{"report_id":"653098bb-3cf7-42ae-a5ec-71f05a950fdf","version":6,"status":"done","tags":[],"date":"2025-09-01T12:45:25Z","url":{"schema":"http","addr":"setup.pekora.zip/version-29f22ac5f5de4484-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"setup.pekora.zip/version-29f22ac5f5de4484-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"title":"Not Found"},"submit":{"url":{"schema":"http","addr":"setup.pekora.zip/version-29f22ac5f5de4484-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-06T12:45:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T12:45:01Z","timestamp":1756730701,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":59918,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-01T12:45:01.396124+0000\",\"flow_id\":827114421805365,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":59918,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":59918},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-29f22ac5f5de4484-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":717,\"bytes_toclient\":787,\"start\":\"2025-09-01T12:45:00.975157+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"setup.pekora.zip","ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-16","domain_rank":0,"first_seen":"2024-12-21T05:30:22.11876Z","last_seen":"2025-08-18T18:13:41.868771Z","alert_count":2,"request_count":2,"received_data":55386,"sent_data":974,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T12:45:01Z","timestamp":1756730701,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":59918,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-01T12:45:01.396124+0000\",\"flow_id\":827114421805365,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":59918,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":59918},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-29f22ac5f5de4484-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":717,\"bytes_toclient\":787,\"start\":\"2025-09-01T12:45:00.975157+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"setup.pekora.zip/version-29f22ac5f5de4484-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T12:45:00.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"deb1fe9d.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 Aug 2025 11:48:51 GMT","end":"Mon, 10 Nov 2025 12:48:46 GMT"},"fingerprint":{"sha1":"8A:55:3B:79:05:13:3A:83:19:E4:BC:CA:76:8C:27:03:DC:1D:D6:38","sha256":"85:08:9D:5B:01:12:C7:80:59:84:D8:60:83:60:76:BC:E6:72:20:8C:B4:7A:7F:5A:69:A9:57:70:F3:4A:C7:5B"}}},"request":{"raw":"GET /version-29f22ac5f5de4484-projectxversion.txt HTTP/1.1\r\nHost: setup.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Mon, 01 Sep 2025 12:45:00 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iQIuUeFHeY6XksiC1ysB7R8aTqQzOf2y733%2FKfy6sqqVi8C6tovO2WLHeFqJwN1NWNd3XBjDqKO4cnTa9j1ZV5la9Nk3O1%2B6O%2FeFRCwX\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-ray: 9784dcbdaf537130-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-04T18:19:54.139852Z","times_seen":30099,"resource_available":true,"data":null}},"time_used":512,"timings":{"blocked":37,"dns":15,"connect":1,"send":0,"wait":438,"receive":0,"ssl":17},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T12:45:01Z","timestamp":1756730701,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":59918,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-01T12:45:01.396124+0000\",\"flow_id\":827114421805365,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":59918,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":59918},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-29f22ac5f5de4484-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":717,\"bytes_toclient\":787,\"start\":\"2025-09-01T12:45:00.975157+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"setup.pekora.zip/version-29f22ac5f5de4484-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T12:45:00.979Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /version-29f22ac5f5de4484-projectxversion.txt HTTP/1.1\r\nHost: setup.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 01 Sep 2025 12:45:01 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fmyInXX1cbEhDC%2BpEzUAw%2BWnrjVae%2FHUwmPgAYUc66EjOLlCNJcLC%2BWySHA4ZtROzgDyZGrB7Ynkg%2FKxi2GAv8E6NB3LPSNZ36R1eSY36LI%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nVary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: 9784dcc11d99a0f0-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-04T18:19:54.139852Z","times_seen":30099,"resource_available":true,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":420,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-01T12:45:01Z","timestamp":1756730701,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":59918,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-01T12:45:01.396124+0000\",\"flow_id\":827114421805365,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":59918,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":59918},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-29f22ac5f5de4484-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":717,\"bytes_toclient\":787,\"start\":\"2025-09-01T12:45:00.975157+0000\"}}"}],"analyzer":null,"urlquery":null}}]}