Report - keygen.zip

Report Overview

Visitedpublic

2025-02-19 14:17:59

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
keygen.zip	unknown	2023-05-12	2015-07-28	2025-02-18	2.4 kB	18 kB	104.21.78.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-19 14:17:29	low	Client IP	104.21.78.248	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	104.21.78.248	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:29	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain
2025-02-19 14:17:30	low	Client IP	172.67.138.226	ET INFO HTTP Request to a *.zip Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	keygen.zip/	ScriptElement	0 B	0001-01-01	2025-08-02
URL keygen.zip/ IP / ASN 104.21.78.248 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5605999 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET keygen.zip/

104.21.78.248

521 No Reason Phrase

6.8 kB

URL

keygen.zip/

IP / ASN

104.21.78.248

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size6.8 kB (6797 bytes)

MD59c483f7f746f0c9986dadd9a5067d74f

SHA113c1a4471388a533a5c8fe2110fddf13516d7a89

SHA256abe50c2eaeb15a01be39eb5483f1b82ae80dd539e8a6d4421f97536c685a93d7

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 521 No Reason Phrase
date: Wed, 19 Feb 2025 14:17:29 GMT
content-type: text/html; charset=UTF-8
content-length: 6797
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XrfUiLVEfzJ16cxDvKZPtFJ9j4eNi5YeebS45MQWeImOPXP84jyKeshYbNo2VffTSrBWMZmsdywyHs4vUqkqSNY1b3kIWPA6GDbQc%2BF1RbttnTNh7QqNp1U7HNd%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 9146e175ef3bb4eb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=579&min_rtt=446&rtt_var=332&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1245&delivery_rate=9106918&cwnd=251&unsent_bytes=0&cid=98c42b59c59c6b88&ts=74&x=0"
X-Firefox-Spdy: h2

GET keygen.zip/

104.21.78.248

200 OK

1.1 kB

URL

keygen.zip/

IP / ASN

104.21.78.248

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (702)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size1.1 kB (1139 bytes)

MD57f888f9a93fd0413930da122b5930f56

SHA1f25c4f145e21c78bbf41e26c1aa3a68b02fae662

SHA2566824c686f29079c25b1e8c74a39b25c3cf41394416a43d753ba96f2be05820e2

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET / HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-5cda684cc3ce49a3af428a766161d163';
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U28rAkI7p7EyuEQXYYNSbk%2FcDa1dNzTst473JboZlIFfmOBH5LC7BIv6%2FjAtO%2Bn%2F1DuwKrfRfxa4lqc1xcV8mp82CntnSyI%2F%2F9dWvC31i%2BQheyPdCpzFCzjhWsRJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e1779daa568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=567&min_rtt=567&rtt_var=283&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=395&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/main-dbee9253.css

104.21.78.248

200 OK

1.1 kB

URL

keygen.zip/main-dbee9253.css

IP / ASN

104.21.78.248

#13335 CLOUDFLARENET

Requested byhttp://keygen.zip/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (702)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size1.1 kB (1137 bytes)

MD5173e1a1fee352cbee793a6a4059e406b

SHA137ac6f8d79849ba36376badbd21d4f744d363a4e

SHA256757b90eda3705a3c88b0fc0621f9e472af7c3ac46983040ff40ebfe971dee898

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /main-dbee9253.css HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://keygen.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-5cf7329bbfe94b93b059efb5a9bed2c3';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OvEHl2VBG0CGEe%2B5%2BWb0oFu2lbZ%2B8OVcMkFTyTBg3SD3tfGCv8t0MUKmoD7Qs%2BjRd5SRR%2BrLxfcfQfTJLG7gXG%2BE7rmgplfcGT9EY9UIfb7sFdl4ZToJrLpSWu9P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178efe5568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=557&min_rtt=520&rtt_var=135&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2079&recv_bytes=739&delivery_rate=7489655&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/fonts/Inter/Inter-Regular--latin.woff2

172.67.138.226

200 OK

1.1 kB

URL

keygen.zip/fonts/Inter/Inter-Regular--latin.woff2

IP / ASN

172.67.138.226

#13335 CLOUDFLARENET

Requested byhttp://keygen.zip/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (702)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size1.1 kB (1140 bytes)

MD551f9718ecc867838724af52c0d2d2ac8

SHA18e45d0d2fcadd875da0d0f8adbda384465402bfa

SHA2567dd12390dafe757896d44248654682661a79a3db244375773eec22a4c578edc4

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /fonts/Inter/Inter-Regular--latin.woff2 HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keygen.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-1c3096c190fb4a36adb8632b06fb9266';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOcS21YM%2FQbe2jJSn6wlNA5YM2VGrgv2fWSUlKwFqamJ6v6TX0wrHfYl5cgyZMsTYL8218X6OfRGErOLRjpkDv%2BXniXuxAXBVxHY5kf1O0kNhezl9zAMQlu4SLTo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178eff2568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=455&min_rtt=455&rtt_var=227&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=413&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/fonts/Inter/Inter-SemiBold--latin.woff2

172.67.138.226

200 OK

1.1 kB

URL

keygen.zip/fonts/Inter/Inter-SemiBold--latin.woff2

IP / ASN

172.67.138.226

#13335 CLOUDFLARENET

Requested byhttp://keygen.zip/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (702)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size1.1 kB (1138 bytes)

MD5589d31fff873daebce0e572eaf304a74

SHA1f275eb2251a3a6b6bb6bbf1d8f820a34341ea474

SHA2562e87ebedc4c8371c0008214794af2d59be5b9268c0849a12dd7e5ea17f0a368b

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /fonts/Inter/Inter-SemiBold--latin.woff2 HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keygen.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-6504280f1ddc4b19a66dc7bacfab47ae';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:29 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Z2A1HZiLat9HV2SzgMXGv7FB6hoMhHqS3fYPhLYJfE7MB4g31y%2BCVxZVQaK%2FmARxqwwKNKVlq0V1lWGyeqgfjrs69RRoASNHCtRfyQ8pds7BtsKgYUptbEZVINk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e178eb8e5688-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=418&min_rtt=418&rtt_var=209&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=414&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET keygen.zip/favicon.ico

172.67.138.226

200 OK

1.1 kB

URL

keygen.zip/favicon.ico

IP / ASN

172.67.138.226

#13335 CLOUDFLARENET

Requested byhttp://keygen.zip/

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (702)

First Seen2025-02-19

Last Seen2025-02-19

Times Seen1

Size1.1 kB (1138 bytes)

MD544ad34c3a9b9803581e53de3daa4cbb1

SHA1b892333e765588549ccf937f53ea5b72278259c3

SHA2569e0c4567fcad32802e8bc71d2b22426c14f0ad6a4b5a8973d7400eca04ddd4de

Detections

Analyzer	Verdict	Alert
suricata	low	ET INFO HTTP Request to a *.zip Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: keygen.zip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://keygen.zip/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 19 Feb 2025 14:17:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Language
Content-Security-Policy: default-src 'self'; script-src 'nonce-24264bd2a5a0474da5984e6caeaf61cd';
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 19 Feb 2025 14:17:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wL2uHnoRzvTOFxH4gkB8nOc7Ky%2B1AHM65aGBPPVUTwfE06xhwIHyP0qd9cljIc5baXiEYXmS6ACGcUKxcZKwdJT4lLX8jhnle400nwl5oKyNSce%2BxI8U2OK5zC0D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 9146e17a19bc568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=502&min_rtt=455&rtt_var=164&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2146&recv_bytes=758&delivery_rate=6939297&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"