Is "Amazon 报告采集助手" on Chrome Web Store Safe to Install?
# Amazon 报告采集助手:用途与安装价值说明 ## 它是什么 `chrome-extension/` 是一个面向 Amazon 运营团队的 Chrome 扩展。它运行在 Amazon Seller Central 和 Amazon Advertising Console 页面中,负责自动采集运营与广告报告,将数据保存在本地,并在需要时同步到项目后端分析系统。 它不是一个通用浏览器插件,而是一个直接服务于 Amazon 店铺运营、广告投放、数据分析场景的工作型工具。 ## 它的主要用途 这个扩展的核心用途,是把原本依赖人工导出报表的流程,变成可重复、可跟踪、可同步的数据采集流程。 ### 1. 自动采集 Amazon 运营与广告报表 扩展当前可在以下页面工作: - Amazon Seller Central - Amazon Advertising Console 可覆盖的报告类型包括: - Seller Central 业务报告 - FBA 库存报告 - SP 推广商品报告 - SP 搜索词报告 - SP 投放目标报告 - SP 广告位报告 - SP 广告活动报告 - SP 分时报告 - SP 预算报告 - 搜索词展示份额报告(多时间窗口) ### 2. 减少人工导出报表的重复劳动 没有扩展时,用户通常需要反复执行这些动作: - 登录 Seller Central 和广告后台 - 在多个店铺、多个站点之间切换 - 手工创建和下载报表 - 整理文件名称和存储位置 - 再把 CSV 或 Excel 导入内部表格或系统 安装扩展后,这些动作会被自动化或半自动化,大幅减少机械重复操作。 ### 3. 在本地保留可查看的数据快照 扩展会把已采集的数据保存在本地 IndexedDB 中,因此用户可以: - 在弹窗中查看已采集的数据 - 在无需重新下载报表的情况下复查历史快照 - 在后端同步暂未完成时,依然保留本地采集结果 ### 4. 将浏览器中的报表数据同步到后端分析系统 如果已经配置后端服务地址,扩展可以把采集到的行数据同步到项目的数据分析平台,用于: - 构建业务看板 - 分析广告与运营趋势 - 统一不同站点的数据口径 - 减少团队内部反复传递 CSV 文件的低效流程 ### 5. 识别店铺、站点与 merchantId,并支持多站点采集 扩展可以从 Amazon 页面中识别: - 店铺信息 - marketplace - merchantId 对于一个广告账户对应多个站点的情况,扩展还可以自动发现相关站点并一起采集。这对于同时运营美国、加拿大、墨西哥等多站点的团队尤其重要。 ## 用户为什么应该安装它 一句话概括:因为它能节省时间、降低错误率,并让 Amazon 数据真正进入可分析、可沉淀、可复用的流程。 ### 1. 它能替代脆弱的人工报表流程 人工导出最大的问题,不是“麻烦一点”,而是流程非常不稳定: - 不同人导出的时间范围不一致 - 某些报表容易漏掉 - 文件命名和归档方式不统一 - 后续分析时常常发现数据不完整 扩展把采集行为标准化,能明显降低这些问题。 ### 2. 它让数据采集更连续 运营分析最怕“今天采了、明天忘了、下周又补”。这个扩展直接工作在 Amazon 页面里,用户在日常操作后台时就能完成采集,更容易形成连续、稳定的数据积累。 ### 3. 它能减少漏采和误采 扩展提供悬浮面板、任务状态、日志和报告级进度展示。用户能直接看到: - 哪些任务已经开始 - 哪些报告已完成 - 哪些任务失败 - 当前还需要处理什么 相比纯人工下载,这种可视化状态管理更可靠。 ### 4. 它把 Amazon 页面和内部分析系统连接起来 很多团队真正痛的不是“下载一份报表”,而是“怎么把 Amazon 的数据稳定进入自己的系统”。这个扩展的价值就在于,它把浏览器端采集到的数据,进一步推送到后端分析链路中,减少手工搬运。 ### 5. 店铺和站点越多,它的价值越大 如果团队只维护一个店铺、一个站点、极少量报表,那么人工处理还能勉强维持;但一旦进入多店铺、多站点、多报表并行的运营模式,人工导出就会迅速失控。 扩展的价值会随着以下因素增加而快速放大: - 店铺数量增加 - marketplace 数量增加 - 广告账户数量增加 - 报告种类增加 - 团队协作人数增加 ## 它给不同角色带来的直接收益 ### 对 Amazon 运营人员 - 少做重复导出工作 - 更快拿到业务和库存数据 - 更方便同步店铺与渠道信息 ### 对广告投放人员 - 更集中地采集 SP 报告 - 降低漏掉关键广告报表的风险 - 更稳定地覆盖多站点广告数据 ### 对分析人员和管理者 - 获取更标准化的数据来源 - 减少表格中转和人工整理 - 提高看板和趋势分析的可信度 ### 对业务整体 - 降低运营数据处理成本 - 减少人为错误 - 提高报表时效性 - 为后续自动化分析打基础 ## 安装后用户能得到什么体验 安装完成后,当用户打开支持的 Amazon 页面时,扩展可以提供: - 页面右下角悬浮面板 - 店铺和站点自动识别 - 采集开始/停止控制 - 各报告的状态展示 - 最近日志查看 - 弹窗中的总览、数据、设置和同步能力 也就是说,用户不需要先跳到另一个系统里准备数据,而是在原本工作的 Amazon 页面里直接完成采集。 ## 哪些用户最应该安装 如果符合以下任意一种情况,就非常适合安装: - 每天都要登录 Amazon 后台 - 经常重复导出相同类型的报表 - 同时需要 Seller Central 和广告数据 - 管理多个 marketplace - 需要把数据同步到项目后端分析平台 - 希望减少 CSV 手工整理和团队来回传文件
Risk Assessment
Analyzed348 security findings detected across all analyzers
Chrome extension requesting 15 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
8 rules(78 hits)Requested Permissions
15 permissionsManage, modify, and monitor downloads
Read and modify cookies on all sites
About This Extension
Detailed Findings
94 totalYARA Rule Matches
8 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 249
detected Domain: l.name XIOC detected Domain: l.name
extracted_from_files
detected Domain: service.py XIOC detected Domain: service.py
extracted_from_files
detected Domain: advertising.amazon.com XIOC detected Domain: advertising.amazon.com
extracted_from_files
detected Domain: sellercentral.amazon.com XIOC detected Domain: sellercentral.amazon.com
extracted_from_files
detected Domain: chrome.storage XIOC detected Domain: chrome.storage
extracted_from_files
detected IP: 6::e XIOC detected IP: 6::e
