{"report_id":"d1058aff-8c24-41b3-a1f7-50abf69ea06d","version":6,"status":"done","tags":[],"date":"2025-11-09T06:13:43Z","url":{"schema":"http","addr":"files.prodkeys.net/ProdKeys.NET-v20.5.0.zip","fqdn":"files.prodkeys.net","domain":"prodkeys.net","tld":"net"},"ip":{"addr":"172.67.213.110","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d0e020ce155c9011fe0662bdbe534095","sha1":"a4915872657d8da19183c96334842910f6eb4988","sha256":"08bab4c2fb6a530bb574c46455acac529659c66537481025c6707674d0f9a2d6","sha512":"9316c83e813de00108b1937f10d8f28131001d5b79cb345ec4745eb38278c13a7a085215c91d3d8c509c50ea3c321a6a24fb172db1a22c03399be22b82133106","ssdeep":"","tlshash":"fe7135a514f1552718a383a5e9817f1bdf826a07cf8d6a407b9e00f22f97d59887f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"files.prodkeys.net/ProdKeys.NET-v20.5.0.zip","fqdn":"files.prodkeys.net","domain":"prodkeys.net","tld":"net"},"ip":{"addr":"172.67.213.110","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-14T06:13:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"files.prodkeys.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"files.prodkeys.net","ip":{"addr":"104.21.42.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-11-27","domain_rank":0,"first_seen":"2022-12-19T07:27:11Z","last_seen":"2025-10-26T20:02:45.1793Z","alert_count":1,"request_count":1,"received_data":7818,"sent_data":511,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f5c91872494f6b82632464c540b4524a","sha1":"0bf6457d90a05d14badb248a04e06ea38e05a20f","sha256":"30d58d1be4aa92051b58b56ce2416cfdb73ad2d85d718bbeca1f542facc1de23","sha512":"028cb083285f7730c659f8dca3687240accd3ace94397120a14295c519f77db967595d9d6166512650e77cfcb4139644a38e2b1e76d97cfa7e7743e6a419ac60","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":7159,"url":{"schema":"https","addr":"files.prodkeys.net/ProdKeys.NET-v20.5.0.zip","fqdn":"files.prodkeys.net","domain":"prodkeys.net","tld":"net"},"ip":{"addr":"104.21.42.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Keys-20.5.0/prod.keys","filename":"prod.keys","modified":"2025-09-30T13:50:04+05:00","Modified":"","magic":"ASCII text, with very long lines (1078)","size":13560,"md5":"8620327f0cbd4c36158b3f3dda051444","sha1":"e59cafbe53b4540e14f128509d648dd1c6d39235","sha256":"ad663997a614b127561fbb0c6ef617d08f441033cfeac1113ca3dd30166f2374","sha512":"494bd3c3c9c41192fe40e4a1993e231b82cf24ef3f0364398b74d306be2b5e6fbad32f938dec52311755a371153b6d6695cd34aec46b20c5d38cc5d0f780f192","alerts":{"urlquery":null,"analyzer":null}},{"path":"Keys-20.5.0/title.keys","filename":"title.keys","modified":"2025-09-30T13:50:14+05:00","Modified":"","magic":"ASCII text","size":1224,"md5":"f65367650f88124362922994b78ede77","sha1":"bfee8e708dc4c8f27bfe51a12d57caaa0b7f74de","sha256":"3ed66f7e82df79922739c6c2d34de90bc36a48d13acdff24f9d51013bd8c0677","sha512":"1ac7b4560bba09f033e4197c1aa23fd80ff8eb2f4aa7c6429e6be523dcaa85590839a3a4fd678a49006b5e628c807ab2bb9eee671c73db11d3561dbdda9e02f3","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"files.prodkeys.net/ProdKeys.NET-v20.5.0.zip","fqdn":"files.prodkeys.net","domain":"prodkeys.net","tld":"net"},"ip":{"addr":"104.21.42.243","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-09T06:13:21.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3807bbc2.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 28 Sep 2025 12:16:13 GMT","end":"Sat, 27 Dec 2025 13:16:08 GMT"},"fingerprint":{"sha1":"F9:CA:05:E8:83:8B:65:9E:D8:FF:93:53:26:B1:1F:81:F8:B9:B0:BD","sha256":"E5:6C:5F:45:F0:DA:8B:77:C8:13:A9:7F:A8:50:9C:FD:DE:E6:24:D2:BB:83:5F:6B:72:D8:46:60:55:46:7C:4B"}}},"request":{"raw":"GET /ProdKeys.NET-v20.5.0.zip HTTP/1.1\r\nHost: files.prodkeys.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 09 Nov 2025 06:13:21 GMT\r\ncontent-type: application/zip\r\ncontent-length: 7159\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xTN2RuqlXa5AAts9OZ8pMV4FrF6vfzSnb%2B65NFxRKyfZKMzf8OoAucdQqPwjWVosYQMk0M1zVzWBm4cyoZnpzA0h2c%2BU6gNC8aDCDf7cBSc%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"f5c91872494f6b82632464c540b4524a\"\r\nlast-modified: Mon, 13 Oct 2025 21:58:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-ray: 99bb29e9490856b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7159,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"f5c91872494f6b82632464c540b4524a","sha1":"0bf6457d90a05d14badb248a04e06ea38e05a20f","sha256":"30d58d1be4aa92051b58b56ce2416cfdb73ad2d85d718bbeca1f542facc1de23","sha512":"028cb083285f7730c659f8dca3687240accd3ace94397120a14295c519f77db967595d9d6166512650e77cfcb4139644a38e2b1e76d97cfa7e7743e6a419ac60","ssdeep":"192:E3rXNOLFMVV7j+hDKlXWS61W6gN7eI0sW0fL:E3RA2jkKhr61W6gj0sW0D","tlshash":"0ee19d8582929791e654093a8c5d4d93dc79d9f0a564f942c0e893d6fcc01f283ded3a","first_seen":"2025-10-26T20:02:45.784217Z","last_seen":"2025-11-09T06:13:44.66517Z","times_seen":2,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":193,"receive":1,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-09","alert":"Sinkholed","trigger":"files.prodkeys.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}