Report - keepo.io/kjouyhubu799bh/

Report Overview

Submitted URL
keepo.io/kjouyhubu799bh/
IP
54.230.111.98
ASN
#16509 AMAZON-02
Submitted
2024-04-16 16:23:30
Access
public
Website Title
AT&T
Final URL
keepo.io/kjouyhubu799bh/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.keepo.io	unknown	2020-12-04	2022-11-09	2024-03-18	538 B	20 kB	54.230.111.95
keepo.io	unknown	2020-12-04	2020-12-05	2024-04-10	1.2 kB	8.2 kB	54.230.111.92
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-16	338 B	863 B	3.164.222.26
api.keepo.io	unknown	2020-12-04	2021-05-19	2024-04-09	600 B	432 B	54.233.72.58
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	473 B	2.0 kB	142.250.74.74
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-16	1.3 kB	264 kB	142.250.74.72
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	1.6 kB	104 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	keepo.io	Sinkholed
2024-04-16	medium	keepo.io	Sinkholed
2024-04-16	medium	keepo.io	Sinkholed
2024-04-16	medium	keepo.io	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-T65ZLWP	186 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-T65ZLWP IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 18:23:31 Last Seen2024-04-16 18:23:31 Times Seen2 Hash 6b0643c4f1e9cc74dd6c7467b7db90b8 f7fc5ea4c5864845ea664621eb9de1f5e81444cd eeb0e573c67b6d4f0f84c0b7be63b1b21ab967cbbe61a25ade7c746f5970d1d8 Loading...

	www.googletagmanager.com/gtag/js?id=G-3DRNLZNR7J&l=dataLayer&cx=c	288 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-3DRNLZNR7J&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 18:23:31 Last Seen2024-04-16 18:23:31 Times Seen2 Hash 16b5d205dff77da274349ba44616de6e 1ff48049ec2c8f560703a6aae5767c79940ffdb1 ef7b072a27fc7e473e0f534b8749edb69ae6584c358f3e237b823cfc5e67091b Loading...

	www.googletagmanager.com/gtag/js?id=G-8TTCQTD2HM&l=dataLayer&cx=c	288 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-8TTCQTD2HM&l=dataLayer&cx=c IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 18:23:31 Last Seen2024-04-16 18:23:31 Times Seen2 Hash 512e427efa83b805cf337e28fe4b2a16 a88113e94f3b9f0eda9084b3de2006110a939bbb 7da397fce41106e882f51260059a34ba779aa6eacb1caa85322ab1d5e0372faf Loading...

	keepo.io/kjouyhubu799bh/main.bundle.375ada92f89c8a2b4baf.js	194 kB	2023-12-27	2024-04-16
Pretty URL keepo.io/kjouyhubu799bh/main.bundle.375ada92f89c8a2b4baf.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-27 16:33:25 Last Seen2024-04-16 18:23:31 Times Seen12 Hash 0a728d3df7571d89a682091ae9093a1a 7e11e686b4b89fb6599d76458963a5c1b92ac695 4b1715fc2ffe34af823bd3a1a9e6b2de3aaf630019e3bebe2c5819a48d28a848 Loading...

	keepo.io/kjouyhubu799bh/	593 B	2023-09-12	2024-05-18
Pretty URL keepo.io/kjouyhubu799bh/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-12 15:26:16 Last Seen2024-05-18 21:01:18 Times Seen116 Hash 1110c91a0dd8b7e478ca272b30244c6f 47dfa217edb3e8a7ef3e2ad9cdc0f43bafada6d6 63eea8b204e7e8a855027201944daa375157a65c089b5d258dd97636035418c9 Loading...

HTTP Transactions (12)

URL IP Response Size

fonts.googleapis.com/css2?family=Inter:wght@400;700&family=Poppins:wght@400;600&display=swap

142.250.74.74

1.2 kB

URL
fonts.googleapis.com/css2?family=Inter:wght@400;700&family=Poppins:wght@400;600&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
1.2 kB (1196 bytes)
Hash
b640eab273fb3d2772eb92792effe969
707a04ed26ab0543170a713814d30ddd94e097c3
b187437b4d7b6e54ab4ce103235290a57af8d88b5128932422f05dc451555d52

HTTP Headers

GET /css2?family=Inter:wght@400;700&family=Poppins:wght@400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 16:23:05 GMT
date: Tue, 16 Apr 2024 16:23:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-T65ZLWP

142.250.74.72

67 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-T65ZLWP
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2202)
Size
67 kB (66826 bytes)
Hash
6b0643c4f1e9cc74dd6c7467b7db90b8
f7fc5ea4c5864845ea664621eb9de1f5e81444cd
eeb0e573c67b6d4f0f84c0b7be63b1b21ab967cbbe61a25ade7c746f5970d1d8