extracted_from_files
detected Domain: msg.store XIOC detected Domain: msg.store
extracted_from_files
detected Domain: keys.ads XIOC detected Domain: keys.ads
extracted_from_files
detected Domain: keys.sc XIOC detected Domain: keys.sc
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: chrome-extension.zip XIOC detected Domain: chrome-extension.zip
extracted_from_files
detected Domain: xlsx.read XIOC detected Domain: xlsx.read
extracted_from_files
detected Domain: config.id XIOC detected Domain: config.id
extracted_from_files
detected Domain: chrome.downloads.download XIOC detected Domain: chrome.downloads.download
extracted_from_files
detected Domain: alarms.ads XIOC detected Domain: alarms.ads
extracted_from_files
detected Domain: alarms.sc XIOC detected Domain: alarms.sc
extracted_from_files
detected Domain: msg.health XIOC detected Domain: msg.health
extracted_from_files
detected Domain: msg.name XIOC detected Domain: msg.name
extracted_from_files
detected Domain: msg.report XIOC detected Domain: msg.report
extracted_from_files
detected Domain: msg.site XIOC detected Domain: msg.site
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: alarm.name XIOC detected Domain: alarm.name
extracted_from_files
detected Domain: chrome.downloads.search XIOC detected Domain: chrome.downloads.search
extracted_from_files
detected Domain: delta.id XIOC detected Domain: delta.id
extracted_from_files
detected Domain: reader.read XIOC detected Domain: reader.read
extracted_from_files
detected Domain: c.name XIOC detected Domain: c.name
extracted_from_files
detected Domain: cookies.map XIOC detected Domain: cookies.map
extracted_from_files
detected Domain: accounts.map XIOC detected Domain: accounts.map
extracted_from_files
detected Domain: cached.accounts.map XIOC detected Domain: cached.accounts.map
extracted_from_files
detected Domain: adsctx.site XIOC detected Domain: adsctx.site
extracted_from_files
detected Domain: window.location.search XIOC detected Domain: window.location.search
extracted_from_files
detected Domain: event.data XIOC detected Domain: event.data
extracted_from_files
detected Domain: result.data XIOC detected Domain: result.data
extracted_from_files
detected Domain: cfg.id XIOC detected Domain: cfg.id
extracted_from_files
detected Domain: report.name XIOC detected Domain: report.name
extracted_from_files
detected Domain: selectors.sc XIOC detected Domain: selectors.sc
extracted_from_files
detected Domain: uninitializedconfigs.map XIOC detected Domain: uninitializedconfigs.map
extracted_from_files
detected Domain: c.id XIOC detected Domain: c.id
extracted_from_files
detected Domain: nonisentries.map XIOC detected Domain: nonisentries.map
extracted_from_files
detected Domain: btn.id XIOC detected Domain: btn.id
extracted_from_files
detected Domain: selectors.ads XIOC detected Domain: selectors.ads
extracted_from_files
detected Domain: host.id XIOC detected Domain: host.id
extracted_from_files
detected Domain: meta.date XIOC detected Domain: meta.date
extracted_from_files
detected Domain: r.name XIOC detected Domain: r.name
extracted_from_files
detected Domain: r.id XIOC detected Domain: r.id
extracted_from_files
detected Domain: reports.map XIOC detected Domain: reports.map
extracted_from_files
detected Domain: r.date XIOC detected Domain: r.date
extracted_from_files
detected Domain: report.id XIOC detected Domain: report.id
