Report - yslru.xdiheu.cn/

Report Overview

Visitedpublic

2025-03-06 06:34:57

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
yslru.xdiheu.cn	unknown	2024-06-17	2025-03-06	2025-03-06	2.4 kB	46 kB	104.21.48.153

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	yslru.xdiheu.cn/	ScriptElement	210 B	2023-03-07	2025-08-06
URL yslru.xdiheu.cn/ IP / ASN 172.67.153.92 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 165603 Size 210 B (210 bytes) MD5 ab1ac4cf0f484cc9f859c0a7983353e0 SHA1 2da142b1135bd10cdbed4a7353e4483acc30ebe9 SHA256 50e878a18b2b5be7071dc7c10297381bcfcb55f17c27760ee857af9e31133324 Format Code Loading...

	yslru.xdiheu.cn/	ScriptElement	375 B	2023-03-07	2025-08-06
URL yslru.xdiheu.cn/ IP / ASN 172.67.153.92 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 171792 Size 375 B (375 bytes) MD5 56df91490fa1984fa82b297dcb23c22d SHA1 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 SHA256 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Format Code Loading...

	yslru.xdiheu.cn/	ScriptElement	38 B	2023-03-07	2025-08-06
URL yslru.xdiheu.cn/ IP / ASN 172.67.153.92 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-06 Times Seen 125932 Size 38 B (38 bytes) MD5 eb2ee6e4b3d4e81bacdb2474d9b3c2f5 SHA1 6588855b25c975b224e0fd1b50ca1b3f36cd46ed SHA256 3dd83a652b2e60d8dfc699cd2006f70007b826a92b49e61e9194bf422481ac05 Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET yslru.xdiheu.cn/favicon.ico

104.21.48.153

403 Forbidden

4.5 kB

URL GET HTTP

yslru.xdiheu.cn/favicon.ico

IP / ASN

104.21.48.153

#13335 CLOUDFLARENET

Requested byhttp://yslru.xdiheu.cn/

Resource Info

File typeHTML document, ASCII text, with very long lines (4746), with no line terminators

First Seen2025-03-06

Last Seen2025-03-06

Times Seen1

Size4.5 kB (4511 bytes)

MD5d0a84582c73d1c0320fd8627714bc222

SHA18de9f51162358ef7a122af7eac43e54df3d0efd0

SHA2563312d3af4c48880d38d7986d218de3cbc3bc05b0ce98a1d0bbbdc29cba639000

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yslru.xdiheu.cn/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 06 Mar 2025 06:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Thu, 06 Mar 2025 06:34:52 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wjUKy4KZVKLpfqLq66YdVwIwtPGh9sOjkqaiDUPJZciUxfD1q915U0r9XmT4DH3MaUk9gBd%2B3T8p7ebE5R%2BysIFeQFjslkChuIgjRsJ%2FnltTAWyUzZ0Vl8uWuG2p7wN8Plo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 91bfd4116d1356c3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=542&min_rtt=487&rtt_var=189&sent=4&recv=7&lost=0&retrans=0&sent_bytes=3651&recv_bytes=768&delivery_rate=6464285&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET yslru.xdiheu.cn/

172.67.153.92

403 Forbidden

4.5 kB

URL User Request GET HTTPS

yslru.xdiheu.cn/

IP / ASN

172.67.153.92

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (4746), with no line terminators

First Seen2025-03-06

Last Seen2025-03-06

Times Seen1

Size4.5 kB (4511 bytes)

MD5faa67c9db52a179394077f27694232c5

SHA12f1bf47a2c0989b6ba09a976f0fc5da71e44b47b

SHA256387b2ba2c1e6e8f29dd8c0adc25db593549318a2084b730381c6bd8309c53359

Certificate Info

IssuerGoogle Trust Services

Subjectxdiheu.cn

Fingerprint16:B7:EC:BE:A2:BB:B0:07:82:EA:1F:F7:1A:E4:09:F0:58:8F:9C:FD

ValiditySun, 02 Mar 2025 13:36:05 GMT - Sat, 31 May 2025 14:34:38 GMT

HTTP Headers

GET / HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Mar 2025 06:34:37 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Thu, 06 Mar 2025 06:34:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GSH449qE%2FTT0BF9vM2cqRzlyRw9ooYOI9PNKslWaUBJXnizTzXZRRe6MYYkfNXaIRGULRbK%2BthjtgTe5qGu9UWISsgNlz1xrCotX3P9DGApljkOm6mUYEGKee3FO9TO5Pd4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91bfd40e3b9a7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=522&min_rtt=465&rtt_var=160&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3170&recv_bytes=1125&delivery_rate=7451114&cwnd=253&unsent_bytes=0&cid=ec753617df579c2d&ts=53&x=0"
X-Firefox-Spdy: h2

