{"report_id":"62cfeb07-86f1-4681-b249-6d7438f132ad","version":6,"status":"done","tags":[],"date":"2024-12-17T10:58:15Z","url":{"schema":"http","addr":"pekora.zip","fqdn":"pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"title":"Relive 2017+ with pekora.zip"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-25T10:58:15Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pekora.zip","ip":{"addr":"172.67.144.192","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2024-12-16","domain_rank":0,"first_seen":"2024-12-17T10:58:15.506488Z","last_seen":"2024-12-17T10:58:15.506488Z","alert_count":0,"request_count":1,"received_data":1039,"sent_data":465,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.pekora.zip","ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-16","domain_rank":0,"first_seen":"2024-12-17T10:58:15.504297Z","last_seen":"2024-12-17T10:58:15.504297Z","alert_count":7,"request_count":7,"received_data":2066239,"sent_data":2581,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.18.187.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":439,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2024-12-11T01:48:49.845357Z","alert_count":0,"request_count":2,"received_data":45205,"sent_data":945,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:48Z","timestamp":1734433068,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:48.818186+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/auth/home\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":659,\"bytes_toclient\":2493,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:48Z","timestamp":1734433068,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:48.927781+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":20},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":10,\"bytes_toserver\":1385,\"bytes_toclient\":5276,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35248,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.281937+0000\",\"flow_id\":1233065131969304,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35248,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35248},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image3.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":506},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":638,\"bytes_toclient\":7710,\"start\":\"2024-12-17T10:57:49.264984+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35226,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.283425+0000\",\"flow_id\":943708890270385,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35226,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35226},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image1.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":506},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":638,\"bytes_toclient\":3168,\"start\":\"2024-12-17T10:57:49.264881+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35240,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.290409+0000\",\"flow_id\":1911822436076273,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35240,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35240},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image2.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":510},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":638,\"bytes_toclient\":4682,\"start\":\"2024-12-17T10:57:49.264945+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.366641+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/_framework/aspnetcore-browser-refresh.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":499},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":21,\"bytes_toserver\":2072,\"bytes_toclient\":14546,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:51Z","timestamp":1734433071,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35248,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:51.736053+0000\",\"flow_id\":1233065131969304,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35248,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35248},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/i/do/not/exist.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":240,\"pkts_toclient\":520,\"bytes_toserver\":16571,\"bytes_toclient\":776099,\"start\":\"2024-12-17T10:57:49.264984+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"www.pekora.zip/_framework/aspnetcore-browser-refresh.js","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"44eaaf39512722f857d769db5acd3f9c","sha1":"e272ecdf47ab80e603f5937db0cedcd511f5c0fc","sha256":"54682c3bdb7bb40da09a5f35ddfff2d48b3df7e87896044e295d38f79fecc280","sha512":"4345015159fdfdf6d1f16b8cfae8e618a3d82f3bd1225230dde45cfc99369e7050e443fb26a6a5511f0232058a9da15ea5f3350bd905b10a6b63f84428b61614","ssdeep":"192:B4eMlO4l1ms4J6UC+6ogusTrhX4UqlIGQdQqj23FUvQzjpwC:CL04nGLmt4PIS3KowC","tlshash":"d442b7683122e03185b3a37bef13e009f736246722439169b79d8114af719a9d2f7edd","size":12328,"data":"","first_seen":"2024-12-17T10:58:18.351329Z","last_seen":"2024-12-17T10:58:18.351329Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.366641+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/_framework/aspnetcore-browser-refresh.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":499},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":21,\"bytes_toserver\":2072,\"bytes_toclient\":14546,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.18.187.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7ccd9d390d31af98110f74f842ea9b32","sha1":"a85e681624c91a106a514c31eacf80de817b2cc3","sha256":"f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3","sha512":"a5ac783258178c710f7c2c1c24b4218a063bf8df2bb7a6d5bd62c5c9432ec5286fd7bd17e774d1cc63e63e4666181864fa38a447c581338ca5ec0f563071eabe","ssdeep":"1536:pppbTNR2t4NEdiK5J2w8gGzjJVPOW7tI+r9ixR2nwZY:T36WJr9ixi","tlshash":"a873c5493254b8730ade45a68037470bf3265994b14b802cb5bcadde2a3dd8672b7f7c","size":78129,"data":"","first_seen":"2023-03-07T01:06:26Z","last_seen":"2026-04-13T13:23:16.422906Z","times_seen":15376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"pekora.zip/","fqdn":"pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-17T10:57:48.555Z","timestamp":1734433068555,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pekora.zip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Dec 2024 16:13:37 GMT","end":"Sun, 16 Mar 2025 17:11:12 GMT"},"fingerprint":{"sha1":"51:CE:06:98:20:33:B9:0E:3B:AA:70:65:77:F0:70:65:6E:07:F6:47","sha256":"A2:6C:5E:47:02:68:12:2B:66:F8:18:23:C6:35:50:C9:57:6B:95:A8:E1:59:96:77:36:22:51:8A:E5:9A:95:F9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 17 Dec 2024 10:57:48 GMT\r\ncontent-type: text/html\r\ncontent-length: 167\r\nlocation: http://www.pekora.zip/\r\ncache-control: max-age=3600\r\nexpires: Tue, 17 Dec 2024 11:57:48 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rFL%2FHd8tNxDhIKpIZ7s35msNEOSytW7RG3q859B%2FDIdADs%2FtUjOGYI1%2F4i2xXCT2GLJIHj%2B7DduXpA0C9%2BznndD0tZouxwlDCQAXxleh22TNtwV6lXRFj0JRYrXT\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8f3664f6caa256c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=504\u0026min_rtt=462\u0026rtt_var=128\u0026sent=6\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3196\u0026recv_bytes=1114\u0026delivery_rate=7121311\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=8c56533731ed2eb1\u0026ts=26\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":167,"size_decoded":167,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0104c301c5e02bd6148b8703d19b3a73","sha1":"7436e0b4b1f8c222c38069890b75fa2baf9ca620","sha256":"446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f","sha512":"84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf","ssdeep":"","tlshash":"c4c08cad6b523c98b8a73b3960c3a1a0e2ec803022d9042202b04a07f0cb1e78ec23d1","first_seen":"2023-04-05T06:32:17Z","last_seen":"2025-09-21T18:05:05.674757Z","times_seen":190494,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":53,"dns":30,"connect":1,"send":0,"wait":8,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-17T10:57:48.714Z","timestamp":1734433068714,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Tue, 17 Dec 2024 10:57:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: /auth/home\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN, SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data:; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip   http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com  https://challenges.cloudflare.com/* http://web.archive.org https://*.archive.org https://web.archive.org/* https://*.hcaptcha.com; style-src 'unsafe-inline' 'self'  http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css ; font-src 'self' fonts.gstatic.com; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/*; worker-src 'self';\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=dp3jzF08W3mmHmPWoQPem4FrMo7T4%2FUIsKhWSKPF1CvD27Yf%2FGgYV0BBBr8hDlcXzCATaguhMmDQ7R04o5PxBySDBxq7EIt0XUmgXbSN%2B7ZeWmPJLPi5rIhJoeOhBvRxlg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 8f3664f79b1d0b45-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=591\u0026min_rtt=591\u0026rtt_var=295\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=387\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":46,"size_decoded":46,"mime_type":"text/html; charset=utf-8","magic":"Apache Avro version 