{"report_id":"8ea6f979-51c0-4f60-b476-a076c0daa611","version":6,"status":"done","tags":[],"date":"2025-09-22T16:57:22Z","url":{"schema":"http","addr":"pekora.zip/pekora.zip","fqdn":"pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"title":"Just a moment..."},"submit":{"url":{"schema":"http","addr":"pekora.zip/pekora.zip","fqdn":"pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-27T16:57:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":5,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.118936+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/pekora.zip\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/auth/home\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":681,\"bytes_toclient\":1654,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.346930+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":798,\"bytes_toclient\":582,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.368987+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":39,\"bytes_toserver\":2536,\"bytes_toclient\":52355,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.405750+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":48,\"bytes_toserver\":3228,\"bytes_toclient\":61927,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2025-09-21T22:11:32.411936Z","alert_count":0,"request_count":7,"received_data":519058,"sent_data":5007,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pekora.zip","ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-16","domain_rank":231692,"first_seen":"2024-12-17T10:58:15.506488Z","last_seen":"2025-07-25T02:06:39.011599Z","alert_count":1,"request_count":1,"received_data":5969,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.pekora.zip","ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-16","domain_rank":1308963,"first_seen":"2024-12-17T10:58:15.504297Z","last_seen":"2025-09-11T07:32:13.425895Z","alert_count":19,"request_count":6,"received_data":189916,"sent_data":3012,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"hCaptcha","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.118936+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/pekora.zip\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/auth/home\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":681,\"bytes_toclient\":1654,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.346930+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":798,\"bytes_toclient\":582,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.368987+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":39,\"bytes_toserver\":2536,\"bytes_toclient\":52355,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.405750+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":48,\"bytes_toserver\":3228,\"bytes_toclient\":61927,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"94978e4e4ab36e6c56939096ba40918e","sha1":"bcf46b7981c71b4d8952c4312e35060667ddb159","sha256":"912bc1c352eda3fb7a5a974901bcc896ae2fb87f3da462f72f6977c9f2ebc55a","sha512":"67d9bdb780ef3bff09b19221cabadd9e48b4111139f7930f7d270e6506265f8b38d424f0205877e5b93884c3cde16c157377cb43595a4ea0f9053773b4fdcb2a","ssdeep":"","tlshash":"9ab0124126a26000c3139034485be804f008034221e80824649d53300f0141a4679db8","size":87,"data":"","first_seen":"2025-06-11T01:01:36.776039Z","last_seen":"2026-04-04T16:22:28.326448Z","times_seen":3183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9187056e41965581de044a11a5cef879","sha1":"1dd63f75272688daa0876e480c7dc363174fa4a5","sha256":"c37ae16e5581e8a235a478c0dd8780e7a6e054bce847eb803711d32e045714ae","sha512":"abfccbbb75aa32fda4f321bb0709cd463f6068c129793f1ef16dceac57ade8a5befd91ffc80cd9f59505b6b5e1f1454c81c5428efe4f8802ec3dbcd25b9db5ed","ssdeep":"3:N/BKL1XFQpNTS:eL1cTS","tlshash":"225504c0544470711f10d403d15134555405450114171c05707d05dc1f343000410540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.940192Z","last_seen":"2025-09-22T16:57:46.940192Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"13254d5e7e4bcf7d9a3d72e2aa331ffc","sha1":"fb91516c4fcc346a31d4f3a6cd67384504a8fab6","sha256":"1e1b4ad14eaabbda01a2c19cc9bc2a02a17380f2e6a5fe4990f74a20f2e6a4e8","sha512":"289e3250cdafc2dc5b0e56c25cef101e3935e200d64c1aced812576cf1e27e159c9113a47f932ba5d0b3134f6e828f7b2f0b0ecee2c2fd9ddbd393f2f213ca1e","ssdeep":"3:N/BKL1XFQpLz:eL1az","tlshash":"5d5504c0d44070710f10c403d150145d55054c0114570407707d15dc5f301000030540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.942475Z","last_seen":"2025-09-22T16:57:46.942475Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7534f0f0ba6de5b87974a205ed0dcb92","sha1":"a5498225d5a44b3a384b8bf958047cc1571d26bc","sha256":"9bb61f086018321cc34102fb5e663b5bfc8193c94eab56c77fef13417b71cbbc","sha512":"7f7ec58c81808f26a494891850b11b61b7eb216d15fa1189ecd59d245bc942358784b9e350913fdeab43c531aae64a0def928672ea01da97bae35f7b443bb091","ssdeep":"3:N/BKL1XFQp+n:eL1R","tlshash":"105504c0554070714f30c443d15054157445440114170405705d45d41f301104350540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.944985Z","last_seen":"2025-09-22T16:57:46.944985Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c16995e8d89d1114f23046352160dcb4","sha1":"b5461e1b295937601e9be9789ea67c37d2502d69","sha256":"f060340e242a75ca1939c8ec56cc332aa2d4acebb7858ba4800bce756674a760","sha512":"f784afcf57062b4e18eddbba83a54c517b03464d98d6ad0df299bbff3b339d1c99d480abdaf7996472c97fa032230aec5af4a1bff8364afb737ba53d8929f8f9","ssdeep":"3:N/BKL1XFQpMHQ:eL1hQ","tlshash":"f25504c05440f0710f30c403d1d01457541744011c1f0405707d05d41f30d010111d40","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.948247Z","last_seen":"2025-09-22T16:57:46.948247Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"12976de66603d51428c1753c4d5a2ef5","sha1":"c84f9c8c8fc9f87fc392aca35946dac7c1e25ac4","sha256":"2a25ffad4e450c11c0105cc5c34ef8607134b6020b911db7342cf13f65465e1a","sha512":"e6d7b23245903d24d09d7a032fbdbd7eddeba32ee70717dd05af2c8a886c0dc8d0332bb6d8931a741c8f228654c3a90f343d39339fcda55afd7b61477907d975","ssdeep":"3:N/BKL1XFQpOYn:eL1w","tlshash":"ff5504c05440f0710f10c403d150157d5405441115370407717d05d45f301004170540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.951323Z","last_seen":"2025-09-22T16:57:46.951323Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a8479da4019694b89e3f0a410c46bbf6","sha1":"fc2e57b638290cec377eea42a42fe00689932b07","sha256":"4f4a438b4f34a3b0fb088d8d9f9a4fd88ce35ae7e97418f4200334669175cfca","sha512":"2ab0e60a5be7a622f48d7e85a26fdeb4406eac1665d5881e3ffca03d907a6d55569d98b66ca25c78e367760153164cb883b1783083914b1bfdb3118d71851c07","ssdeep":"3:N/BKL1XFQpI:eL1P","tlshash":"425504c0544070f10f34c443d1505455740545011417041171dd05d41f305100410544","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.95332Z","last_seen":"2025-09-22T16:57:46.95332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"90a87231ed263ded7288bf2c2e45fb42","sha1":"a362b26c0828db3c4c7e6be4fab850ec4b88b9e5","sha256":"55528508c8793259352fae0c679bc38288ef1a3d4daaedea8469d530ff8657bf","sha512":"63d1f1b1e44a0939c1583028912823a01c134b26077c92125ede95510ea1a905e15dcff19c72cd31e36c7fa0f8a684d5edc316b904e8dfa1ee079d3b18ea5e4a","ssdeep":"3:N/BKL1XFQpQ:eL1v","tlshash":"a25504c0544070710f30c443d1505c1d7405cf0114570401705f05d41f311100430540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.963723Z","last_seen":"2025-09-22T16:57:46.963723Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"23f783423d5998bd37674407ddbb7af0","sha1":"602fa86bad9d19124110268b7805a17cb0352ee3","sha256":"b5619e5c3cd439e53295907306bf0086eead5a38a5149d5e3d7e22362d747308","sha512":"91a61ff664f71013c33dae9d90c27d730d4debea30a6f3d0a502cf5c9c0120794d76609e461b67efea12673ae0f8458bac99c4b77e76de5ae0415d3e6affcfad","ssdeep":"3:N/BKL1XFQpR/n:eL1K","tlshash":"ea5504c0544170710f14c403f15034355415550314570c01707d37d41f301010010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.966485Z","last_seen":"2025-09-22T16:57:46.966485Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a4ca4448529c1114fc80aa93aa4e5e73","sha1":"3caa5bd9ea72fddceac8aeea8b6266538e649448","sha256":"2d5e058b8ca5db4ec981fb8e2b0179d35a54484617997d7669106d4fb7b99ba2","sha512":"ca286f7127fcc219bbfb3d937bcb2e006ba907ebb9e5ef92070f6d4991dff11cbab9e17603b9c806caf38c824a80d111e3095cb10b9ec0b617577c947a94dede","ssdeep":"3:N/BKL1XFQpMXW:eL1zXW","tlshash":"165504c0544171714f10c403d1d4143d740d44013c170401705d35d43f701400410540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.968146Z","last_seen":"2025-09-22T16:57:46.968146Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"f7929c5c732bacb178094e1da7bf52c0","sha1":"9a0cf30e6b3566c6be938b3dbcb1210c27ff41a1","sha256":"dab4cd973721b38fa2daa8d979c68159f299a13b24517725a2ea526471806f5a","sha512":"691184f45cee4de10f5a6fc47d927f208b49e3802a9ba4f6a2f4b5b80762f68d54ec7699bd8e9d2cc6d69deaf786b35bb02c8b8b51a04eb6cc262db1a995edd1","ssdeep":"3:N/BKL1XFQpCR:eL1p","tlshash":"d45504c0d441f0710f10c403d15414355405450115170c01705d75d41f30100c031550","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.972448Z","last_seen":"2025-09-22T16:57:46.972448Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ab96ac68777a83a485448f10bd942ad8","sha1":"345e665191c3996c7f261cbc33e7263afbbfd002","sha256":"467b4686c17ef42c470fc368718ecda9e63db9b05a1c6fe1b831f51c8c41239e","sha512":"ca2f3ed58ef0dd22237ea651c32399b668f76de884b1af5a8de4178805ac4b0ab5f78387c204db7a969b17ee50915e30d7ccbe12e2865c513bca671b535d0651","ssdeep":"3:N/BKL1XFQpMy:eL1w","tlshash":"435504c0544070710f10c403d1d03557540544c115170405707d15d41f307100110544","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.974056Z","last_seen":"2025-09-22T16:57:46.974056Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"1bbc440f7491c53053b92ee0261ed355","sha1":"7cb01e1c00f9348a3aa18d0e28561d342a4ac0b5","sha256":"8632dc26bd1c43bf9b319c14f07b1f4d621d9fc875235fa8199388cca5164c75","sha512":"a44e2858f00ba37a92183f73bd6c7ed02c759287fdefe3a87c3bccbdd5d76a821570a8c35034436e7cd78c70bcb58c3bdb1aefc02ae211172907b0e4df5f0ab5","ssdeep":"3:N/BKL1XFQp9cn:eL1Rn","tlshash":"2a5504c0544070714f34c4c3d1f0351574c544011417040170dd05d41f301400110550","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.975868Z","last_seen":"2025-09-22T16:57:46.975868Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"1eda2daf2d659c9f0992585a89a9a330","sha1":"cff6415879fcb6d9f154c1ad2cd992f47f6114fa","sha256":"f16e715070a0f0443104b4b6b71c0700073715423acc084b8032022420258178","sha512":"72c307825350ec46d27bb43644c2ad5176903ad6cf4d180e7d57b38806d9dc108ec8497a0ddb99e6904645ac0246f1f64ac9fa0efaca9bdba41dbabc49bbe18d","ssdeep":"3:N/BKL1XFQpZWn:eL1IWn","tlshash":"925504c0d441f0750f10c403d3501435540554011417040170dd35d41f303000015540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.977792Z","last_seen":"2025