shuiku.customer.1l666.com Open in urlscan Pro
121.37.155.32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://shuiku.customer.1l666.com/
Effective URL:
https://shuiku.customer.1l666.com/index.html
Submission: On November 07 via automatic, source certstream-suspicious (November 7th 2021, 4:19:25 am UTC) — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 121.37.155.32, located in China and belongs to HWCSNET Huawei Cloud Service data center, CN. The main domain is shuiku.customer.1l666.com.
TLS certificate: Issued by R3 on November 7th 2021. Valid for: 3 months.

This is the only time shuiku.customer.1l666.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 15	121.37.155.32 121.37.155.32	55990 (HWCSNET H...) (HWCSNET Huawei Cloud Service data center)
1	47.96.68.221 47.96.68.221	37963 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.)
15	3

15 121.37.155.32 (China) 1 redirects

ASN55990 (HWCSNET Huawei Cloud Service data center, CN)
PTR: ecs-121-37-155-32.compute.hwclouds-dns.com

shuiku.customer.1l666.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.96.68.221 (Hangzhou, China)

ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN)

cdn.dcloud.net.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	1l666.com 1 redirects shuiku.customer.1l666.com	389 KB
1	dcloud.net.cn cdn.dcloud.net.cn	546 B
15	2

	Domain	Requested by
15	shuiku.customer.1l666.com	1 redirects shuiku.customer.1l666.com
1	cdn.dcloud.net.cn	shuiku.customer.1l666.com
15	2

This site contains no links.

Subject Issuer	Validity	Valid
shuiku.customer.1l666.com R3	`2021-11-07` - `2022-02-05`	3 months	crt.sh
*.dcloud.net.cn RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-08-17` - `2022-08-18`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://shuiku.customer.1l666.com/index.html
Frame ID: B9E44E56BA9184A32143BF38C9A95B53
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

随酷会员小程序

Page URL History Show full URLs

https://shuiku.customer.1l666.com/ HTTP 302
https://shuiku.customer.1l666.com/index.html Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