101","md5":"f8489ee4d19f971936db04efd9026885","sha1":"f0c8cd3cdbfb550d1a1d2a780191d7ed34e479ab","sha256":"8d2d8be3f7f36d2e2b5da083fb54cb2bb8273708f61260621156ea4ff0b8c21e","sha512":"92f0208c5d374be9ec08746e17b05635b20e4298bcf63c9577982d985c70656b574dd9b5fbf53caec9305d16328e95d74c5f4f0ebe18f63d6098e8966978b271","ssdeep":"","tlshash":"0890022021819955c5656596a0009436dd52349d5510165c03a899468851214a405453","first_seen":"2024-01-26T23:08:00Z","last_seen":"2025-01-25T06:12:48.95569Z","times_seen":52,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":19,"dns":21,"connect":1,"send":0,"wait":86,"receive":26,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:48Z","timestamp":1734433068,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:48.818186+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/auth/home\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":659,\"bytes_toclient\":2493,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-17T10:57:48.889Z","timestamp":1734433068889,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /auth/home HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 17 Dec 2024 10:57:48 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN, SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data:; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip   http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com  https://challenges.cloudflare.com/* http://web.archive.org https://*.archive.org https://web.archive.org/* https://*.hcaptcha.com; style-src 'unsafe-inline' 'self'  http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css ; font-src 'self' fonts.gstatic.com; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/*; worker-src 'self';\r\nx-timing: AppGuard=0,a=0,ua=0,c=0\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lv0VT8YGqRce7OGqGQn%2FFzOhN5ICZBL0dKsukhq7cRhs%2F4OlB9%2BrnlEsFFpdcxNS9eb%2B3zYDCI6XSCOJXcLeouCXT%2FTKeXt4Tl%2FWZ0Pc9ncNRfGnWWuzrkdcAmXWTjdVxw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 8f3664f88be30b45-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=602\u0026min_rtt=545\u0026rtt_var=148\u0026sent=6\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2278\u0026recv_bytes=783\u0026delivery_rate=4883642\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3127,"size_decoded":10337,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (594), with CRLF line terminators","md5":"92d96e860cbb207cc8ae6ebbc1a30087","sha1":"fbfc0d8b9c2ed3a450b77b6da16ae8a35a7eb780","sha256":"48e25b06dd5d7e1f325c6e8c3495358ae9d57ca0db0d94046f3a1700090e915b","sha512":"a8ccdf856ff56777fc2372399384431079eb2e8a4fe8d81b4c4341cf2642d2cbacc636205e316ff9bbf91b77da4729884f04f3d1f95f2deb69d2221315f23c02","ssdeep":"192:sMts8XUpPH0mj2TMaAlhUcfv4obqwRzsobqbNZFs8:sMa9lu24OqUztqxZFs8","tlshash":"1922643662c0153701b342ea6b91a794ffd58087c35a921976ff63df1ff2c01a927a49","first_seen":"2024-12-17T10:58:18.339732Z","last_seen":"2024-12-28T04:39:19.770252Z","times_seen":8,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":30,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:48Z","timestamp":1734433068,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:48.927781+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":20},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":10,\"bytes_toserver\":1385,\"bytes_toclient\":5276,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.18.187.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.226Z","timestamp":1734433069226,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Sat, 04 May 2024 00:00:00 GMT","end":"Sun, 04 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE","sha256":"5E:14:CC:02:38:48:65:94:0B:A2:7E:3B:03:3F:E9:6A:FA:F1:0E:05:E5:16:71:83:BF:23:D4:AB:B1:A0:AC:73"}}},"request":{"raw":"GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.pekora.zip\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Dec 2024 10:57:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 22075\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.1.3\r\nx-jsd-version-type: version\r\netag: W/\"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-etou8220091-FRA, cache-lga21925-LGA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 2023234\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=d%2Fkeuus6TwH5l0UBXonWZpeqa3yCr23d5svNDur%2Fud3zFF%2BaX2AGSAeBu2D5CBKFlasvBnPw8jJoWFZIV%2BNmag4P1SXMLC4%2BLdviB7I8sKHp7KIiR4%2BG74owyCylD%2BBQmn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8f3664faa8e9712f-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22075,"size_decoded":78129,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"7ccd9d390d31af98110f74f842ea9b32","sha1":"a85e681624c91a106a514c31eacf80de817b2cc3","sha256":"f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3","sha512":"a5ac783258178c710f7c2c1c24b4218a063bf8df2bb7a6d5bd62c5c9432ec5286fd7bd17e774d1cc63e63e4666181864fa38a447c581338ca5ec0f563071eabe","ssdeep":"1536:pppbTNR2t4NEdiK5J2w8gGzjJVPOW7tI+r9ixR2nwZY:T36WJr9ixi","tlshash":"a873c5493254b8730ade45a68037470bf3265994b14b802cb5bcadde2a3dd8672b7f7c","first_seen":"2023-03-07T01:06:26Z","last_seen":"2026-04-13T13:23:16.422906Z","times_seen":15376,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":11,"receive":2,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.18.187.31","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.214Z","timestamp":1734433069214,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Sat, 