Report - xhydh27.top/

Report Overview

Visited public
2025-06-14 09:50:08
Tags
URL
xhydh27.top/
Finishing URL
xhydh27.top/
IP / ASN
35.241.24.35
#396982 GOOGLE-CLOUD-PLATFORM
Title
xhydh27.top

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
image.uc.cn	54371	2003-03-17	2014-06-05	2025-06-13	916 B	36 kB	47.246.2.230
g.alicdn.com	6787	2008-06-25	2014-10-06	2025-06-14	1.4 kB	56 kB	163.181.253.194
px.effirst.com	31137	2019-07-05	2019-09-03	2025-06-13	1.1 kB	2.1 kB	111.63.205.165
track.uc.cn	69223	2003-03-17	2014-06-05	2025-06-13	1.8 kB	444 B	106.8.130.149
xhydh27.top	unknown	2025-01-05	2025-06-14	2025-06-14	1.3 kB	5.8 kB	35.241.24.35
hm.baidu.com	8254	1999-10-11	2012-05-26	2025-06-11	434 B	175 B	183.240.98.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-14 09:49:46	medium	Client IP	35.241.24.35	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js	ScriptElement	5.3 kB	2025-04-09	2025-06-14
Pretty URL g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js IP 163.181.253.194 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-09 00:38 Last Seen2025-06-14 09:50 Times Seen30 Hash 51a8fbcfa8df036da4b5b9e0436495a4 e2be886c96e122fcbb6ebaa25d3a616231f0afbd f9de9ca2f1808fb224a117745da7ed6a9b7d251a59b4d21c25be4d14ce485289 Loading...

	xhydh27.top/	ScriptElement	279 B	2025-03-04	2025-06-14
Pretty URL xhydh27.top/ IP 35.241.24.35 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 10:51 Last Seen2025-06-14 09:50 Times Seen34 Hash 0275744bda83d4a191351e6c200cc5af 38d22fb2d9a0c7e707913c4cf7402094905150f0 9f772f6e33da967edc477b8c7134d257e20f30352b72ab84b19f4694e40d263e Loading...

	xhydh27.top/	ScriptElement	433 B	2025-03-04	2025-06-14
Pretty URL xhydh27.top/ IP 35.241.24.35 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 10:51 Last Seen2025-06-14 09:50 Times Seen34 Hash 74b141c856ce4ee9e58f81bbe9266211 0293a59fac9700ab25a11e867695ee2ee88a3bdd fdd448402443832bbecc74696943e5f2d585af242b52eb9c991fc99a6d6761d7 Loading...

	image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js	ScriptElement	33 kB	2024-01-20	2025-06-14
Pretty URL image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js IP 47.246.2.230 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 13:54 Last Seen2025-06-14 09:50 Times Seen247 Hash 61da0dd4fe144aeea55c1180bcc8401b 1b96d8e5c436d163d36a72b07c205b1e529dbbd7 dbf8ba66348e1bf2450dc819100258c9f27bf477abcf13dc31222497c6e7b1df Loading...

	xhydh27.top/	ScriptElement	2.2 kB	2025-03-04	2025-06-14
Pretty URL xhydh27.top/ IP 35.241.24.35 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 10:51 Last Seen2025-06-14 09:50 Times Seen34 Hash c6c89e3fc805735800a4aa0ca1dba464 85de48811525217c11bf4a88d46d5bc6565682c4 698da85838855169e31cd7e0fa6982675e863e3bc6b1f9b50913a025962719a1 Loading...

	xhydh27.top/	ScriptElement	649 B	2025-03-04	2025-06-14
Pretty URL xhydh27.top/ IP 35.241.24.35 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 10:51 Last Seen2025-06-14 09:50 Times Seen34 Hash a3bae1f5ce2eae37ddcd4cbe591df488 c75a1142b602a3be8815c641f87b8bca05437c81 7f9bab2e6bc941ad7af2f58458b2cce4df8b2e79cc22d39202c5de2fe6c23c09 Loading...

	xhydh27.top/	ScriptElement	127 B	2025-03-04	2025-06-14
Pretty URL xhydh27.top/ IP 35.241.24.35 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-04 10:51 Last Seen2025-06-14 09:50 Times Seen34 Hash ca357f993f5ebf88fef54c8e4b54a897 c94713eabf989bf58d4ce95491d655b8805d9f38 ad8bcd93919b51c1a851761a1be30e3c60df80b885df85246178176e534b8c81 Loading...