HTTP Headers

GET /gtm.js?id=GTM-T65ZLWP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 16:23:05 GMT
expires: Tue, 16 Apr 2024 16:23:05 GMT
cache-control: private, max-age=900
last-modified: Tue, 16 Apr 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66826
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

216.58.207.227

8.0 kB

URL
fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://keepo.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 00:30:18 GMT
expires: Wed, 16 Apr 2025 00:30:18 GMT
cache-control: public, max-age=31536000
age: 57167
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

47 kB

URL
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://keepo.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:14:19 GMT
expires: Wed, 16 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 32926
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

47 kB

URL
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://keepo.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 07:14:19 GMT
expires: Wed, 16 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 32926
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.keepo.io/users/cb305770-03d8-4111-bdc1-6c06eb59df2e/sites/a16511a7-82c3-4910-b0d6-df52907352db/f1391216-30da-4620-b7a9-aae8b6ae65bf-cropped.jpeg

54.230.111.95

20 kB

URL
static.keepo.io/users/cb305770-03d8-4111-bdc1-6c06eb59df2e/sites/a16511a7-82c3-4910-b0d6-df52907352db/f1391216-30da-4620-b7a9-aae8b6ae65bf-cropped.jpeg
IP
54.230.111.95:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 400x400, components 3
Size
20 kB (19576 bytes)
Hash
c0063d52cbb44e165c4eb1c090763332
11834a0a2ba16fd9cb40538e4f444ccd79da8eb2
f4434931d0cee677ddc9bf03babd69d63174788f21043665ab2206d4dff4482c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /users/cb305770-03d8-4111-bdc1-6c06eb59df2e/sites/a16511a7-82c3-4910-b0d6-df52907352db/f1391216-30da-4620-b7a9-aae8b6ae65bf-cropped.jpeg HTTP/1.1
Host: static.keepo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 19576
date: Tue, 16 Apr 2024 09:45:33 GMT
last-modified: Tue, 12 Dec 2023 00:31:26 GMT
etag: "c0063d52cbb44e165c4eb1c090763332"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8kprJc5OhHebNm_aTcVcEYC_cJqPJV4h2z9wPxdKJ42vP_735DSirg==
age: 23853
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-3DRNLZNR7J&l=dataLayer&cx=c

142.250.74.72

97 kB

URL
www.googletagmanager.com/gtag/js?id=G-3DRNLZNR7J&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (3651)
Size
97 kB (97416 bytes)
Hash
16b5d205dff77da274349ba44616de6e
1ff48049ec2c8f560703a6aae5767c79940ffdb1
ef7b072a27fc7e473e0f534b8749edb69ae6584c358f3e237b823cfc5e67091b

HTTP Headers

GET /gtag/js?id=G-3DRNLZNR7J&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 16:23:05 GMT
expires: Tue, 16 Apr 2024 16:23:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 97416
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-8TTCQTD2HM&l=dataLayer&cx=c

142.250.74.72

97 kB

URL
www.googletagmanager.com/gtag/js?id=G-8TTCQTD2HM&l=dataLayer&cx=c
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (3651)
Size
97 kB (97419 bytes)
Hash
512e427efa83b805cf337e28fe4b2a16
a88113e94f3b9f0eda9084b3de2006110a939bbb
7da397fce41106e882f51260059a34ba779aa6eacb1caa85322ab1d5e0372faf

HTTP Headers

GET /gtag/js?id=G-8TTCQTD2HM&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 16:23:05 GMT
expires: Tue, 16 Apr 2024 16:23:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 97419
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

keepo.io/android-icon-192x192.png

54.230.111.92

200 OK

6.3 kB

URL GET HTTP/2
keepo.io/android-icon-192x192.png
IP
54.230.111.92:443
ASN
#16509 AMAZON-02

Requested by
https://keepo.io/kjouyhubu799bh/
Certificate
IssuerAmazon
Subjectkeepo.io
Fingerprint37:06:E5:31:B3:F2:90:66:2E:DF:9F:B7:76:D8:AB:EE:B9:C1:72:7E
ValidityFri, 08 Dec 2023 00:00:00 GMT - Sun, 05 Jan 2025 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
6.3 kB (6344 bytes)
Hash
8eb558e941e4850778502872b49f7919
8d7aebf8a52b010d1f7e420ceea5338531b03bbe
d2f602d8b29713073ef0f7c86028744f21b6d30175ed39ccfc96c7314e3e63f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /android-icon-192x192.png HTTP/1.1
Host: keepo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/kjouyhubu799bh/
Cookie: _ga_3DRNLZNR7J=GS1.1.1713284586.1.0.1713284586.0.0.0; _ga=GA1.1.1474975424.1713284586; _ga_8TTCQTD2HM=GS1.1.1713284586.1.0.1713284586.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 6344
date: Tue, 16 Apr 2024 16:23:08 GMT
last-modified: Sun, 21 Nov 2021 13:14:19 GMT
etag: "8eb558e941e4850778502872b49f7919"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SMZZfpqHxJcDoOPWk_VNxpe7tbw__duR8xNLP0-oFUrbVZ4EwCudXw==
X-Firefox-Spdy: h2