414 kB
Transfer

1150 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://shuiku.customer.1l666.com/ HTTP 302
https://shuiku.customer.1l666.com/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response shuiku.customer.1l666.com/ Redirect Chain https://shuiku.customer.1l666.com/ https://shuiku.customer.1l666.com/index.html	795 B 1009 B	225ms 224ms	Document text/html	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `e8e9924d9f0b64d11fb46ec2bbc0a8606fe601a31614f8eb51575a836f193399` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Sun, 07 Nov 2021 04:19:17 GMT content-type text/html content-length 795 last-modified Fri, 05 Nov 2021 07:26:42 GMT etag "1d7d2167aad261b" expires Sun, 07 Nov 2021 16:19:17 GMT cache-control max-age=43200 no-cache x-cache MISS accept-ranges bytes Redirect headers server nginx date Sun, 07 Nov 2021 04:19:17 GMT content-type application/json; charset=utf-8 location /index.html expires Sun, 07 Nov 2021 16:19:17 GMT cache-control max-age=43200 no-cache x-cache MISS
GET H2	200	index.f4fc78fe.css shuiku.customer.1l666.com/static/	93 KB 30 KB	424ms 423ms	Stylesheet text/css	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/index.f4fc78fe.css Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `15ed040cead5b78fbe6ba92bf4469ba3cd9f7bbe57053f2561fc9a9f6e00279e` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:18 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:42 GMT server nginx etag W/"1d7d2167aac5634" vary Accept-Encoding x-cache MISS content-type text/css cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:18 GMT
GET H2	200	chunk-vendors.7f7fc147.js Show response shuiku.customer.1l666.com/static/js/	692 KB 246 KB	642ms 641ms	Script application/javascript	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/js/chunk-vendors.7f7fc147.js Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `3d76d53eeb4adbe85fd55ac9ec7146dde5ae50faa139bc5e800b8066e9c16712` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:18 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:44 GMT server nginx etag W/"1d7d2167bd482c1" vary Accept-Encoding x-cache MISS content-type application/javascript cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:18 GMT
GET H2	200	index.abed003d.js Show response shuiku.customer.1l666.com/static/js/	261 KB 75 KB	644ms 643ms	Script application/javascript	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/js/index.abed003d.js Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `62bb6eddae9f0e438da08bc34cee7abf4ef53579cac20bbbfb284ed84aa5bd16` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:18 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:44 GMT server nginx etag W/"1d7d2167bda4724" vary Accept-Encoding x-cache MISS content-type application/javascript cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:18 GMT
GET H2	200	pageA-checkUser-checkUser~pageA-invoices-invoices~pageA-project-check-in~pageA-project-signFile~page~2b2760bf.4822da46.js Show response shuiku.customer.1l666.com/static/js/	39 KB 12 KB	212ms 212ms	Script application/javascript	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/js/pageA-checkUser-checkUser~pageA-invoices-invoices~pageA-project-check-in~pageA-project-signFile~page~2b2760bf.4822da46.js Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/index.abed003d.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `3674cdfc80efb7981535adada736af98c3f5e1f536d0b3b4bc605008e8275560` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:44 GMT server nginx etag W/"1d7d2167bdec89f" vary Accept-Encoding x-cache MISS content-type application/javascript cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:19 GMT
GET H2	200	pageA-checkUser-checkUser~pageA-register-register~pageA-telLogin-telLogin~pages-login-login~pages-pr~0b1c5e38.009020f8.js Show response shuiku.customer.1l666.com/static/js/	15 KB 5 KB	213ms 213ms	Script application/javascript	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/js/pageA-checkUser-checkUser~pageA-register-register~pageA-telLogin-telLogin~pages-login-login~pages-pr~0b1c5e38.009020f8.js Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/index.abed003d.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `1f822691e9c88f7d43fc29e5aafb8a99686ebc8304f26e131a1e729809914543` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:44 GMT server nginx etag W/"1d7d2167bde6e95" vary Accept-Encoding x-cache MISS content-type application/javascript cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:19 GMT
GET H2	200	pages-login-login.543f2faf.js Show response shuiku.customer.1l666.com/static/js/	7 KB 3 KB	211ms 210ms	Script application/javascript	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/static/js/pages-login-login.543f2faf.js Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/index.abed003d.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `28e85881332546690ecedb5f8121e881fa26fad634ba81fcc8defb50fbe7bbda` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 07:26:45 GMT server nginx etag W/"1d7d2167c76f537" vary Accept-Encoding x-cache MISS content-type application/javascript cache-control max-age=43200, no-cache expires Sun, 07 Nov 2021 16:19:19 GMT
POST H2	200	syspara Show response shuiku.customer.1l666.com/Common/	283 B 450 B	230ms 230ms	XHR text/plain	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/Common/syspara Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/chunk-vendors.7f7fc147.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `fefe1c3f8a87224545f3d351015a26d65e80924a59a91e746378571151706f28` Request headers accesstoken Referer https://shuiku.customer.1l666.com/index.html Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin * date Sun, 07 Nov 2021 04:19:19 GMT cache-control max-age=43200, no-cache server nginx content-type text/plain; charset=utf-8 content-length 283 expires Sun, 07 Nov 2021 16:19:19 GMT
POST H2	200	ServerStatus Show response shuiku.customer.1l666.com/Common/	144 B 304 B	229ms 228ms	XHR application/json	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/Common/ServerStatus Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/chunk-vendors.7f7fc147.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `76ddc4ae2523a26b7a4d2deaa730a19f2feac1853067258041fc27bed3bbb0bf` Request headers accesstoken Referer https://shuiku.customer.1l666.com/index.html Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin * date Sun, 07 Nov 2021 04:19:19 GMT cache-control max-age=43200, no-cache server nginx content-type application/json content-length 144 expires Sun, 07 Nov 2021 16:19:19 GMT
POST H2	200	SpecList Show response shuiku.customer.1l666.com/COF/	1 KB 1 KB	285ms 284ms	XHR application/json	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Full URL https://shuiku.customer.1l666.com/COF/SpecList Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/js/chunk-vendors.7f7fc147.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `d5d42c5e7ce58a2025afc6b565e66bbf348ac3a1d6f1670c5cd69077aa08aefb` Request headers accesstoken Referer https://shuiku.customer.1l666.com/index.html Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin * date Sun, 07 Nov 2021 04:19:19 GMT cache-control max-age=43200, no-cache server nginx content-type application/json content-length 1307 expires Sun, 07 Nov 2021 16:19:19 GMT
GET H2	200	01.png shuiku.customer.1l666.com/static/tabBar/	1 KB 1 KB	213ms 212ms	Image image/png	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Show image Full URL https://shuiku.customer.1l666.com/static/tabBar/01.png Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `3342c57f54183824d43b77585c282bf62b676f520d110d1533a944171edc0b41` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT last-modified Fri, 05 Nov 2021 07:26:47 GMT server nginx etag "1d7d2167da811b3" x-cache MISS content-type image/png cache-control max-age=43200, no-cache accept-ranges bytes content-length 1075 expires Sun, 07 Nov 2021 16:19:19 GMT
GET H2	200	tab4.png shuiku.customer.1l666.com/static/tabBar/	2 KB 2 KB	225ms 225ms	Image image/png	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Show image Full URL https://shuiku.customer.1l666.com/static/tabBar/tab4.png Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `c40c1a96416f78e95e67b869efbaa9ea8a0fa989a958eb7bf125e034362bb397` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT last-modified Fri, 05 Nov 2021 07:26:47 GMT server nginx etag "1d7d2167da81375" x-cache MISS content-type image/png cache-control max-age=43200, no-cache accept-ranges bytes content-length 1781 expires Sun, 07 Nov 2021 16:19:19 GMT
GET H2	200	tab5.png shuiku.customer.1l666.com/static/tabBar/	1 KB 2 KB	226ms 226ms	Image image/png	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Show image Full URL https://shuiku.customer.1l666.com/static/tabBar/tab5.png Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `439613725779b6ebd6a058959c36770e7da78c299356c0ae1929b48401b63df2` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT last-modified Fri, 05 Nov 2021 07:26:47 GMT server nginx etag "1d7d2167da810ad" x-cache MISS content-type image/png cache-control max-age=43200, no-cache accept-ranges bytes content-length 1325 expires Sun, 07 Nov 2021 16:19:19 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	logo.jpg shuiku.customer.1l666.com/static/	9 KB 10 KB	221ms 221ms	Image image/jpeg	121.37.155.32 HWCSNET Huawei Cl...
General Check archive.org Show headers Download Go to Show image Full URL https://shuiku.customer.1l666.com/static/logo.jpg Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 121.37.155.32 , China, ASN55990 (HWCSNET Huawei Cloud Service data center, CN), Reverse DNS ecs-121-37-155-32.compute.hwclouds-dns.com Software nginx / Resource Hash `10a37187d81030acb52c4e69c92398f172f5c47856a526bffb8628517311f013` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 07 Nov 2021 04:19:19 GMT last-modified Fri, 05 Nov 2021 07:26:42 GMT server nginx etag "1d7d2167aad00e8" x-cache MISS content-type image/jpeg cache-control max-age=43200, no-cache accept-ranges bytes content-length 9704 expires Sun, 07 Nov 2021 16:19:19 GMT
GET DATA	200 OK	truncated /	25 KB 25 KB		Font application/x-font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `17c981f03f2b64f75d9c0e542d041b5ac834c730af20249ff0f09005891004c3` Request headers Referer Origin https://shuiku.customer.1l666.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Content-Type application/x-font-woff2;charset=utf-8
GET H/1.1	200 OK	shadow-grey.png cdn.dcloud.net.cn/img/	136 B 546 B	755ms 252ms	Image image/png	47.96.68.221 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.dcloud.net.cn/img/shadow-grey.png Requested by Host: shuiku.customer.1l666.com URL: https://shuiku.customer.1l666.com/static/index.f4fc78fe.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 47.96.68.221 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f` Request headers Accept-Language de-DE,de;q=0.9 Referer https://shuiku.customer.1l666.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Sun, 07 Nov 2021 04:19:22 GMT Last-Modified Thu, 06 Jun 2019 06:42:07 GMT Server nginx ETag "5cf8b5bf-88" Content-Type image/png Cache-Control max-age=7200 Connection close Accept-Ranges bytes Content-Length 136 Expires Sun, 07 Nov 2021 06:19:22 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.dcloud.net.cn
shuiku.customer.1l666.com
121.37.155.32
47.96.68.221
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3
10a37187d81030acb52c4e69c92398f172f5c47856a526bffb8628517311f013
15ed040cead5b78fbe6ba92bf4469ba3cd9f7bbe57053f2561fc9a9f6e00279e
17c981f03f2b64f75d9c0e542d041b5ac834c730af20249ff0f09005891004c3
1f822691e9c88f7d43fc29e5aafb8a99686ebc8304f26e131a1e729809914543
28e85881332546690ecedb5f8121e881fa26fad634ba81fcc8defb50fbe7bbda
3342c57f54183824d43b77585c282bf62b676f520d110d1533a944171edc0b41
3674cdfc80efb7981535adada736af98c3f5e1f536d0b3b4bc605008e8275560
3d76d53eeb4adbe85fd55ac9ec7146dde5ae50faa139bc5e800b8066e9c16712
439613725779b6ebd6a058959c36770e7da78c299356c0ae1929b48401b63df2
62bb6eddae9f0e438da08bc34cee7abf4ef53579cac20bbbfb284ed84aa5bd16
76ddc4ae2523a26b7a4d2deaa730a19f2feac1853067258041fc27bed3bbb0bf
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
c40c1a96416f78e95e67b869efbaa9ea8a0fa989a958eb7bf125e034362bb397
d5d42c5e7ce58a2025afc6b565e66bbf348ac3a1d6f1670c5cd69077aa08aefb
e8e9924d9f0b64d11fb46ec2bbc0a8606fe601a31614f8eb51575a836f193399
fefe1c3f8a87224545f3d351015a26d65e80924a59a91e746378571151706f28

shuiku.customer.1l666.com Open in urlscan Pro 121.37.155.32 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

414 kBTransfer

1150 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

0 Cookies

Indicators

shuiku.customer.1l666.com Open in urlscan Pro
121.37.155.32 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

414 kB
Transfer

1150 kB
Size

0
Cookies

15 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!