Extension Auditor
Extension Auditor
Sign Up
Alipic.net

Alipic.net

ID: inkcdjgkcedgknlajfdjeenkajamepad

Supported Languages

🇺🇸English

Extension Info & Metadata

Status
Active
Version
3.2.1
Size
0.03 MB
Rating
3.0/5
Reviews
2
Users
61
Type
Extension
Updated
May 27, 2022
Category
Lifestyle Shopping
Price
Free
Featured
No
Visibility
Unlisted
Mature
Yes
By Google
No
Trusted
No
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Author
http://alipic.net/View Profile
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Website
Visit
Total Extensions
1
Active
1
Obsolete
0
Listed
0
Unlisted
1
Total Users
61
Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4
Screenshot 5

Проверка качества товаров на АлиЭкспресс

alipic.net - a set of tools for convenient shopping on aliexpress. Functions for to evaluate products: - check photos from buyers - assessment of sales and profitability of goods - sales statistics by country - reviews statistics - product quality rating Functions for evaluating sellers: - seller rating - delivery rating - rating of seller responses to complaints and other questions Additional functions: - top 100 sellers by income - top 100 sales items - top photos from reviews of women's products - top products in 16 countries - Coupons and discounts for all categories

Item
Type
Severity
Description
cookies
Permission
High
This permission provides full access to read and modify browser cookies. Rated High because it can steal session tokens, modify authentication cookies, and compromise accounts across websites.
Contextual Risk Factors
Risk Factor
High
The following context increases the overall risk:• 15% increase: Older manifest version lacks modern security controls
tabs
Permission
Medium
This permission enables tab management and monitoring. Rated Medium because it can track open tabs, access tab metadata, and monitor user browsing patterns.
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
Older Manifest Version
Risk Factor
Medium
This extension uses Manifest Version 2
*://coupons.alipic.net/*
Permission
Unknown
No classification available for this permission.
*://alipic.net/*
Permission
Unknown
No classification available for this permission.

Every AliExpress product page visit is silently intercepted and the user's browser is redirected through the developer's affiliate tracking URL before landing back on the product page. The guard on 'RZBEUzr' (line 16) confirms this is intentional design, not incidental code. This covertly earns the developer affiliate commissions on all user purchases and overwrites any legitimate referrer attribution, with no disclosure to the user anywhere in the extension listing or description.

content.js (Line 6)
a = "http://s.click.aliexpress.com/deep_link.htm?aff_short_key=RZBEUzr&dl_target_url=";b = window.location.href;var url = window.location.href.split('?')[0];c = "?af=alipic&cn=rt";t = b.indexOf('RZBEUzr');// ... subdomain exclusion checks ...if (k === 0 && t === -1) {  var tt1 = url.indexOf('aliexpress');  console.log('tt1=' + tt1);  if (tt1 > 0) {    window.location = a + url + c;  }}

By severity

Critical0
High1
Medium0
Low0

Versions scanned

None of the 1 scanned version has more than one unique code-review finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
No versions with multiple unique findings.

Files with findings

1 distinct path — top paths by unique finding count:

  • content.js1
S.No.
Category
Severity
File
Summary
Found in Version
1Tracking
high
content.js (line 6)Every AliExpress product page visit is silently intercepted and the user's browser is redirected through the developer's affiliate tracking URL before landing back on the product page. The guard on 'RZBEUzr' (line 16)…
3.2.1
URLs
12
IPv4
0
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
alipic.net-http://alipic.net/?site=ali_exp_img&url=
coupons.alipic.net/index_includes.phphttp://coupons.alipic.net/index_includes.php?lang=en&category=aliexpress_coupons&copy=1
s.click.aliexpress.com/deep_link.htmhttp://s.click.aliexpress.com/deep_link.htm?aff_short_key=RZBEUzr&dl_target_url=
www.w3.org/1999/02/22-rdf-syntax-nshttp://www.w3.org/1999/02/22-rdf-syntax-ns#
ns.adobe.com/xap/1.0/http://ns.adobe.com/xap/1.0/
purl.org/dc/elements/1.1/http://purl.org/dc/elements/1.1/
ns.adobe.com/photoshop/1.0/http://ns.adobe.com/photoshop/1.0/
ns.adobe.com/xap/1.0/mm/http://ns.adobe.com/xap/1.0/mm/
ns.adobe.com/xap/1.0/sType/ResourceEventhttp://ns.adobe.com/xap/1.0/sType/ResourceEvent#
ns.adobe.com/tiff/1.0/http://ns.adobe.com/tiff/1.0/
Showing 1 to 10 of 20 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
No IP addresses found
Version
Size
Is Malicious
Findings
Permhash
3.2.1
Latest
0.03 MB
Malicious
1
976a857497350e40bc12877960362ef7e5761ed1b53d6ebad4af78bcf6dc8491
Showing 1 to 1 of 10 rows
Rows per page:

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In