keepo.io/favicon-16x16.png

54.230.111.92

1.0 kB

URL
keepo.io/favicon-16x16.png
IP
54.230.111.92:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectkeepo.io
Fingerprint37:06:E5:31:B3:F2:90:66:2E:DF:9F:B7:76:D8:AB:EE:B9:C1:72:7E
ValidityFri, 08 Dec 2023 00:00:00 GMT - Sun, 05 Jan 2025 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1032 bytes)
Hash
be0c1830a38421496c1b03c60e780b36
c9f217183d7cf853097edb3682db35e79074718d
d7c7bf06bfcfae6fad0eda42e9043bc79e4e04b25439a595f34ddd12ce55147e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: keepo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://keepo.io/kjouyhubu799bh/
Cookie: _ga_3DRNLZNR7J=GS1.1.1713284586.1.0.1713284586.0.0.0; _ga=GA1.1.1474975424.1713284586; _ga_8TTCQTD2HM=GS1.1.1713284586.1.0.1713284586.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 1032
date: Tue, 16 Apr 2024 16:23:08 GMT
last-modified: Sun, 21 Nov 2021 13:14:23 GMT
etag: "be0c1830a38421496c1b03c60e780b36"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jLdS4ltavATyh2BUCy7g3fExdc0PZwqnTxQuqyuRngxBrRhrXqK15Q==
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

3.164.222.26

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
3.164.222.26:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
ea979db5ea0e97efd7c34016eb094924
ab7c4a34acdb6f5616b7e4b9cdb936f78857d2d4
711a6d416ce8384ea328c9afabd84c61840b9f38ae1dbf5e91245cbe0a469666

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 16 Apr 2024 16:23:07 GMT
Server: ECAcc (amb/6B48)
X-Cache: Miss from cloudfront
Via: 1.1 41ee0215556e0543d529d912519eb46a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN53-P1
X-Amz-Cf-Id: 1EcuRVCjiuEGN-PCeXPjV3lBt9oag6yrzEwWkwmr6O1fkNkV5ODGZQ==

api.keepo.io/redirect?event_type=page_load&continue=eyJzaXRlSWQiOiJhMTY1MTFhNy04MmMzLTQ5MTAtYjBkNi1kZjUyOTA3MzUyZGIiLCJ1c2VySWQiOiJjYjMwNTc3MC0wM2Q4LTQxMTEtYmRjMS02YzA2ZWI1OWRmMmUiLCJ1cmwiOiJLSk9VWUhVQlU3OTlCSCJ9

54.233.72.58

200 OK

2 B

URL GET HTTP/2
api.keepo.io/redirect?event_type=page_load&continue=eyJzaXRlSWQiOiJhMTY1MTFhNy04MmMzLTQ5MTAtYjBkNi1kZjUyOTA3MzUyZGIiLCJ1c2VySWQiOiJjYjMwNTc3MC0wM2Q4LTQxMTEtYmRjMS02YzA2ZWI1OWRmMmUiLCJ1cmwiOiJLSk9VWUhVQlU3OTlCSCJ9
IP
54.233.72.58:443
ASN
#16509 AMAZON-02

Requested by
https://keepo.io/kjouyhubu799bh/
Certificate
IssuerAmazon
Subjectapi.keepo.io
Fingerprint31:5D:EC:09:9E:03:68:43:A1:F6:64:CB:DD:D2:00:3B:99:7A:5B:A1
ValidityFri, 08 Dec 2023 00:00:00 GMT - Sun, 05 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /redirect?event_type=page_load&continue=eyJzaXRlSWQiOiJhMTY1MTFhNy04MmMzLTQ5MTAtYjBkNi1kZjUyOTA3MzUyZGIiLCJ1c2VySWQiOiJjYjMwNTc3MC0wM2Q4LTQxMTEtYmRjMS02YzA2ZWI1OWRmMmUiLCJ1cmwiOiJLSk9VWUhVQlU3OTlCSCJ9 HTTP/1.1
Host: api.keepo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://keepo.io/
Origin: https://keepo.io
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 16:23:07 GMT
content-type: application/json
content-length: 2
x-amzn-requestid: 666c0535-f732-4df8-8163-3382e43a9d34
access-control-allow-origin: *
x-amz-apigw-id: WU7c4EhbmjQESOg=
access-control-allow-methods: *
x-amzn-trace-id: Root=1-661ea5eb-31d19c0f3af50ee1319b579b;Parent=1140ac0cf44e26e8;Sampled=0;lineage=199f696f:0
access-control-allow-credentials: true
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type