https://623dj10.top/
143.109.37.194
Los Angeles, United States
1 day ⚠
200 · 20.7s
Valid· YR1, Let's Encrypt, US
COMPLETED
No KB/IOK detections were recorded for this scan.
ecommerce | technology | finance | other · 7/19/2026
The page at 623dj10.top presents a generic SPA-like landing with Chinese text and multiple off-domain resource requests. The page title 心跳的感觉 and the visual screenshot show adult-oriented imagery, but there is no clear indication of a recognized brand impersonation from the visible HTML or network signals. There are off-domain POSTs to external endpoints and a large set of external scripts, suggesting possible data collection or redirection, but there is no definitive credential-collection form observed in static HTML. The SSL cert is newly issued for a .top domain, and the domain itself is extremely young (1 day), which increases risk but does not by itself prove phishing beyond the current indicators.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 28
Hosts: 4
Domains: 4
Suspicious Endpoints
hxxps://95[.]40[.]3[.]20:57895/instatll?tag=Junnm
Off-Domain Posts
hxxps://95[.]40[.]3[.]20:57895/instatll?tag=Junnm
The scan shows a newly registered, top-level domain hosting a SPA with multiple external resources and two outbound POST requests to external endpoints, including a suspicious form of data submission. The page contains no static login form in the HTML, but the SPA structure and dynamic assets imply potential credential collection via JavaScript when rendered. The combination of a brand-ambiguous title in Chinese, adult-themed imagery in the screenshot, and off-domain data exfiltration endpoints constitutes suspicious activity warranting monitoring and precautionary action. Given the lack of a clear first-party brand impersonation in the evidence, this should be considered suspicious abuse activity with potential credential capture risk rather than a confirmed impersonation phishing page. Monitor and analyze server-side behavior and consider blocking or suspending if additional evidence of credential harvesting or malware delivery surfaces.
Monitor