-09-22T16:57:46.977792Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"55263619d5440afb0ec20767cb086e40","sha1":"198f817a4d2b1f7b0633eb087da3b3701c728a57","sha256":"25108a405d5e74dd32302d43c447c725db7a3780d9bda297d21d01be7cd1ecb8","sha512":"7f9e89b0cbaeab01eef491fe7628be9bcbb5dc3694cf284853ddb64c37235109f7291d94939ef5cbe472e0d0be2759f6b5d5ea4e22e812866e9ef5c9932dd335","ssdeep":"3:N/BKL1XFQpmi:eL11i","tlshash":"085504c0544170710f30c503d150143554054c0514170405705d35d41f305050010544","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.97965Z","last_seen":"2025-09-22T16:57:46.97965Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"abd6932f496468eb727d00739640ffc6","sha1":"d2229a50f7744c9a75dc5173792f3faf1a0617d8","sha256":"d8fe1d3727205b7ec9430987ccf360292996de297318eacf27b2ac10ad1670d6","sha512":"aaf7820b61e202a948bbdf80734c436f165da3911224bfd95af28257b0e467096e0990f9ae66dabd5d2d9dc571b746c17c0537e1f7829c2fc226c3ec54a471eb","ssdeep":"3:N/BKL1XFQpun:eL1Vn","tlshash":"4b5504c0544070710f30c443d15055557447450114170401705d05dc1f301100410540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.981426Z","last_seen":"2025-09-22T16:57:46.981426Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"af16acdec66defb0e892cc94b0afcc16","sha1":"d392a4dd589e77139e98f4f32fbbb2d279f1ba66","sha256":"e5f3aefb8c284947fd5472f72ed96c1f346174b83915a1da75ac99ef1dd1b05e","sha512":"69f6a78e10fd75cc9a9f4e9b02748cad26024bf5673618dbfca4d973523b3b81a8e91a5e2cc05a2ab816af7b44d3dac61590e90615f9e13af43ff9b96689068e","ssdeep":"3:N/BKL1XFQp4:eL17","tlshash":"5b5504c0544070710f34c443d1f0141d7405440314170401705f45d43f301004110540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.983649Z","last_seen":"2025-09-22T16:57:46.983649Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/b/5783333ceb22/api.js?onload=DndV2\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7cbbd4a46cb9ee9282e6f4337d5e31a","sha1":"e39621a6d78045a52188ec4462c8863203c71d3d","sha256":"e14d9d846b4464b05ad6cd15328f9d7196f960cc6ed30fc8a3a27a782e28f0ad","sha512":"4c9e836eaee72ece3096f68fd2644763a5d7e791475541631bf3560ac8b8cf8d7969b160479862d5f1a4887bf4a0c9f8284857d37d90dbbf2408e22df1616c9d","ssdeep":"768:2C6BtV2fM2txa+Qnr7dd5buBKu5PUJ1RvPPBrhfsskjvM8PFY13Fop+ORWqxIrm7:g2E2txa+QnrJfGPOFdkjJaI","tlshash":"94232c583256793267e984e1617ba74373297939e94ccc50d823c86532bcec9d233fba","size":49070,"data":"","first_seen":"2025-09-19T16:22:31.849963Z","last_seen":"2025-12-23T23:29:05.321053Z","times_seen":7412,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"33ff6022e88df59f8dfc9eb546435e9c","sha1":"7f2ad96c0a1276fbc858c652a6e2d0b3c9d4d3e4","sha256":"a1c845cab782ea7dec04543ec72e0b354cb8e9aae23acc02ee02b1832e3acd9a","sha512":"99820974c649620d8dfd487054edee4863ca41025de5a87fcd6fddfafbecb53668799fdde6f7b809112fec178b18f28a9ff8e190d298aff5a29c6795ad639c25","ssdeep":"","tlshash":"0c600000c0303003000f3000f00000033cc000f0cccc3003030c00f000c000c0cc000c","size":14,"data":"","first_seen":"2024-12-12T23:50:40.556614Z","last_seen":"2026-04-04T18:46:53.546774Z","times_seen":248397,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"dfb9c36e392a0908630dbe1347f44186","sha1":"5135368f51ab9285332b5d3f8679910f12f53483","sha256":"dfccaf6d24265ae9ce0a532067f808c663ce637f645ba1a88367df9dea4621e7","sha512":"ed818049d7169586d85860573d347fc53a19efb01c7fb11c9af0a14c65f64c350d3d16c43f950dbf81e17c349ecbbb197e184dfb0edd55edf84cb08b2a2b3ceb","ssdeep":"3:N/BKL1XFQpMiQ:eL15","tlshash":"da5504c0d44070710f10c403d1d0145f5405440114170405707d0ddc5f305010130540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.986545Z","last_seen":"2025-09-22T16:57:46.986545Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fb849c2efcf40514758ca0344be46e00","sha1":"6f30361112feb1cb4609376169f3f6042fb104ea","sha256":"7a50c8115b6ec8c39d4dcd0bdb6d74c959628bcaa63428be6ce5e20a5ce9aa58","sha512":"912695a73a33b4f37c2e3abf770c975995858b85b14301a53bfe19dda9c296b88e1587ea756d9a55e030c5d21f21786a30519bea054fd3b9c09f18e9ece62d50","ssdeep":"3:N/BKL1XFQpIvn:eL1R","tlshash":"c15504c05440f0710f30c403d1501455544544111c170407707d45f41f301010010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.989482Z","last_seen":"2025-09-22T16:57:46.989482Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4c6717362b902352a05755189796e8d0","sha1":"3e9c43f6a298a92c7b9935761be2e6b0ee342e8a","sha256":"7cead05c8d227d60df34b94e6c92041bfe62047a69f6579dd1c9de95dac86d3a","sha512":"f3880aad420b9ee4431064bea03af4d6e638ecfafb10f3ab76bbb124ff9a5d5ad62e984933f7ac02ed5f90cb4e1b91fe75ba140dee24e5ed882f4613f88cdcce","ssdeep":"3:N/BKL1XFQpIy:eL1s","tlshash":"545504c0544075710f10c407d1501475540544011c170407707dc5d41f3010040105c0","size":1337359,"data":"","first_seen":"2025-09-22T16:57:46.992134Z","last_seen":"2025-09-22T16:57:46.992134Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fecbc977270968c83eedafcce3ebb595","sha1":"47a92105d21140b70485c4fb6325bc20cc13ff72","sha256":"e84d6c2ffcc0de015f80810cfdaba8bbb15c6576d02a7beeaef4d2745d7e9d9f","sha512":"29e2cdbd3c22fe345b4f9a4c7bb6aafe4cd59a37e58312f5e0fd782b60b4df6e7b252c1dae38dff8b1b77ca1438a0d7a9695c1bf480b6887f7c3bcfc66674675","ssdeep":"3:N/BKL1XFQpKQn:eL1Mn","tlshash":"035504d0544070750f10c403d1f414d57405440114371c05707d05d41f301000450540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.004707Z","last_seen":"2025-09-22T16:57:47.004707Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b45a39f7e8ea4472e9fc811897f39c10","sha1":"8684b3eeb57849b67250773499d5bffb70e7e667","sha256":"6767d76e0c48398b8dd6247d8a0365dade922c3279d985b19c1a4a9b54137165","sha512":"86b43774d5bb2aedce5a4e315af6564cb2f9c0a5ccfc13c13474b515ba8957bed371b88ab6684da0039f945cf5c9fcc5965aa6178c711247dbc94a23c8b40a6f","ssdeep":"3:N/BKL1XFQpJmS:eL1Yl","tlshash":"cf5504c0544070f10f10c403d151145d5c05c4111417040d707d05d45f701000030540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.007554Z","last_seen":"2025-09-22T16:57:47.007554Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"bc17867d0b11123a7a17b284adc05e8f","sha1":"4bbcb72373b23be70dd245665a339b6220dee459","sha256":"a7193df71b2609721686c171d201db23121573d4e0d29e5cd19a3bc934312360","sha512":"3bb92737638fd8a578717330928dfc8279348f1ebc6f5ebde07c223b3ec037f66840caf8d3167214adb09626336e57e1975dc485127efd913cb45cc42b7680b5","ssdeep":"3:N/BKL1XFQpKV:eL1B","tlshash":"f05504d05440f0710f10c403d1d414d574c5440114170c05707d05dc1f301400010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.010033Z","last_seen":"2025-09-22T16:57:47.010033Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ca897fb253cc8807c5aafc947eb02fb6","sha1":"25137d68712ada7d3ad424c80bc0d688a696f7bb","sha256":"57f9c536daa79c4d770534dbafbe2e7b2b2aa48b9eb2617b4e670b8a78a4a4ce","sha512":"187200763128b83b777932b28834f8a21adf5824c5b9f8635249168aaefcc2451885b26da07411ccd56a52146f9b8cc2524647ebf2df4c1474f80d219d893f64","ssdeep":"","tlshash":"d96000030c00cc300033000c0003003f30f00c3003cc300c033003f003c030c0000030","size":16,"data":"","first_seen":"2024-12-12T23:50:40.144885Z","last_seen":"2026-04-04T18:46:53.619406Z","times_seen":246061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"63fabb1fd02256736a030604cd6939a4","sha1":"0cdc8a20656