	g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js	ScriptElement	5.8 kB	2025-04-09	2025-06-14
Pretty URL g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js IP 163.181.253.194 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-09 00:38 Last Seen2025-06-14 09:50 Times Seen30 Hash 7cff8b8ca9a0a96fc90c750036e9f479 d27b28212217356d65784706cf0c7e9e3ce2819f 9c5727943c8d99daeff2a72117e370fb06aef0ab199fa4108c37c75ed7c36970 Loading...

	g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js	ScriptElement	42 kB	2025-04-09	2025-06-14
Pretty URL g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js IP 163.181.253.194 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-09 00:38 Last Seen2025-06-14 09:50 Times Seen30 Hash 35c0a645b2a991ed230b31d75b0c9f8e 265a56eb5abac1f90bad4e7dc712cd030b67dcd7 1df0a00f405132893781c41d86dfac3b698ed349f4d336dede57bffbc5f10546 Loading...

HTTP Transactions (13)

URL IP Response Size

image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js

47.246.2.230

200 OK

33 kB

URL GET
image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js
IP
47.246.2.230:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subjectimage.uc.cn
FingerprintC0:14:EE:1B:74:3A:15:9D:77:E6:65:2D:13:AC:EA:A3:2A:18:31:B7
ValidityWed, 12 Feb 2025 01:41:07 GMT - Mon, 16 Mar 2026 01:41:06 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (24209)
Size
33 kB (32606 bytes)
Hash
61da0dd4fe144aeea55c1180bcc8401b
1b96d8e5c436d163d36a72b07c205b1e529dbbd7
dbf8ba66348e1bf2450dc819100258c9f27bf477abcf13dc31222497c6e7b1df

HTTP Headers

GET /s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js HTTP/1.1
Host: image.uc.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: text/javascript
content-length: 10341
date: Tue, 27 May 2025 05:35:17 GMT
cache-control: max-age=8640000
access-control-allow-origin: *
via: ens-cache11.l2de3[0,0,304-0,H], ens-cache12.l2de3[1,0], cache7.ru3[0,0,200-0,H], cache12.ru3[1,0]
vary: Accept-Encoding
etag: ae54e074-7f5e
content-encoding: gzip
age: 66
ali-swift-global-savetime: 1748324117
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Fri, 06 Jun 2025 13:50:21 GMT
x-swift-cachetime: 7746296
timing-allow-origin: *
eagleid: 2ff602a017498945878533743e
X-Firefox-Spdy: h2

g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js

163.181.253.194

200 OK

5.3 kB

URL GET
g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
IP
163.181.253.194:443
ASN
#0

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.tbcdn.cn
FingerprintDA:3A:AA:7B:92:DB:F4:10:34:34:38:95:9D:FD:3C:A4:2B:74:29:F5
ValidityThu, 06 Mar 2025 10:12:19 GMT - Mon, 21 Jul 2025 09:06:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (5108), with no line terminators
Size
5.3 kB (5284 bytes)
Hash
51a8fbcfa8df036da4b5b9e0436495a4
e2be886c96e122fcbb6ebaa25d3a616231f0afbd
f9de9ca2f1808fb224a117745da7ed6a9b7d251a59b4d21c25be4d14ce485289

HTTP Headers

GET /woodpeckerx/jssdk/plugins/globalerror.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xhydh27.top
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 2366
date: Sat, 14 Jun 2025 09:46:40 GMT
vary: Accept-Encoding
x-oss-request-id: 684D4500712A583435361DB2
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1637784895855324770
x-oss-storage-class: Standard
cache-control: max-age=86400,s-maxage=600
content-md5: Uaj7z6jfA22ktbngQ2SVpA==
x-oss-server-time: 2
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
via: cache23.l2fr1[0,0,200-0,H], cache36.l2fr1[1,0], cache36.l2fr1[1,0], ens-cache19.fr6[0,0,200-0,H], ens-cache37.fr6[2,0]
age: 187
ali-swift-global-savetime: 1749894400
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 14 Jun 2025 09:49:31 GMT
x-swift-cachetime: 429
timing-allow-origin: *
eagleid: a3b5fdb917498945873888922e
X-Firefox-Spdy: h2

g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js

163.181.253.194

200 OK

5.8 kB

URL GET
g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
IP
163.181.253.194:443
ASN
#0