GET yslru.xdiheu.cn/

172.67.153.92

403 Forbidden

4.5 kB

URL User Request GET HTTP

yslru.xdiheu.cn/

IP / ASN

172.67.153.92

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (4746), with no line terminators

First Seen2025-03-06

Last Seen2025-03-06

Times Seen1

Size4.5 kB (4511 bytes)

MD52d5225352f7872f9ae56b49d71eeb269

SHA162f3f6ad8665f891783aaf7177fbb21ad9a3ff9f

SHA25647bd18e7a0bfa9812aa9dc50b233e83bb6100422825ef9384af28d4e85787ff3

HTTP Headers

GET / HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 06 Mar 2025 06:34:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Thu, 06 Mar 2025 06:34:52 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1cLYIzMbjI%2B7Kjm9IxNzwrU%2FQdi4HysypVRgu2KDbGi0b7rNWoZE82pt49YSrNXR6Z%2F8IHduwikTGD0pg8CACnmzdKFtGaFIc99ZV1PhkwauFVSwZBuvMvdnElYA3Yo29o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 91bfd40f5be056cb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=473&min_rtt=473&rtt_var=236&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=400&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET yslru.xdiheu.cn/cdn-cgi/styles/cf.errors.css

172.67.153.92

200 OK

24 kB

URL GET HTTP

yslru.xdiheu.cn/cdn-cgi/styles/cf.errors.css

IP / ASN

172.67.153.92

#13335 CLOUDFLARENET

Requested byhttp://yslru.xdiheu.cn/

Resource Info

File typeASCII text, with very long lines (24050)

First Seen0001-01-01

Last Seen2025-08-06

Times Seen234136

Size24 kB (24051 bytes)

MD55e8c69a459a691b5d1b9be442332c87d

SHA1f24dd1ad7c9080575d92a9a9a2c42620725ef836

SHA25684e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://yslru.xdiheu.cn/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Mar 2025 06:34:37 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:02:34 GMT
ETag: W/"67c1fa3a-5df3"
Server: cloudflare
CF-RAY: 91bfd4109d2156cb-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 06 Mar 2025 08:34:37 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

GET yslru.xdiheu.cn/cdn-cgi/images/cf-no-screenshot-error.png

104.21.48.153

200 OK

3.2 kB

URL GET HTTP

yslru.xdiheu.cn/cdn-cgi/images/cf-no-screenshot-error.png

IP / ASN

104.21.48.153

#13335 CLOUDFLARENET

Requested byhttp://yslru.xdiheu.cn/

Resource Info

File typePNG image data, 178 x 175, 8-bit colormap, non-interlaced

First Seen0001-01-01

Last Seen2025-08-06

Times Seen71926

Size3.2 kB (3213 bytes)

MD50d768cbc261841d3affc933b9ac3130e

SHA1aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7

SHA2561c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Sinkholed / Blocked

HTTP Headers

GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://yslru.xdiheu.cn/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Mar 2025 06:34:37 GMT
Content-Type: image/png
Content-Length: 3213
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:02:34 GMT
ETag: "67c1fa3a-c8d"
Server: cloudflare
CF-RAY: 91bfd4112cd456c3-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 06 Mar 2025 08:34:37 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

GET yslru.xdiheu.cn/cdn-cgi/images/browser-bar.png?1376755637

172.67.153.92

200 OK

715 B

URL GET HTTP

yslru.xdiheu.cn/cdn-cgi/images/browser-bar.png?1376755637

IP / ASN

172.67.153.92

#13335 CLOUDFLARENET

Requested byhttp://yslru.xdiheu.cn/

Resource Info

File typePNG image data, 960 x 53, 8-bit colormap, non-interlaced

First Seen0001-01-01

Last Seen2025-08-06

Times Seen71919

Size715 B (715 bytes)

MD5226dcb8f6144bdaafdfbd8f2f354be64

SHA13785cc5b3bf52f8e398177b0ff1020b24aa86b8c

SHA2568c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Sinkholed / Blocked

HTTP Headers

GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1
Host: yslru.xdiheu.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://yslru.xdiheu.cn/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Mar 2025 06:34:37 GMT
Content-Type: image/png
Content-Length: 715
Connection: keep-alive
Last-Modified: Fri, 28 Feb 2025 18:02:34 GMT
ETag: "67c1fa3a-2cb"
Server: cloudflare
CF-RAY: 91bfd4112d9556cb-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Thu, 06 Mar 2025 08:34:37 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes