Report - keygen.zip

Report Overview

Visited public
2025-02-19 14:17:59
Tags
Submit Tags
URL
keygen.zip
Finishing URL
keygen.zip/
IP / ASN
104.21.78.248
#13335 CLOUDFLARENET
Title
keygen.zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
keygen.zip	unknown	2023-05-12	2015-07-28	2025-02-18	2.4 kB	18 kB	104.21.78.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-19 14:17:29	low	Client IP	104.21.78.248	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	104.21.78.248	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:30	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	keygen.zip/	ScriptElement	0 B	0001-01-01	2025-07-03
Pretty URL keygen.zip/ IP 104.21.78.248 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-03 08:41 Times Seen5257815 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (6)

URL IP Response Size

GET keygen.zip/

104.21.78.248

521 No Reason Phrase

6.8 kB

URL User Request GET HTTP/1.1
keygen.zip/
IP
104.21.78.248:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (394)
Size
6.8 kB (6797 bytes)
Hash
9c483f7f746f0c9986dadd9a5067d74f
13c1a4471388a533a5c8fe2110fddf13516d7a89
abe50c2eaeb15a01be39eb5483f1b82ae80dd539e8a6d4421f97536c685a93d7

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 521 No Reason Phrase
date: Wed, 19 Feb 2025 14:17:29 GMT
content-type: text/html; charset=UTF-8
content-length: 6797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XrfUiLVEfzJ16cxDvKZPtFJ9j4eNi5YeebS45MQWeImOPXP84jyKeshYbNo2VffTSrBWMZmsdywyHs4vUqkqSNY1b3kIWPA6GDbQc%2BF1RbttnTNh7QqNp1U7HNd%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 9146e175ef3bb4eb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=579&min_rtt=446&rtt_var=332&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1245&delivery_rate=9106918&cwnd=251&unsent_bytes=0&cid=98c42b59c59c6b88&ts=74&x=0"
X-Firefox-Spdy: h2

GET keygen.zip/

104.21.78.248

200 OK

1.1 kB

URL User Request GET HTTP/1.1
keygen.zip/
IP
104.21.78.248:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (702)
Size
1.1 kB (1139 bytes)
Hash
7f888f9a93fd0413930da122b5930f56
f25c4f145e21c78bbf41e26c1aa3a68b02fae662
6824c686f29079c25b1e8c74a39b25c3cf41394416a43d753ba96f2be05820e2

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-5cda684cc3ce49a3af428a766161d163';
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U28rAkI7p7EyuEQXYYNSbk%2FcDa1dNzTst473JboZlIFfmOBH5LC7BIv6%2FjAtO%2Bn%2F1DuwKrfRfxa4lqc1xcV8mp82CntnSyI%2F%2F9dWvC31i%2BQheyPdCpzFCzjhWsRJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e1779daa568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=567&min_rtt=567&rtt_var=283&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=395&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/main-dbee9253.css

104.21.78.248

200 OK

1.1 kB

URL GET HTTP/1.1
keygen.zip/main-dbee9253.css
IP
104.21.78.248:80
ASN
#13335 CLOUDFLARENET

Requested by
http://keygen.zip/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (702)
Size
1.1 kB (1137 bytes)
Hash
173e1a1fee352cbee793a6a4059e406b
37ac6f8d79849ba36376badbd21d4f744d363a4e
757b90eda3705a3c88b0fc0621f9e472af7c3ac46983040ff40ebfe971dee898

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /main-dbee9253.css HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://keygen.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-5cf7329bbfe94b93b059efb5a9bed2c3';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvEHl2VBG0CGEe%2B5%2BWb0oFu2lbZ%2B8OVcMkFTyTBg3SD3tfGCv8t0MUKmoD7Qs%2BjRd5SRR%2BrLxfcfQfTJLG7gXG%2BE7rmgplfcGT9EY9UIfb7sFdl4ZToJrLpSWu9P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178efe5568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=557&min_rtt=520&rtt_var=135&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2079&recv_bytes=739&delivery_rate=7489655&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/fonts/Inter/Inter-Regular--latin.woff2

172.67.138.226

200 OK

1.1 kB

URL GET HTTP/1.1
keygen.zip/fonts/Inter/Inter-Regular--latin.woff2
IP
172.67.138.226:80
ASN
#13335 CLOUDFLARENET

Requested by
http://keygen.zip/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (702)
Size
1.1 kB (1140 bytes)
Hash
51f9718ecc867838724af52c0d2d2ac8
8e45d0d2fcadd875da0d0f8adbda384465402bfa
7dd12390dafe757896d44248654682661a79a3db244375773eec22a4c578edc4

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /fonts/Inter/Inter-Regular--latin.woff2 HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keygen.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-1c3096c190fb4a36adb8632b06fb9266';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOcS21YM%2FQbe2jJSn6wlNA5YM2VGrgv2fWSUlKwFqamJ6v6TX0wrHfYl5cgyZMsTYL8218X6OfRGErOLRjpkDv%2BXniXuxAXBVxHY5kf1O0kNhezl9zAMQlu4SLTo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178eff2568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=455&min_rtt=455&rtt_var=227&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=413&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/fonts/Inter/Inter-SemiBold--latin.woff2

172.67.138.226

200 OK

1.1 kB

URL GET HTTP/1.1
keygen.zip/fonts/Inter/Inter-SemiBold--latin.woff2
IP
172.67.138.226:80
ASN
#13335 CLOUDFLARENET

Requested by
http://keygen.zip/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (702)
Size
1.1 kB (1138 bytes)
Hash
589d31fff873daebce0e572eaf304a74
f275eb2251a3a6b6bb6bbf1d8f820a34341ea474
2e87ebedc4c8371c0008214794af2d59be5b9268c0849a12dd7e5ea17f0a368b

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /fonts/Inter/Inter-SemiBold--latin.woff2 HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keygen.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-6504280f1ddc4b19a66dc7bacfab47ae';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Z2A1HZiLat9HV2SzgMXGv7FB6hoMhHqS3fYPhLYJfE7MB4g31y%2BCVxZVQaK%2FmARxqwwKNKVlq0V1lWGyeqgfjrs69RRoASNHCtRfyQ8pds7BtsKgYUptbEZVINk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178eb8e5688-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=418&min_rtt=418&rtt_var=209&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=414&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/favicon.ico

172.67.138.226

200 OK

1.1 kB

URL GET HTTP/1.1
keygen.zip/favicon.ico
IP
172.67.138.226:80
ASN
#13335 CLOUDFLARENET

Requested by
http://keygen.zip/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (702)
Size
1.1 kB (1138 bytes)
Hash
44ad34c3a9b9803581e53de3daa4cbb1
b892333e765588549ccf937f53ea5b72278259c3
9e0c4567fcad32802e8bc71d2b22426c14f0ad6a4b5a8973d7400eca04ddd4de

Detections

NIDS	Severity	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://keygen.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-24264bd2a5a0474da5984e6caeaf61cd';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wL2uHnoRzvTOFxH4gkB8nOc7Ky%2B1AHM65aGBPPVUTwfE06xhwIHyP0qd9cljIc5baXiEYXmS6ACGcUKxcZKwdJT4lLX8jhnle400nwl5oKyNSce%2BxI8U2OK5zC0D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e17a19bc568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=502&min_rtt=455&rtt_var=164&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2146&recv_bytes=758&delivery_rate=6939297&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers