Report - cysaw.top/uploads/1903340.zip

Report Overview

Visited public
2025-04-30 19:07:36
Tags
URL
cysaw.top/uploads/1903340.zip
Finishing URL
cysaw.top/uploads/1903340.zip
IP / ASN
104.21.22.26
#13335 CLOUDFLARENET
Title
403 Forbidden

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cysaw.top	unknown	2024-11-30	2025-01-01	2025-04-19	3.8 kB	30 kB	172.67.202.14
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-04-30	496 B	20 kB	104.16.80.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-30 19:07:05	medium	Client IP	172.67.202.14	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cysaw.top/uploads/1903340.zip	ScriptElement	921 B	2025-04-30	2025-04-30
Pretty URL cysaw.top/uploads/1903340.zip IP 172.67.202.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-30 19:07 Last Seen2025-04-30 19:07 Times Seen1 Hash 63c859ca1a13e28bb7e2ee8df0416fdd d64e8b732855329ac7ad849fca1129c618489884 2599199edb3f6d83e370fcd3e2679ca0ff221b9d903fa04368fdad3236b8138b Loading...

	about:blank	ScriptElement	236 B	2025-04-30	2025-04-30
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 19:07 Last Seen2025-04-30 19:07 Times Seen1 Hash 77090154665b13b1290fd1b456b84b9f a339f9ac46af0347c20b6cd0496931d843c13aed 6e320c6a53649e61031467ee84af5816b87b65e3faa95a74c91bc9571b2e5a92 Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-23
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-23 05:22 Times Seen66357 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	cysaw.top/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.4 kB	2025-04-30	2025-04-30
Pretty URL cysaw.top/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.202.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-30 19:07 Last Seen2025-04-30 19:07 Times Seen1 Hash 45bbae841b6df07349e5c38baed47f8a 4a414f4681905728a7f22a09439f777792c41944 dd149e3137f5cf872bc2d23b6d62fb5d56b542efb5ed0aacfd33060ce4be092a Loading...

HTTP Transactions (9)

URL IP Response Size

POST cysaw.top/cdn-cgi/challenge-platform/h/b/jsd/r/0.6629516080656436:1746029575:pMRuI6hf6CPciS8wQuJvt-Mn4pI_4rU1IIUeb8M2fdc/938951eee94a569a

172.67.202.14

200 OK

0 B

URL POST
cysaw.top/cdn-cgi/challenge-platform/h/b/jsd/r/0.6629516080656436:1746029575:pMRuI6hf6CPciS8wQuJvt-Mn4pI_4rU1IIUeb8M2fdc/938951eee94a569a
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.6629516080656436:1746029575:pMRuI6hf6CPciS8wQuJvt-Mn4pI_4rU1IIUeb8M2fdc/938951eee94a569a HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12083
Origin: https://cysaw.top
DNT: 1
Connection: keep-alive
Referer: https://cysaw.top/uploads/1903340.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 30 Apr 2025 19:07:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=glvzzESRnCmchltnpCEJv1l5ZN79d35eWQ90xehafrKKs9Bta1fzSx7FZU3MUuuRcc2qZOg%2BUSodWkWOIDyojRvZlVHjfICvgCrWqqrJr8PsVjHuew7skWrAI8E%3D"}],"group":"cf-nel","max_age":604800}
set-cookie: cf_clearance=Qggzo.6N0jxJ_5SvmnMRuKvts3CnjuqD9.7ohDHH25g-1746040026-1.2.1.1-IKBnWqKCOEjY85fakzgvW28vcONTfKcLPg8Uzd0.uFKR0WemVQeNVsoZkzyXUi3phhTHJSp9Uc7J74q9Barb3rkMrsGS9EX1UXo74TIx.xyfZIA8BCSkbC6K95SogTZUugqESwabRzLHs5JR3H2mPj2Nevv.icqPIhZMVvsvuFVD7x4GyW4IERxioHMCxgaPHG3w2k_5NSVOWT7LLOFwWzdVYNUlQmhdbd_knL8FaqQ_rryvYH2rCPnGhaAiTkjVVwmH1o3obkVU28u_BKVu_gqxHayyn0r.hyPpelVoD7csrPEvkkXQYTZu0ZXYSwwKafd9XK0gmthMZcNSGOSJ8mhtsqzYo6.kMb9mrbTwTfs; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=cysaw.top; Expires=Thu, 30 Apr 2026 19:07:06 GMT
cf-ray: 938951f39c55712e-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5839&min_rtt=880&rtt_var=6403&sent=197&recv=300&lost=0&retrans=0&sent_bytes=18705&recv_bytes=30663&delivery_rate=178718&cwnd=12000&unsent_bytes=0&cid=77dc4e99b83a199d&ts=1082&x=16"