extracted_from_files
detected Domain: e.target.id XIOC detected Domain: e.target.id
extracted_from_files
detected Domain: a.click XIOC detected Domain: a.click
extracted_from_files
detected Domain: snapshot.date XIOC detected Domain: snapshot.date
extracted_from_files
detected Domain: a.download XIOC detected Domain: a.download
extracted_from_files
detected Domain: snapshot.rows.map XIOC detected Domain: snapshot.rows.map
extracted_from_files
detected Domain: cols.map XIOC detected Domain: cols.map
extracted_from_files
detected Domain: migrations.py XIOC detected Domain: migrations.py
extracted_from_files
detected IP: ::bef XIOC detected IP: ::bef
extracted_from_files
detected IP: 3:: XIOC detected IP: 3::
extracted_from_files
detected Domain: button.sc XIOC detected Domain: button.sc
extracted_from_files
detected Domain: r.site XIOC detected Domain: r.site
extracted_from_files
detected Domain: headers.map XIOC detected Domain: headers.map
extracted_from_files
detected Domain: acct.nestedaccounts.map XIOC detected Domain: acct.nestedaccounts.map
extracted_from_files
detected Domain: panel.id XIOC detected Domain: panel.id
extracted_from_files
detected Domain: indexeddb.open XIOC detected Domain: indexeddb.open
extracted_from_files
detected Domain: rows.map XIOC detected Domain: rows.map
extracted_from_files
detected Domain: row.date XIOC detected Domain: row.date
extracted_from_files
detected Domain: coldefs.map XIOC detected Domain: coldefs.map
extracted_from_files
detected Domain: rawrows.map XIOC detected Domain: rawrows.map
extracted_from_files
detected Domain: apicolumns.map XIOC detected Domain: apicolumns.map
extracted_from_files
detected Domain: data.data XIOC detected Domain: data.data
extracted_from_files
detected Domain: columnformats.date XIOC detected Domain: columnformats.date
extracted_from_files
detected Domain: json.data XIOC detected Domain: json.data
extracted_from_files
detected Domain: input.page XIOC detected Domain: input.page
extracted_from_files
detected Domain: alljsonrows.map XIOC detected Domain: alljsonrows.map
extracted_from_files
detected Domain: record.date XIOC detected Domain: record.date
extracted_from_files
detected Domain: existing.rows.map XIOC detected Domain: existing.rows.map
extracted_from_files
detected Domain: this.store XIOC detected Domain: this.store
extracted_from_files
detected Domain: t.date XIOC detected Domain: t.date
extracted_from_files
detected Domain: slice.call XIOC detected Domain: slice.call
extracted_from_files
detected Domain: e.map XIOC detected Domain: e.map
extracted_from_files
detected Domain: schemas.microsoft.com XIOC detected Domain: schemas.microsoft.com
extracted_from_files
detected Domain: docs.oasis-open.org XIOC detected Domain: docs.oasis-open.org
extracted_from_files
detected Domain: schemas.openxmlformats.org XIOC detected Domain: schemas.openxmlformats.org
extracted_from_files
detected Domain: sheetjs.com XIOC detected Domain: sheetjs.com
extracted_from_files
detected Domain: e.fullpaths.map XIOC detected Domain: e.fullpaths.map
extracted_from_files
detected Domain: f.name XIOC detected Domain: f.name
extracted_from_files
detected Domain: p.name XIOC detected Domain: p.name
extracted_from_files
detected Domain: g.storage XIOC detected Domain: g.storage
extracted_from_files
detected Domain: g.name XIOC detected Domain: g.name
extracted_from_files
detected Domain: g.mt XIOC detected Domain: g.mt
extracted_from_files
detected Domain: s.mt XIOC detected Domain: s.mt
extracted_from_files
detected Domain: s.download XIOC detected Domain: s.download
extracted_from_files
detected Domain: e.read XIOC detected Domain: e.read
extracted_from_files
detected Domain: n.mt XIOC detected Domain: n.mt
extracted_from_files
detected Domain: e.name XIOC detected Domain: e.name
extracted_from_files
detected Domain: vnd.ms XIOC detected Domain: vnd.ms
extracted_from_files
detected Domain: v.mt XIOC detected Domain: v.mt
extracted_from_files
detected Domain: t.map XIOC detected Domain: t.map
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: r.read XIOC detected Domain: r.read
extracted_from_files
detected Domain: r.open XIOC detected Domain: r.open
extracted_from_files
detected Domain: o.open XIOC detected Domain: o.open
extracted_from_files
detected Domain: s.click XIOC detected Domain: s.click
extracted_from_files
detected Domain: xlnm.auto XIOC detected Domain: xlnm.auto
extracted_from_files
detected Domain: a.date XIOC detected Domain: a.date
extracted_from_files
detected Domain: e.next XIOC detected Domain: e.next
extracted_from_files
detected Domain: ca.call XIOC detected Domain: ca.call
extracted_from_files
detected Domain: purl.oclc.org XIOC detected Domain: purl.oclc.org
extracted_from_files
detected Domain: r.wtf XIOC detected Domain: r.wtf
extracted_from_files
detected Domain: qe.read XIOC detected Domain: qe.read
extracted_from_files
detected Domain: n.id XIOC detected Domain: n.id
extracted_from_files
detected Domain: i.id XIOC detected Domain: i.id
extracted_from_files
detected Domain: n.target XIOC detected Domain: n.target
extracted_from_files
detected Domain: i.target XIOC detected Domain: i.target
extracted_from_files
detected Domain: sheetjs.openxmlformats.org XIOC detected Domain: sheetjs.openxmlformats.org
extracted_from_files
detected Domain: r.style XIOC detected Domain: r.style
extracted_from_files
detected Domain: xlnm.data XIOC detected Domain: xlnm.data
extracted_from_files
detected Domain: u.next XIOC detected Domain: u.next
extracted_from_files
detected Domain: dbf.name XIOC detected Domain: dbf.name
extracted_from_files
detected Domain: t.dbf.map XIOC detected Domain: t.dbf.map
extracted_from_files
detected Domain: this.report XIOC detected Domain: this.report
extracted_from_files
detected Domain: user.tenant.name XIOC detected Domain: user.tenant.name
extracted_from_files
detected Domain: t.wtf XIOC detected Domain: t.wtf
extracted_from_files
detected Domain: r.family XIOC detected Domain: r.family
extracted_from_files
detected Domain: r.sz XIOC detected Domain: r.sz
extracted_from_files
detected Domain: ui.to XIOC detected Domain: ui.to
extracted_from_files
detected Domain: fi.to XIOC detected Domain: fi.to
extracted_from_files
detected Domain: t.name XIOC detected Domain: t.name
extracted_from_files
detected Domain: y.workbook.wbprops.date XIOC detected Domain: y.workbook.wbprops.date
extracted_from_files
detected Domain: n.color.auto XIOC detected Domain: n.color.auto
extracted_from_files
detected Domain: l.auto XIOC detected Domain: l.auto
extracted_from_files
detected Domain: n.family XIOC detected Domain: n.family
extracted_from_files
detected Domain: n.sz XIOC detected Domain: n.sz
extracted_from_files
detected Domain: n.name XIOC detected Domain: n.name
