co
2600:9000:2138:2200:10:1731:ff49:ac01
88.218.193.18
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
5b2e0604209e9726a0ae78837a04455dda0a6b53ccb4a88deed788ddeb553ab7
7774ec42f1109d7dd18222b1b97839c964a786112ff76da2652dc74402b1c19c
a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d677760fa69d216fe4dafd1a4548587e1b482f74b34f08e57085796d2187fd3d
e0d431809e06e686cfe3bd266b39e35964eaa28507eff4751f9fb99717854e72
e3d30b93b0b9757b01d125acc45068aa1d8cc252098fed70bb5545d797080a6f
e8badccc3c42bb234fc7db5ddc5487307a795faf01dee904ea439823becc4ad5
f8398641cd3b832deaf47e23bd07e052e17bcaad4fdfa60ab9d674741df81b9f

xtoearn.co Open in urlscan Pro 88.218.193.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

18 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

313 kBTransfer

311 kBSize

1 Cookies

10 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

xtoearn.co Open in urlscan Pro
88.218.193.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

18 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

313 kB
Transfer

311 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!