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.tbcdn.cn
FingerprintDA:3A:AA:7B:92:DB:F4:10:34:34:38:95:9D:FD:3C:A4:2B:74:29:F5
ValidityThu, 06 Mar 2025 10:12:19 GMT - Mon, 21 Jul 2025 09:06:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (5745), with no line terminators
Size
5.8 kB (5819 bytes)
Hash
7cff8b8ca9a0a96fc90c750036e9f479
d27b28212217356d65784706cf0c7e9e3ce2819f
9c5727943c8d99daeff2a72117e370fb06aef0ab199fa4108c37c75ed7c36970

HTTP Headers

GET /woodpeckerx/jssdk/plugins/performance.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xhydh27.top
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 2601
date: Sat, 14 Jun 2025 09:46:40 GMT
vary: Accept-Encoding
x-oss-request-id: 684D4500A6EF253230956B30
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4826514309733998179
x-oss-storage-class: Standard
cache-control: max-age=86400,s-maxage=600
content-md5: fP+LjKmgqW/JDHUANun0eQ==
x-oss-server-time: 7
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
via: cache18.l2fr1[0,0,200-0,H], cache14.l2fr1[1,0], cache14.l2fr1[1,0], ens-cache33.fr6[0,0,200-0,H], ens-cache37.fr6[2,0]
age: 187
ali-swift-global-savetime: 1749894400
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 14 Jun 2025 09:49:31 GMT
x-swift-cachetime: 429
timing-allow-origin: *
eagleid: a3b5fdb917498945874018935e
X-Firefox-Spdy: h2

px.effirst.com/api/v1/jconfig?wpk-header=app%3Dberg-download%26tm%3D1749894587%26ud%3D56b2adb6-4c60-4636-33f3-25e08a94f5d5%26sver%3D1.2.9%26sign%3Dc41e43c828c16c16a6eb1c9c1e68e8ce

111.63.205.165

200 OK

1.5 kB

URL GET
px.effirst.com/api/v1/jconfig?wpk-header=app%3Dberg-download%26tm%3D1749894587%26ud%3D56b2adb6-4c60-4636-33f3-25e08a94f5d5%26sver%3D1.2.9%26sign%3Dc41e43c828c16c16a6eb1c9c1e68e8ce
IP
111.63.205.165:80
ASN
#24547 Hebei Mobile Communication Company Limited

Requested by
http://xhydh27.top/

File type
JSON text data
Size
1.5 kB (1453 bytes)
Hash
8ec2d0a7ee2b6abb43ecdcb80b44ae56
159aec495b003f180f9f30d25865aa75cc6eea5f
90a53beafe77bffdcb01f14275adfb6bc3bb5e45a53d2718b42ebab4ef820246

HTTP Headers

GET /api/v1/jconfig?wpk-header=app%3Dberg-download%26tm%3D1749894587%26ud%3D56b2adb6-4c60-4636-33f3-25e08a94f5d5%26sver%3D1.2.9%26sign%3Dc41e43c828c16c16a6eb1c9c1e68e8ce HTTP/1.1
Host: px.effirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://xhydh27.top
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine/2.1.3_400
Date: Sat, 14 Jun 2025 09:49:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE
Content-Encoding: gzip

track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_first&page_h5=page_loading_first&lt=pageview&c_lt=pageview&event_id=2001&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894587863&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv

106.8.130.149

200

0 B

URL GET
track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_first&page_h5=page_loading_first&lt=pageview&c_lt=pageview&event_id=2001&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894587863&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv
IP
106.8.130.149:443
ASN
#141771 China Telecom

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.uc.cn
Fingerprint82:14:99:7A:FD:76:69:80:90:BC:1F:2E:67:69:08:91:BD:CE:DF:FF
ValidityMon, 30 Dec 2024 03:31:05 GMT - Sat, 31 Jan 2026 03:31:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_first&page_h5=page_loading_first&lt=pageview&c_lt=pageview&event_id=2001&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894587863&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv HTTP/1.1
Host: track.uc.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 14 Jun 2025 09:49:49 GMT
Content-Type: image/avif;charset=UTF-8
Content-Length: 33
Connection: keep-alive
Server: Tengine/2.1.3_400
Cache-Control: no-cache
Access-Control-Allow-Origin: *

track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_cn&page_h5=page_loading_cn&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894588128&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&lt=pageview&c_lt=pageview&event_id=2001&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv

123.182.51.196

200

0 B

URL GET
track.uc.cn/collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_cn&page_h5=page_loading_cn&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894588128&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&lt=pageview&c_lt=pageview&event_id=2001&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv
IP
123.182.51.196:443
ASN
#141771 China Telecom

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.uc.cn
Fingerprint82:14:99:7A:FD:76:69:80:90:BC:1F:2E:67:69:08:91:BD:CE:DF:FF
ValidityMon, 30 Dec 2024 03:31:05 GMT - Sat, 31 Jan 2026 03:31:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?appid=29351a4155a4&stat_a=berg&stat_b=download&ev_ct=berg_download&page=page_loading_cn&page_h5=page_loading_cn&keyword=&referrer=&host=xhydh27.top&url=http%3A%2F%2Fxhydh27.top%2F&cookie=__wpkreporterwid_%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02&time=1749894588128&entry=&_ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0)+Gecko%2F20100101+Firefox%2F134.0&isUC=false&isQuark=false&is_duannei=false&lt=pageview&c_lt=pageview&event_id=2001&uc_param_str=dsfrpfvedncpssntnwbipreimeutsv HTTP/1.1
Host: track.uc.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 14 Jun 2025 09:49:50 GMT
Content-Type: image/avif;charset=UTF-8
Content-Length: 33
Connection: keep-alive
Server: Tengine/2.1.3_400
Cache-Control: no-cache
Access-Control-Allow-Origin: *

xhydh27.top/

35.241.24.35

200 OK

5.2 kB

URL User Request GET
xhydh27.top/
IP
35.241.24.35:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4989), with no line terminators
Size
5.2 kB (5161 bytes)
Hash
7d0130e46c8df2c5de0bc87d78428504
4d203022aa2f3c51934e1d6332a3ac70889f93a2
6b88a654786e12b5611adf4ab411cda582ed19fa482f3fe797a3f2486f01146c

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: xhydh27.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 14 Jun 2025 09:49:46 GMT
Content-Type: text/html
Last-Modified: Mon, 15 Jan 2024 02:08:28 GMT
Vary: Accept-Encoding
ETag: W/"65a4939c-1429"
Cache-Control: no-cache
Content-Encoding: gzip
Via: 1.1 google
Transfer-Encoding: chunked

g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js

163.181.253.194

200 OK

42 kB

URL GET
g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
IP
163.181.253.194:443
ASN
#0

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subject*.tbcdn.cn
FingerprintDA:3A:AA:7B:92:DB:F4:10:34:34:38:95:9D:FD:3C:A4:2B:74:29:F5
ValidityThu, 06 Mar 2025 10:12:19 GMT - Mon, 21 Jul 2025 09:06:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41155), with no line terminators
Size
42 kB (41841 bytes)
Hash
35c0a645b2a991ed230b31d75b0c9f8e
265a56eb5abac1f90bad4e7dc712cd030b67dcd7
1df0a00f405132893781c41d86dfac3b698ed349f4d336dede57bffbc5f10546

HTTP Headers

GET /woodpeckerx/jssdk/wpkReporter.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xhydh27.top
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 15180
date: Sat, 14 Jun 2025 09:42:48 GMT
vary: Accept-Encoding
x-oss-request-id: 684D4418692CA337364402DE
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14095781032472792066
x-oss-storage-class: Standard
cache-control: max-age=86400,s-maxage=600
content-md5: NcCmRbKpke0jCzHXWwyfjg==
x-oss-server-time: 2
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
via: cache26.l2fr1[0,0,200-0,H], cache5.l2fr1[1,0], cache5.l2fr1[1,0], ens-cache17.fr6[0,-1,200-0,H], ens-cache37.fr6[2,0]
age: 419
ali-swift-global-savetime: 1749894168
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 14 Jun 2025 09:43:07 GMT
x-swift-cachetime: 581
timing-allow-origin: *
eagleid: a3b5fdb917498945873878919e
X-Firefox-Spdy: h2

xhydh27.top/favicon.ico

35.241.24.35

404 Not Found

153 B

URL GET
xhydh27.top/favicon.ico
IP
35.241.24.35:80
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://xhydh27.top/

File type
HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
a53e183b2c571a68b246ad570b76da19
7eac95d26ba1e92a3b4d6fd47ee057f00274ac13
29574dc19a017adc4a026deb6d9a90708110eafe9a6acdc6496317382f9a4dc7