extracted_from_files
detected Domain: a.wtf XIOC detected Domain: a.wtf
extracted_from_files
detected Domain: e.sz XIOC detected Domain: e.sz
extracted_from_files
detected Domain: e.top XIOC detected Domain: e.top
extracted_from_files
detected Domain: l.id XIOC detected Domain: l.id
extracted_from_files
detected Domain: e.id XIOC detected Domain: e.id
extracted_from_files
detected Domain: r.author XIOC detected Domain: r.author
extracted_from_files
detected Domain: xt.mv XIOC detected Domain: xt.mv
extracted_from_files
detected Domain: n.wtf XIOC detected Domain: n.wtf
extracted_from_files
detected Domain: a.name XIOC detected Domain: a.name
extracted_from_files
detected Domain: hs.date XIOC detected Domain: hs.date
extracted_from_files
detected Domain: v.ht XIOC detected Domain: v.ht
extracted_from_files
detected Domain: y.cm XIOC detected Domain: y.cm
extracted_from_files
detected Domain: y.ht XIOC detected Domain: y.ht
extracted_from_files
detected Domain: h.cm XIOC detected Domain: h.cm
extracted_from_files
detected Domain: o.name XIOC detected Domain: o.name
extracted_from_files
detected Domain: s.target XIOC detected Domain: s.target
extracted_from_files
detected Domain: t.id XIOC detected Domain: t.id
extracted_from_files
detected Domain: a.id XIOC detected Domain: a.id
extracted_from_files
detected Domain: s.id XIOC detected Domain: s.id
extracted_from_files
detected Domain: d.l.target XIOC detected Domain: d.l.target
extracted_from_files
detected Domain: i.name XIOC detected Domain: i.name
extracted_from_files
detected Domain: e.workbook.wbprops.date XIOC detected Domain: e.workbook.wbprops.date
extracted_from_files
detected Domain: e.wbprops.date XIOC detected Domain: e.wbprops.date
extracted_from_files
detected Domain: y.l.target XIOC detected Domain: y.l.target
extracted_from_files
detected Domain: a.map XIOC detected Domain: a.map
extracted_from_files
detected Domain: j.target XIOC detected Domain: j.target
extracted_from_files
detected Domain: w.wbprops.date XIOC detected Domain: w.wbprops.date
extracted_from_files
detected Domain: u.name XIOC detected Domain: u.name
extracted_from_files
detected Domain: s.name XIOC detected Domain: s.name
extracted_from_files
detected Domain: e.style XIOC detected Domain: e.style
extracted_from_files
detected Domain: i.links.map XIOC detected Domain: i.links.map
extracted_from_files
detected Domain: i.style XIOC detected Domain: i.style
extracted_from_files
detected Domain: index.zip XIOC detected Domain: index.zip
extracted_from_files
detected Domain: o.wtf XIOC detected Domain: o.wtf
extracted_from_files
detected Domain: r.map XIOC detected Domain: r.map
extracted_from_files
detected Domain: rn.ms XIOC detected Domain: rn.ms
extracted_from_files
detected Domain: r.sheetnames.map XIOC detected Domain: r.sheetnames.map
extracted_from_files
detected Domain: a.rs XIOC detected Domain: a.rs
extracted_from_files
detected Domain: li.to XIOC detected Domain: li.to
extracted_from_files
detected Domain: ci.to XIOC detected Domain: ci.to
extracted_from_files
detected Domain: o.foo XIOC detected Domain: o.foo
extracted_from_files
detected Domain: rn.ws XIOC detected Domain: rn.ws
extracted_from_files
detected Domain: r.revstrings.foo XIOC detected Domain: r.revstrings.foo
extracted_from_files
detected Domain: h.sheets.map XIOC detected Domain: h.sheets.map
extracted_from_files