GET cysaw.top/uploads/1903340.zip

172.67.202.14

301 Moved Permanently

1.7 kB

URL User Request GET
cysaw.top/uploads/1903340.zip
IP
172.67.202.14:80
ASN
#13335 CLOUDFLARENET

File type

Size
1.7 kB (1739 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /uploads/1903340.zip HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Apr 2025 19:07:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 30 Apr 2025 20:07:05 GMT
Location: https://cysaw.top/uploads/1903340.zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TC36eemZxF2rV74NPKd9pYTCLB0X3%2Fa%2F2YZO0PgCIkAXg%2BHkymNKy5Xzlu%2BiaSbV217tJfYDzcoaSZl9XaaMorx%2BppIaLMv8eh0E7nfN8%2FLKwTTo7YJQSMj9FvU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 938951eeaa871c02-OSL
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=628&min_rtt=628&rtt_var=314&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=413&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET cysaw.top/favicon.ico

172.67.202.14

404 Not Found

315 B

URL GET
cysaw.top/favicon.ico
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cysaw.top/uploads/1903340.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 30 Apr 2025 19:07:06 GMT
content-type: text/html; charset=iso-8859-1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImPCCQnTk8OzYYK6hxkIvU%2B%2BJ6lbERk03JwVODfMKl6Hxu%2FKnpEfE7Jcs0JYFb%2B2NQrasOB8LOy9868I24vRvakkQp%2BEJzEmlsX4zPWKIqPSz57Dv6l3D6f%2BjV4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=120
cf-cache-status: EXPIRED
content-encoding: br
cf-ray: 938951f21c4b712e-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7173&min_rtt=880&rtt_var=7469&sent=198&recv=301&lost=0&retrans=0&sent_bytes=19704&recv_bytes=30708&delivery_rate=11343&cwnd=12000&unsent_bytes=0&cid=77dc4e99b83a199d&ts=1343&x=16"

POST cysaw.top/cdn-cgi/rum?

172.67.202.14

204 No Content

0 B

URL POST
cysaw.top/cdn-cgi/rum?
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1339
Origin: https://cysaw.top
DNT: 1
Connection: keep-alive
Referer: https://cysaw.top/uploads/1903340.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Wed, 30 Apr 2025 19:07:05 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://cysaw.top
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 938951f24c4d712e-OSL
x-frame-options: DENY

GET cysaw.top/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.202.14

302 Found

8.4 kB

URL GET
cysaw.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type

Size
8.4 kB (8442 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 30 Apr 2025 19:07:05 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=czcDloWyrB4fJIjGwpVLTw590RiU8h4qGEFjY03Vbx5w64K356l9ko6p67vlcSQ%2B22747otH0nrGwhdhxJGfvM%2Bo1SDS8Yxp5jkemXZzbqu2TmY0DFQ9GeWbF%2FQ%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/a51d7b3d53cb/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 938951f22c4c712e-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2460&min_rtt=880&rtt_var=1226&sent=181&recv=287&lost=0&retrans=0&sent_bytes=12903&recv_bytes=17468&delivery_rate=2310&cwnd=12000&unsent_bytes=0&cid=77dc4e99b83a199d&ts=820&x=16"

GET cysaw.top/cdn-cgi/challenge-platform/h/b/scripts/jsd/a51d7b3d53cb/main.js?

172.67.202.14

200 OK

8.4 kB

URL GET
cysaw.top/cdn-cgi/challenge-platform/h/b/scripts/jsd/a51d7b3d53cb/main.js?
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type
JavaScript source, ASCII text, with very long lines (8442), with no line terminators
Size
8.4 kB (8442 bytes)
Hash
45bbae841b6df07349e5c38baed47f8a
4a414f4681905728a7f22a09439f777792c41944
dd149e3137f5cf872bc2d23b6d62fb5d56b542efb5ed0aacfd33060ce4be092a

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/a51d7b3d53cb/main.js? HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 30 Apr 2025 19:07:06 GMT
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWe%2BZkMg24erYJVKWJ09IS5WX58H9mlg8q2nHghph0Z1j0g9VbJ7cZr7XxcLSOiyq0BUMU%2B8W62fm91Ngv5uNMJIZKrbmqmhMm%2FHkxI7%2B9rjSd0apvCxWR0X15E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 938951f27c4e712e-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4550&min_rtt=880&rtt_var=5101&sent=184&recv=289&lost=0&retrans=0&sent_bytes=13820&recv_bytes=17774&delivery_rate=16195&cwnd=12000&unsent_bytes=0&cid=77dc4e99b83a199d&ts=861&x=16"

GET cysaw.top/uploads/1903340.zip

172.67.202.14

403 Forbidden

1.7 kB

URL User Request GET
cysaw.top/uploads/1903340.zip
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type
HTML document, ASCII text, with very long lines (1420)
Size
1.7 kB (1739 bytes)
Hash
a34b0b8faac25ea6ba686e9e187081b6
4e94d8cd5be6ff74f81ef19644484665e381fbbd
0956be4719dff49d7056e7558c35c8f792efa442f6916e29c0e866d97e921153

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /uploads/1903340.zip HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Wed, 30 Apr 2025 19:07:05 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MjA%2FjYWghA%2Bf0shg2FpR04pFK5u2CuD50w8HPNZ%2BS8QrQywD54HE3E4SDnPYNwOwuecHKSBc6hZRy9E3bdnCRsAgJWrCXuuoIIqFDWWvUGsGgcO74sefYQB0EmA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 938951e9ca2a569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="BYPASS", cfL4;desc="?proto=TCP&rtt=5741&min_rtt=531&rtt_var=10449&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3193&recv_bytes=1135&delivery_rate=6906200&cwnd=254&unsent_bytes=0&cid=0bf7b01a81b30709&ts=554&x=0"
X-Firefox-Spdy: h2

GET cysaw.top/uploads/1903340.zip

172.67.202.14

403 Forbidden

1.7 kB

URL User Request GET
cysaw.top/uploads/1903340.zip
IP
172.67.202.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcysaw.top
FingerprintE5:97:DD:C7:88:92:41:A9:44:86:95:62:A4:85:30:1D:37:6F:C5:4A
ValidityMon, 31 Mar 2025 15:56:50 GMT - Sun, 29 Jun 2025 16:55:32 GMT

File type
HTML document, ASCII text, with very long lines (1420)
Size
1.7 kB (1739 bytes)
Hash
9ebff0b5546d1367ba348ab5b0b6ef91
d1676927e837c97b6da1da355837ac133793ee86
17e5c2797001078d582e0103d21dbd3e6138f48eb8594ca1ffdd9fd449aaf41d

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /uploads/1903340.zip HTTP/1.1
Host: cysaw.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Wed, 30 Apr 2025 19:07:05 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YoMyinpLxDrME3yCP7Cpf0tJ9xmE4m%2BGr3N8S2T4nc6wXkz05Q%2BPlsDDvnjFbQoOA1nstTa2uAcqVZr4jfgozHCWzKH0xURX2E8J2b5%2F%2FJQKd%2BbqGfrEPq%2FlPos%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 938951eee94a569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="BYPASS", cfL4;desc="?proto=TCP&rtt=4026&min_rtt=522&rtt_var=6988&sent=12&recv=15&lost=0&retrans=0&sent_bytes=4866&recv_bytes=1216&delivery_rate=7288590&cwnd=257&unsent_bytes=0&cid=0bf7b01a81b30709&ts=1037&x=0"
X-Firefox-Spdy: h2

GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.80.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cysaw.top/uploads/1903340.zip
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintEA:C7:0D:68:3A:45:CB:AD:C5:33:41:B6:DF:F1:60:64:E1:0F:52:6A
ValiditySun, 27 Apr 2025 18:18:02 GMT - Sat, 26 Jul 2025 19:17:55 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cysaw.top
DNT: 1
Connection: keep-alive
Referer: https://cysaw.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 30 Apr 2025 19:07:05 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 938951f16bf4b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by