04 May 2024 00:00:00 GMT","end":"Sun, 04 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE","sha256":"5E:14:CC:02:38:48:65:94:0B:A2:7E:3B:03:3F:E9:6A:FA:F1:0E:05:E5:16:71:83:BF:23:D4:AB:B1:A0:AC:73"}}},"request":{"raw":"GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.pekora.zip\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Dec 2024 10:57:49 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 20842\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.1.3\r\nx-jsd-version-type: version\r\netag: W/\"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-etou8220101-FRA, cache-lga21985-LGA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 2002124\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eh8fLqJDLOzOl9S4ToSfmOCZSgZvCtiJBoJUu0A%2BGpbtFc4UD%2B3RXmuWkdE3abjX5DyvUPtiChcebKehQa2cQ2qDclQEgHvQJw%2FD5u5NhagsVgg3%2BzPVwpBIj%2FzYJzxIOHY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8f3664faa8e7712f-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20842,"size_decoded":163873,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65306)","md5":"94994c66fec8c3468b269dc0cc242151","sha1":"ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad","sha256":"62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab","sha512":"190194d1f30c8b6dfcb80f9afdb75625fa5418a52405d81f15d8019bbd92510e817b25a3a18feda27d2d1231fe3921fd88fe037e1fbb1ccd08f5fe5e4742ffe3","ssdeep":"1536:4t04T8if0W8DsEBpy0cuJBf2rIWE5e0VUpz600I4fM:4t04/0VUpz600I4fM","tlshash":"c1f3b4dbf581341dd4a7c259a4d1bffd052f4586e3025aabb0277bb88b892c70963e4c","first_seen":"2023-04-05T04:27:21Z","last_seen":"2026-04-13T13:23:16.457746Z","times_seen":22124,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":11,"dns":1,"connect":1,"send":0,"wait":15,"receive":23,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/UnsecuredContent/Image2.png","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.220Z","timestamp":1734433069220,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /UnsecuredContent/Image2.png HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/auth/home\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 17 Dec 2024 10:57:49 GMT\r\nContent-Type: image/png\r\nContent-Length: 762702\r\nConnection: keep-alive\r\nCache-Control: public, max-age=31536000\r\nETag: \"1dae78d5ee4fbce\"\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nCF-Cache-Status: HIT\r\nAge: 52321\r\nAccept-Ranges: bytes\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RRwtjfvTOw7qg8dM52V2xsVKRx%2BkEBHMtxaBJIVusCueNJ9kfatyfPYIEbYR2ttngB7Wz5VZf%2B52285TSboLXRiOb3MbITafzGJZIR4iOCrlHzagYcxCxkXtIPRIWhAz6g%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f3664fae92f712f-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=403\u0026min_rtt=403\u0026rtt_var=201\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=366\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":762702,"size_decoded":762702,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3698x1936, components 3","md5":"66b0a4c1375d1dc24f3ab9013eefafa8","sha1":"eabd1dec10e5d852ab63f1e021de062268235d85","sha256":"dcabdda770d84dbd0facf9f2aa9512a60ddf8e038bbd3429676a278ced854bdb","sha512":"45c3b60a8f504cb56a7390b38cabc3400467b1ab8c95ba4d22bd9ea8dd52733d85dc2900ca1ec60c754605841616c73aba047f8b6b9e766b069baea1c79a604e","ssdeep":"12288:Rd/DJmTgit/g1Z7eiJRKr0MJpqOxL03KwG0KpvvVPrGg5ttY+4EHze7AbM/yqiH:Mht/eeSXMJb0uH9TtpTe7DyqiH","tlshash":"47f401428bde1ea399436454ac5d209e92c19cdef1ec7308cddb1e29d9ea54018f7cee","first_seen":"2024-10-30T19:44:35.474869Z","last_seen":"2025-07-25T02:06:43.076195Z","times_seen":104,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":43,"dns":1,"connect":1,"send":0,"wait":33,"receive":40,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35240,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.290409+0000\",\"flow_id\":1911822436076273,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35240,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35240},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image2.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":510},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":638,\"bytes_toclient\":4682,\"start\":\"2024-12-17T10:57:49.264945+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/UnsecuredContent/Image1.png","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.217Z","timestamp":1734433069217,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /UnsecuredContent/Image1.png HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/auth/home\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 17 Dec 2024 10:57:49 GMT\r\nContent-Type: image/png\r\nContent-Length: 331610\r\nConnection: keep-alive\r\nCache-Control: public, max-age=31536000\r\nETag: \"1dae78d5eea57da\"\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nCF-Cache-Status: HIT\r\nAge: 52321\r\nAccept-Ranges: bytes\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=4yFtpFqoSaP1UX35Cz4eQj9SQcgoMsrIer%2FHievPZjSUmTwcS%2FALDvyWYllL7B0y2SnY25ZsX4W9WCainLP1L1GhF600RF%2BUi78TT7XgS407zFZyh8nZpwy5vg7j3Jb%2FkQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f3664faec0f569b-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=426\u0026min_rtt=426\u0026rtt_var=213\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=366\u0026delivery_rate=0\u0026cwnd=247\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":331610,"size_decoded":331610,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3835x1863, components 3","md5":"c64b670ee1f145ab693f374242a2025d","sha1":"8c03d227aaccc43ced1cbeb44818ae3ed4eb49d8","sha256":"ff0c23b0f4a1cbedfe3fe8e5b5c30ad5e84b3660bb7b8af2349f1cc64c69c789","sha512":"44759a9f571263e9182fce54e439ecd54421f06d369075b3791808a91b176e47d92538a2e72aae799d80d1a4d44272eea037573a2feb568dbfd30ed73ca9c64b","ssdeep":"6144:vNiHiUka74ng/xyYxfplkVCAKWmcygqOBJrCeH+QRy3j/pCzZ78zCA1xr4y:vNiHrSg/xLd3eCAKWBdjmeeQITrzD1b","tlshash":"216412538b2896e3db8a577040c71a4cef13a6a2d28bf54e2b5e49b051f13987cdd7c8","first_seen":"2024-10-30T19:44:35.47723Z","last_seen":"2025-07-25T02:06:43.151743Z","times_seen":104,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":46,"dns":1,"connect":1,"send":0,"wait":18,"receive":190,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35226,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.283425+0000\",\"flow_id\":943708890270385,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35226,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35226},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image1.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":506},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":638,\"bytes_toclient\":3168,\"start\":\"2024-12-17T10:57:49.264881+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/UnsecuredContent/Image3.png","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.222Z","timestamp":1734433069222,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /UnsecuredContent/Image3.png HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/auth/home\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 17 Dec 2024 10:57:49 GMT\r\nContent-Type: image/png\r\nContent-Length: 950421\r\nConnection: keep-alive\r\nCache-Control: public, max-age=31536000\r\nETag: \"1dae79023074215\"\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nCF-Cache-Status: HIT\r\nAge: 52321\r\nAccept-Ranges: bytes\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0jVPjLXTuLTka8DG1YDtpTLU96brvEIMeVPMVk398NnoDxvUTIEtabO6fj%2BEAvLLWgvrH9rV2d0MyFQTcIe%2FfI%2BWYWZqq8kZ0vK2vZ0dr7agcVtVX2DLhVXm%2BBo2TQ4ePg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f3664faea180b59-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=416\u0026min_rtt=416\u0026rtt_var=208\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=366\u0026delivery_rate=0\u0026cwnd=246\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":950421,"size_decoded":950421,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3698x1935, components 3","md5":"68d795b99b5a9a68928ac1fa30060950","sha1":"c87b5f1a7e596a0ad62bb1e1d68536e50e54f62a","sha256":"25e7f8fd8647773b216da307a3338eec8b23850f9fb3dde1dcb73f2ca284e7d8","sha512":"6fd4c45fc2ed376ff9f8cc7eec6fd8a130d1851e4274c40e6f2077f30e3f7fff3c67f6e7ff3c1494d862c37d5f49e79271b98c373e819510320e2a6e508caf3c","ssdeep":"24576:R81DuoGXk/oHEmogVgxffT36Y3w2Ko7C3lC8lcOqU8mh:RkOEmogVgxffTtw2KTlH6Ox8mh","tlshash":"0c15234c0af4a3a9c53e287b1ba97f464fc71827d9a6e4035173763a1088273313d9be","first_seen":"2024-10-30T19:44:35.472898Z","last_seen":"2025-07-25T02:06:43.091957Z","times_seen":103,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":41,"dns":1,"connect":1,"send":0,"wait":16,"receive":261,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35248,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.281937+0000\",\"flow_id\":1233065131969304,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35248,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35248},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/UnsecuredContent/Image3.