detected Domain: rt.name XIOC detected Domain: rt.name
extracted_from_files
detected Domain: rt.id XIOC detected Domain: rt.id
extracted_from_files
detected Domain: console.info XIOC detected Domain: console.info
extracted_from_files
detected Domain: amazonadvertising.com XIOC detected Domain: amazonadvertising.com
extracted_from_files
detected Domain: s3.amazonaws.com XIOC detected Domain: s3.amazonaws.com
extracted_from_files
detected Domain: e.stream XIOC detected Domain: e.stream
extracted_from_files
detected IP: ::f XIOC detected IP: ::f
extracted_from_files
detected Domain: m.name XIOC detected Domain: m.name
extracted_from_files
detected Domain: e.sheetnames.map XIOC detected Domain: e.sheetnames.map
extracted_from_files
detected Domain: user.email XIOC detected Domain: user.email
extracted_from_files
detected Domain: snapshots.map XIOC detected Domain: snapshots.map
extracted_from_files
detected Domain: sortopts.map XIOC detected Domain: sortopts.map
extracted_from_files
detected Domain: change.delta XIOC detected Domain: change.delta
extracted_from_files
detected Domain: latest.date XIOC detected Domain: latest.date
extracted_from_files
detected Domain: logs.map XIOC detected Domain: logs.map
extracted_from_files
detected Domain: d.id XIOC detected Domain: d.id
extracted_from_files
detected Domain: def.name XIOC detected Domain: def.name
extracted_from_files
detected Domain: def.id XIOC detected Domain: def.id
extracted_from_files
detected Domain: defs.map XIOC detected Domain: defs.map
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: tab.dataset.tab XIOC detected Domain: tab.dataset.tab
extracted_from_files
detected Domain: ur.rw XIOC detected Domain: ur.rw
extracted_from_files
detected Domain: i.jp XIOC detected Domain: i.jp
extracted_from_files
detected Domain: i.ng XIOC detected Domain: i.ng
extracted_from_files
detected Domain: p.tn XIOC detected Domain: p.tn
extracted_from_files
detected Domain: h.ws XIOC detected Domain: h.ws
extracted_from_files
detected Domain: m.uy XIOC detected Domain: m.uy
extracted_from_files
detected Domain: ʞ.kh XIOC detected Domain: ʞ.kh
extracted_from_files
detected URL: https://sellercentral.amazon.com XIOC detected URL: https://sellercentral.amazon.com
extracted_from_files
detected URL: http://43.134.113.45:30094 XIOC detected URL: http://43.134.113.45:30094
extracted_from_files
detected URL: https://advertising.amazon.com XIOC detected URL: https://advertising.amazon.com
extracted_from_files
detected URL: https://advertising.amazon.com/reports/subscriptions/ XIOC detected URL: https://advertising.amazon.com/reports/subscriptions/
extracted_from_files
detected Domain: r.ms XIOC detected Domain: r.ms
extracted_from_files
detected URL: https://advertising.amazon.com/ccx/ajax/navState?entityId=$ XIOC detected URL: https://advertising.amazon.com/ccx/ajax/navState?entityId=$
extracted_from_files
detected URL: https://advertising.amazon.com/reports/api/subscription-reports/$ XIOC detected URL: https://advertising.amazon.com/reports/api/subscription-reports/$
extracted_from_files
detected URL: https://advertising.amazon.com/reports/api/subscriptions/$ XIOC detected URL: https://advertising.amazon.com/reports/api/subscriptions/$
extracted_from_files
detected URL: https://advertising.amazon.com/reports/api/subscriptions?entityId=$ XIOC detected URL: https://advertising.amazon.com/reports/api/subscriptions?entityId=$