d75adff934eacacc5f319ad751975","sha256":"3b5f0a909f28b31eb44f9018f93af1415a23391195a44564b222e1e432f38af8","sha512":"41a25470c79f9b90f8704557f968e48e68b11d8cbc21f7b28cd85b025038c5e29ab394bad7115c74cd3ede388310b2dcac47197f16c797026f022e992fdcbb2e","ssdeep":"3:N/BKL1XFQpjn:eL1An","tlshash":"1d5504c05540f0710f30c443d15014157405440114170415705d05d41f30550c050540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.012694Z","last_seen":"2025-09-22T16:57:47.012694Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6e7bf1b329cf4d6dd1fd4c720c4b4773","sha1":"1c0e94079cb23a207e860e82729b7cb9687deb02","sha256":"959a8a897ec2c21f991c1ab5bba0c3c78337c2c45b756bf047bfab9d95a387a0","sha512":"5747daa5db228502786325e9fa016f31305ed2a8c6d21c81eccf1c2ac9e869e8d70d71858d8d11f4ed39edc5d19cd3f345bc1126aadc1b1c7d13618da118d508","ssdeep":"3:N/BKL1XFQpO4:eL1g","tlshash":"555504c0544071710f10cc03d1501455540544331417040d71ff07d41f301404150540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.014556Z","last_seen":"2025-09-22T16:57:47.014556Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c142e19fa45723ae2c9f67fa9089abc6","sha1":"264cc3c32b3e310979daa4a9a86dc7c63f1770c4","sha256":"e0672bde99189ec266154e73cb58b70ce05c4bee9dba970394d416415e223916","sha512":"1f5d20557c95fe07f17bec44df726515651daf92fc35845c9cf56e69f2f624520a1645b47adb1f8338b65d9c3192f2fb8ee133f5281d2ba9359bcd4d517e4a05","ssdeep":"3:N/BKL1XFQph:eL1q","tlshash":"285504c0544070f14f30c443d15054157407c5411417040170dd05d41f301101c10540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.016378Z","last_seen":"2025-09-22T16:57:47.016378Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6934d9d33cd2d0c005994e7d96d2e0d9","sha1":"96d89030c1473585f16ec7a52050b410e44dd332","sha256":"08c9b52f61fadf1eff6fb89169f1735fbae7bb583b23cb119d0e1a0151bac952","sha512":"64ff1127cfca45f7ab820ffa481a3af55570ab2d7b1b7e9d3c0309bd3b6783f6b8d10c8eb2224bc517613f82372722a443dc221398cd2e5b24594ebef1bf4359","ssdeep":"","tlshash":"cd1100000000000000000000000000000000000000000000300c000003000000000000","size":1000,"data":"","first_seen":"2025-03-02T18:12:34.22932Z","last_seen":"2026-04-04T18:44:56.158462Z","times_seen":123142,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9fd84601dbed344e5294930383a6bb6b","sha1":"ba8bddae16b4628c54d6046390031426729a6019","sha256":"53df866075ea1135d6825057f77a1908d2df4cb720b14eb61bb243400228c8e2","sha512":"695e3fd617b543076e5825d2a6d2f0c02d72900e90a6b041ffa4af9a99b1fdc860bbd7ba021535080585b3b28f5d384040020316cff09251c8c2659ea12f0c96","ssdeep":"3:N/BKL1XFQpOGV:eL1K","tlshash":"c35504c0544070710f10c403d35014f5540544511417040571fd05d41f303405150550","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.020115Z","last_seen":"2025-09-22T16:57:47.020115Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"2a3d0473cedc90a8777fdfa3a0d269ad","sha1":"e011a74aa97414672adad4ea992267cf1e8d3f3f","sha256":"e5d16be039d92761650a38d27e3b2e65ac152ddc5c9efc3ff25b3071c45ce62b","sha512":"bafb03d9990ea028213d79a2ea90cd206865acab066c411113ede6964fe11d3f48e584f7e1ccf9d554b8deeeb240f60516a31968234ae12c7321c724150dc70a","ssdeep":"3:N/BKL1XFQpLK:eL1aK","tlshash":"025504c0544070710f10c403d150145555054c0134175405707d05d41f301000150540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.021816Z","last_seen":"2025-09-22T16:57:47.021816Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"666c10104689a400aa2b0f542abab8fe","sha1":"a32f9f42fe471415d422d0d4c14fbecb29aea46f","sha256":"5cb4df7b7121280c65ffa99e9ab744e8739364f44c508a6b9645c3fc34459c9b","sha512":"1bc5cce22ec526931b37aa5a5c5106f533b245056e