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xhydh27.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Cookie: __wpkreporterwid_=6d139abd-ad4a-4266-1344-0c3bf5a34d02
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Sat, 14 Jun 2025 09:49:48 GMT
Content-Type: text/html
Content-Length: 153
Via: 1.1 google

hm.baidu.com/hm.js?42296466acbd6a1e84224ab1433a06cc

183.240.98.228

200 OK

0 B

URL GET
hm.baidu.com/hm.js?42296466acbd6a1e84224ab1433a06cc
IP
183.240.98.228:443
ASN
#56040 China Mobile communications corporation

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
FingerprintEF:0F:BE:13:02:E2:C4:D4:89:BA:8F:BA:88:EF:6F:95:DC:CF:7B:E0
ValidityMon, 08 Jul 2024 01:41:02 GMT - Sat, 09 Aug 2025 01:41:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /hm.js?42296466acbd6a1e84224ab1433a06cc HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 0
Date: Sat, 14 Jun 2025 09:49:49 GMT
Server: apache
Strict-Transport-Security: max-age=172800
Content-Type: text/plain; charset=utf-8

px.effirst.com/api/v1/jssdk/upload?wpk-header=app%3Dberg-download%26cp%3Dnone%26de%3D4%26seq%3D17498945905466%26tm%3D1749894590%26ud%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02%26ver%3D2.42.1%26type%3Dflow%26sver%3D1.2.9%26sign%3D9bf8a190ef82c5049df7b199c599c45b

111.63.205.165

200 OK

0 B

URL POST
px.effirst.com/api/v1/jssdk/upload?wpk-header=app%3Dberg-download%26cp%3Dnone%26de%3D4%26seq%3D17498945905466%26tm%3D1749894590%26ud%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02%26ver%3D2.42.1%26type%3Dflow%26sver%3D1.2.9%26sign%3D9bf8a190ef82c5049df7b199c599c45b
IP
111.63.205.165:80
ASN
#24547 Hebei Mobile Communication Company Limited

Requested by
http://xhydh27.top/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/jssdk/upload?wpk-header=app%3Dberg-download%26cp%3Dnone%26de%3D4%26seq%3D17498945905466%26tm%3D1749894590%26ud%3D6d139abd-ad4a-4266-1344-0c3bf5a34d02%26ver%3D2.42.1%26type%3Dflow%26sver%3D1.2.9%26sign%3D9bf8a190ef82c5049df7b199c599c45b HTTP/1.1
Host: px.effirst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 901
Origin: http://xhydh27.top
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/

HTTP/1.1 200 OK
Server: Tengine/2.1.3_400
Date: Sat, 14 Jun 2025 09:49:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE
Content-Encoding: gzip

xhydh27.top/

0.0.0.0

0 B

URL User Request GET
xhydh27.top/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET / HTTP/1.1
Host: xhydh27.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css

47.246.2.230

200 OK

2.2 kB

URL GET
image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css
IP
47.246.2.230:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
http://xhydh27.top/
Certificate
IssuerGlobalSign nv-sa
Subjectimage.uc.cn
FingerprintC0:14:EE:1B:74:3A:15:9D:77:E6:65:2D:13:AC:EA:A3:2A:18:31:B7
ValidityWed, 12 Feb 2025 01:41:07 GMT - Mon, 16 Mar 2026 01:41:06 GMT

File type
ASCII text, with very long lines (2179), with no line terminators
Size
2.2 kB (2179 bytes)
Hash
09bdfbcc9456faf8a85a94d44ef7734d
e3d00a7df14bc13abb5bd31caa58f1e4be17ede0
05ef687cb9294988df06df1c39cc1e84a26f29f26735c6948978347ed7927fc8

HTTP Headers

GET /s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css HTTP/1.1
Host: image.uc.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://xhydh27.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: text/css
content-length: 937
date: Wed, 14 May 2025 20:49:41 GMT
cache-control: max-age=8640000
access-control-allow-origin: *
via: ens-cache5.l2de3[0,0,304-0,H], ens-cache14.l2de3[1,0], cache8.ru3[0,0,200-0,H], cache12.ru3[2,0]
vary: Accept-Encoding
etag: b589311b-883
content-encoding: gzip
age: 66
ali-swift-global-savetime: 1747255781
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Wed, 04 Jun 2025 16:04:02 GMT
x-swift-cachetime: 6842739
timing-allow-origin: *
eagleid: 2ff602a017498945878523738e
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by