extracted_from_files
detected URL: https://advertising.amazon.com/reports/api/subscriptions/custom?entityId=$ XIOC detected URL: https://advertising.amazon.com/reports/api/subscriptions/custom?entityId=$
extracted_from_files
detected URL: http://43.134.113.45:30094/docs XIOC detected URL: http://43.134.113.45:30094/docs
extracted_from_files
detected URL: http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument XIOC detected URL: http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument
extracted_from_files
detected URL: http://macVmlSchemaUri XIOC detected URL: http://macVmlSchemaUri
extracted_from_files
detected URL: http://schemas.openxmlformats.org/spreadsheetml/2006/main XIOC detected URL: http://schemas.openxmlformats.org/spreadsheetml/2006/main
extracted_from_files
detected URL: http://schemas.openxmlformats.org/package/2006/metadata/core-properties XIOC detected URL: http://schemas.openxmlformats.org/package/2006/metadata/core-properties
extracted_from_files
detected URL: http://sheetjs.com XIOC detected URL: http://sheetjs.com
extracted_from_files
detected URL: http://43.134.113.45:30094', XIOC detected URL: http://43.134.113.45:30094',
extracted_from_files
detected URL: https://advertising.amazon.com$ XIOC detected URL: https://advertising.amazon.com$
extracted_from_files
detected URL: https://*.amazonadvertising.com/* XIOC detected URL: https://*.amazonadvertising.com/*
extracted_from_files
detected URL: https://*.amazon.com/* XIOC detected URL: https://*.amazon.com/*
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: http://schemas.openxmlformats.org/drawingml/2006/main XIOC detected URL: http://schemas.openxmlformats.org/drawingml/2006/main
extracted_from_files
detected URL: http://docs.oasis-open.org/ns/office/1.2/meta/pkg# XIOC detected URL: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
extracted_from_files
detected URL: http://docs.oasis-open.org/ns/office/1.2/meta/'+(t XIOC detected URL: http://docs.oasis-open.org/ns/office/1.2/meta/'+(t
extracted_from_files
detected URL: https://43.134.113.45/* XIOC detected URL: https://43.134.113.45/*
extracted_from_files
detected URL: http://43.134.113.45/* XIOC detected URL: http://43.134.113.45/*
extracted_from_files
detected URL: https://127.0.0.1/* XIOC detected URL: https://127.0.0.1/*
extracted_from_files
detected URL: http://127.0.0.1/* XIOC detected URL: http://127.0.0.1/*
extracted_from_files
detected URL: https://s3.amazonaws.com/* XIOC detected URL: https://s3.amazonaws.com/*
extracted_from_files
detected URL: https://*.s3.amazonaws.com/* XIOC detected URL: https://*.s3.amazonaws.com/*
extracted_from_files
detected MD5 Hash: 00000000000000000000000000000000 XIOC detected MD5 Hash: 00000000000000000000000000000000
extracted_from_files
detected IP: 43.134.113.45 XIOC detected IP: 43.134.113.45
extracted_from_files
detected IP: 4:: XIOC detected IP: 4::
extracted_from_files
detected IP: 9::9 XIOC detected IP: 9::9
extracted_from_files
detected IP: ::2 XIOC detected IP: ::2
extracted_from_files
detected IP: 6:: XIOC detected IP: 6::
extracted_from_files
detected Domain: fetchresult.data XIOC detected Domain: fetchresult.data
extracted_from_files
detected Domain: s.date XIOC detected Domain: s.date
extracted_from_files
detected Domain: r.rs XIOC detected Domain: r.rs
extracted_from_files
detected Domain: log-level.info XIOC detected Domain: log-level.info
extracted_from_files
detected Domain: channels.id XIOC detected Domain: channels.id
extracted_from_files
detected Domain: oi.to XIOC detected Domain: oi.to
extracted_from_files
AI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-27. The review verdict is likely false positive with 72% confidence.
Recommended action: suppress false positive.
Risk context: CRITICAL risk, score 95/100.
Evidence context: threat category none; evidence quality moderate.
This extension, 'Amazon 报告采集助手' (Amazon Report Collection Assistant), declares functionality to automatically collect Amazon Seller Central and Advertising Console reports. The network findings in lib/ads-api.js, lib/sc-api.js, and lib/api.js show fetch calls consistent with this stated purpose—these files appear to be API client code for Amazon services rather than malicious exfiltration endpoints. The content/ads-collection.js:414 finding confirms content script data collection, which aligns with the extension's described functionality.
The 254 IoC findings are almost certainly false positives from the XIOC extractor. Per the CVEQ documentation, IoC volume alone is meaningless—this count likely stems from bundled dependencies and property access chains misread as domains. Crucially, there are zero malware signatures, zero obfuscation findings, and no suspicious specific domains identified in the evidence. The 78 code-smell findings are classified as low severity and match known noise patterns like postinstall_* and generic credential reference rules that fire on almost any non-trivial JavaScript.
The single manifest finding (MANIFEST-SENSITIVE-PERM-TABS in manifest.json) reflects the 'tabs' permission, which is legitimate for an extension that needs to read data from Amazon web pages. This is not inherently malicious—many legitimate productivity extensions require this permission.
Counterargument: A skeptic could argue that the anonymous developer ([email protected]), zero user count, and sensitive tabs permission warrant a more cautious verdict. These are valid concerns for any extension. However, the absence of malware signatures, obfuscation, or specific suspicious domains means there is no evidence of malicious behavior—only evidence of legitimate data collection functionality with noisy automated findings. The tabs permission is necessary for the extension's stated purpose, not an indicator of credential theft or session hijacking.
The verdict of likely_false_positive reflects that the finding volume is driven by known CVEQ noise patterns (IoC extraction garbage, code-smell rules) rather than actual malicious indicators.
Key Reasons
- Zero malware signatures detected
- Zero obfuscation findings
- Network activity aligns with stated Amazon data collection purpose
- IoC count driven by known XIOC extractor false positives
- Code-smell findings are low-severity noise patterns
False Positive Considerations
- IoC volume from XIOC extractor noise
- Code-smell findings (low severity, known FP patterns)
- Bundled dependency code triggering multiple findings
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
SVG to AVIF Converter [ShiftShift]
[email protected]
ChromeCompare
[email protected]
CAI Tools
[email protected]
Auto Gmail - ChatGPT AI for email inbox
[email protected]
EC Seller Tools
[email protected]