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":506},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":638,\"bytes_toclient\":7710,\"start\":\"2024-12-17T10:57:49.264984+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/_framework/aspnetcore-browser-refresh.js","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.228Z","timestamp":1734433069228,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /_framework/aspnetcore-browser-refresh.js HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/auth/home\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 17 Dec 2024 10:57:49 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nCF-Cache-Status: BYPASS\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=UPwFeIEm5%2F1p3GNIhTzdtJkx2rhdjjZZyGJT%2B2hcAKjLtVB8GCf5ForpdQQ%2F5MTQ0hol%2FmTcH6iqdPXVtQVZh2%2Fdti5R%2BXV%2FOfsFaAcmEvV%2BQP2gRVWM7P9onWZJtX1PGA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f3664fa9d860b45-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=6426\u0026min_rtt=545\u0026rtt_var=11682\u0026sent=15\u0026recv=13\u0026lost=0\u0026retrans=0\u0026sent_bytes=7739\u0026recv_bytes=1140\u0026delivery_rate=6510791\u0026cwnd=256\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4451,"size_decoded":12328,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1818), with CRLF line terminators","md5":"44eaaf39512722f857d769db5acd3f9c","sha1":"e272ecdf47ab80e603f5937db0cedcd511f5c0fc","sha256":"54682c3bdb7bb40da09a5f35ddfff2d48b3df7e87896044e295d38f79fecc280","sha512":"4345015159fdfdf6d1f16b8cfae8e618a3d82f3bd1225230dde45cfc99369e7050e443fb26a6a5511f0232058a9da15ea5f3350bd905b10a6b63f84428b61614","ssdeep":"192:B4eMlO4l1ms4J6UC+6ogusTrhX4UqlIGQdQqj23FUvQzjpwC:CL04nGLmt4PIS3KowC","tlshash":"d442b7683122e03185b3a37bef13e009f736246722439169b79d8114af719a9d2f7edd","first_seen":"2024-12-17T10:58:18.351329Z","last_seen":"2024-12-17T10:58:18.351329Z","times_seen":1,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:49Z","timestamp":1734433069,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:49.366641+0000\",\"flow_id\":698889311889670,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35212,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35212},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/_framework/aspnetcore-browser-refresh.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":499},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":21,\"bytes_toserver\":2072,\"bytes_toclient\":14546,\"start\":\"2024-12-17T10:57:48.731398+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/i/do/not/exist.png","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2024-12-17T10:57:49.588Z","timestamp":1734433069588,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/do/not/exist.png HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.pekora.zip/auth/home\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 17 Dec 2024 10:57:51 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: public, max-age=14400, must-revalidate\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data:; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip   http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com  https://challenges.cloudflare.com/* http://web.archive.org https://*.archive.org https://web.archive.org/* https://*.hcaptcha.com; style-src 'unsafe-inline' 'self'  http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css ; font-src 'self' fonts.gstatic.com; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/*; worker-src 'self';\r\nCF-Cache-Status: EXPIRED\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=FN8aMj23BJCmY0gnakIYODDdSnNAC7SHJoYEpVByCmp7PRMG2x8xoU8qXeF9Z7pV%2FMQGtojCMZXUOTWLqIxwpsYZcX9qsOYlsO4471BPxXymqvqRB9hRjuYWO4t3tlfIYw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f3664fcec140b59-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=3706\u0026min_rtt=416\u0026rtt_var=423\u0026sent=666\u0026recv=382\u0026lost=0\u0026retrans=0\u0026sent_bytes=951363\u0026recv_bytes=723\u0026delivery_rate=70385814\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3368,"size_decoded":12044,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4031)","md5":"0625a3bcd4289353cf3fc69d19fdfb43","sha1":"5aa3e762c766311271ad55e6b495f8666af54ac0","sha256":"517a2f5af9b565af9a9a659fc1fcd0e9922cc461a597491155a0ef64e1209bd1","sha512":"398529cfc5c7ada2e93f195bd5337bf05a6e955db275d949d3a7f6e6b8e73282d23b99969cd7774a7463afe187e5f1dc8324117d0bc8da5253f03673b2561798","ssdeep":"192:t+VOq747qGoxuxaHu8cxFHZZd8f0Vuk00N0zDynJEUettVyGKN:t+V2eYpF53d0HXVY","tlshash":"5142977a6f631016711fa09866be370ff296c413c20fcc663ae427b8ef467958d51a4d","first_seen":"2024-12-17T10:58:18.353934Z","last_seen":"2024-12-22T09:14:05.141565Z","times_seen":7,"resource_available":false,"data":null}},"time_used":2152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2151,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-17T10:57:51Z","timestamp":1734433071,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.13","port":35248,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2024-12-17T10:57:51.736053+0000\",\"flow_id\":1233065131969304,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":35248,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.13\",\"port\":35248},\"metadata\":{\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/i/do/not/exist.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":240,\"pkts_toclient\":520,\"bytes_toserver\":16571,\"bytes_toclient\":776099,\"start\":\"2024-12-17T10:57:49.264984+0000\"}}"}],"analyzer":null,"urlquery":null}}]}