5287484e64f693ea2f98223be78b84a567aff9f1d3d54be2695c88dd4576ca1dacd35ece568763949d5b4a","ssdeep":"3:N/BKL1XFQpUFn:eL1fF","tlshash":"5d5504c0545170730f10c403d7501435d4054715141f0c0170fd35d45f301000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.025004Z","last_seen":"2025-09-22T16:57:47.025004Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"01cfcf546f3b910a9c0f1e1d7053a499","sha1":"b8847d14484204279dd499717b990fb2c0474d3c","sha256":"3bf21a48925d8f434bd84f42c0d3659a29dfe433ab108ef1418e1b26d6cb1465","sha512":"f7844f7211afd81ee79163d1c3abc6e3b03d1c6befeb5e3d7832f72eb334d88a8e31b214824fc943330e613b3a657e228b95dfe8177abcbe6c26240178653a00","ssdeep":"3:N/BKL1XFQpPw:eL1ew","tlshash":"a05504c0544070710f10c403d150147554174c0134170c0d707f05d51f3010000105c4","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.027216Z","last_seen":"2025-09-22T16:57:47.027216Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"58a9ecde5dceb125ccac4e9db4f66329","sha1":"dbfb5b26d083b05e65fadf4240731d31566bbf68","sha256":"ed8db52fe80829f9715cf5321d056ba1d0b70bc71df8fdb15174e7f2e124067a","sha512":"7a522cb8bc30aa8ae17cdf87c679400d7a80a622b7c820bc4d19f5dee020fa5760be96b0fb54a42d2f61ba3893984b6a1661732d57a15539dfe489943acdc2b1","ssdeep":"3:N/BKL1XFQpJDc:eL1YDc","tlshash":"a35504c0544070f10f50cc03d150147557154403141f040d707d45d41f311000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.029056Z","last_seen":"2025-09-22T16:57:47.029056Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d07953697386c879a860dd405158e20d","sha1":"9e12f7d463015eaaf26bd9ee8ae9d6174035b5f4","sha256":"75431bdd7b3aaf2a1523880e5d56c096de0fa90242b34d74efd989ac98645c98","sha512":"2f295b1aef22c7b356b79ce64e9ad6f7f67e11bc835db9a1ece61708a8e06af8790bf2d34c45d80cba00fab26db8552047fc9cd14a6b510a1427cb52af1f9aef","ssdeep":"","tlshash":"5811ddbdff3c65f6a32250d4482b31295267fac3284157084500e6d47fa8e16966ffa8","size":1103,"data":"","first_seen":"2025-09-22T16:37:08.642126Z","last_seen":"2025-09-22T17:24:15.614993Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6e2050c569a258e61af49cb8d4df83b7","sha1":"c719aaa9a7cbaeabb566433b1a6ac06e3ecf4237","sha256":"722a8378b05cb937b4f56f7721ae149435318b1e50ab37c22607c5cc76746312","sha512":"8a2a81fc3db9f4d15a9c9d5159bec5fab14d936f98d9945974552aedf15a940316cda3e2e4b59e8a42e640445dd3ad30903fce51c51b9873256c049ca7e916de","ssdeep":"3:N/BKL1XFQpsB:eL1/B","tlshash":"e05504c0544174710f10d403d15015355405440114170401705d35d51f305000010545","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.033352Z","last_seen":"2025-09-22T16:57:47.033352Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"2df9d09b721ba3a8354a0bee911d18c8","sha1":"2bad58fd9f6ef7cea4a1dfa9751ccfafe770766b","sha256":"72be9b80d2763c41c6136f49f683ba79346fa9219082d984c32b9e8ab5c3f56a","sha512":"7e99f3a7f9511b80cf538c398527e40f29902d8ec936439832928f22d8948290471c6c5bbfbb67fe7eae2e226b8f21f6734cc96473cb9f6609a6b1f90f7a5e5b","ssdeep":"3:N/BKL1XFQpMFWn:eL1bW","tlshash":"f05504c0d44070710f10cc03d1d014555405440314170d05707d45d41f305400110540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.035136Z","last_seen":"2025-09-22T16:57:47.035136Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"78c608f5232e3173ed97f8898162c8af","sha1":"3c06f4f88936b4702b9f340ada1a1f25a13b967c","sha256":"9a78b5bc49548f28c78eb4af682701840d3d4d48bdd0a51f2212eab3cd4ecaa2","sha512":"69df8c2c40b456a0b7488829f0503a5536c58468b076fb45e3963864b5cf7568b7d6d7dc7576278e0990636d39de2a3156dcc32be6dca16068c1e829b13f6098","ssdeep":"3:N/BKL1XFQpr:eL14","tlshash":"b15504c054d1f4710f10c403d15054355447440114170401705d35d41f305000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.036977Z","last_seen":"2025-09-22T16:57:47.036977Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"599456dabb5233949bf4c7547a335037","sha1":"a3c5bfdb8975d78c4899b6ed5039450ed6766206","sha256":"2bc8094fc888f692ac8d935092b388d8ca8b6ec68d4d95ea5465baa1af1013e7","sha512":"b7fe441291a06458544fd70b1bf225d828c8b351b23a41a0c45d071719384087274a0ec4c6e96b58f4c2bde7bff2a01b7898bbe251ca38fe3e5b5089736969f1","ssdeep":"3:N/BKL1XFQpOC:eL16","tlshash":"4c5504c0744070710f10c407d15014555445441114570405717d05d41f301004150540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.038806Z","last_seen":"2025-09-22T16:57:47.038806Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56c2bfdffb8a629e1a27f2dd5dd63730","sha1":"972f03e190822b101e89c44952b3b25fd031b30e","sha256":"b259cab60208c0fba261b1bda05871993a1c3a29571289762fa62163728472f0","sha512":"df4cb2f8b377c5e1a629ac7470f0f110dc4dbeae4b09afbd8f01a896a492b61f9de6b552a67880e6e4ae432574abfc293aa49d0c6cdff9cfe0721cabc5959e10","ssdeep":"","tlshash":"12614dcfd638c75aebc2265582067bb81fb230778060251297d1a48d1f29d8dc122e19","size":3381,"data":"","first_seen":"2025-09-22T16:57:47.040384Z","last_seen":"2025-09-22T16:57:47.040384Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"442b6679735f9fb1cf7dbdf0db818fb9","sha1":"4949e7f919d5d1f2e6a476e3bd20c317d98c1220","sha256":"ddfab3a9bac9b1409ecfda56f15429fa1935e256931b4883bb3c8a9fb38450fe","sha512":"817dda0b11c5e8e6c10317a84a16450836965f03cc90a6b02ce42bc7133290bee4ce3b41d6cd0c964a2a5f705115ec692557ff62de7e73d4180c53da83f9cf1b","ssdeep":"3:N/BKL1XFQpJJT:eL1YJT","tlshash":"dc5504c0554070f10f11c403f1503455540544111417044d707d45d41f3030000105c0","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.042188Z","last_seen":"2025-09-22T16:57:47.042188Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"172c87d68470da7a47e73ac1b0736d19","sha1":"5754d7885c26426264c4dde23e4dcb0d64e81b33","sha256":"8c0c2b350c04a7d6055d142bfe25c158341855454224895500b2a98dffdf957b","sha512":"fab110ba05a6398b5c2cdbd66c79f922bbaa11d99dc3d12cccf7c171a582d3c2a78939d044d837c79c4241738102aa8877f5cd1fb0875a0c6c869a0afe2d9b66","ssdeep":"3:N/BKL1XFQpV:eL1i","tlshash":"8a5504c0544570710f10c403d1505435544744011417140170dd37d41f301440010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.063297Z","last_seen":"2025-09-22T16:57:47.063297Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"8eed54ce2dddc9c5e339ef56df206790","sha1":"0ea7a9dcb21cbce155bf82b7ec230f41d61a99e6","sha256":"debba2a4480dbe77c4e2bcf44de455cac23bb25ef93fc05c314e992036be97c9","sha512":"da53d1d90f36f5e57d81f084939d41944564971558e87f0f1254a819900c78b80631f5edf1535d2bed7f1ba978e53a5f53101e4aa7ceaa7b0b25e06785b1002b","ssdeep":"3:N/BKL1XFQpNMTn:eL1cS","tlshash":"905504c0544074710f30cc07d15014555c0545011417040570fd05d41f303000414540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.068209Z","last_seen":"2025-09-22T16:57:47.068209Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"20e9f83fbe49ba88cc36383e868e342c","sha1":"25634937493e1a92944ba39a5f9bf6bbef9484cb","sha256":"a61725623f854fb50b3e1aef28670101aeea8c7519b05d9418f491fa696dd9d7","sha512":"24cacd8f68bfb4e0fd3e639708e82c1ac1a91a7e957cfa2166efb561d1ba5cfd912f6b83e3032833738d3b92457d486b750f4904d1360d15069920faf3db6be1","ssdeep":"3:N/BKL1XFQpPy:eL1ey","tlshash":"045504c0544070710f10c403d150345554374445541f0405707d05d41f303100010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.070488Z","last_seen":"2025-09-22T16:57:47.070488Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7577bc171e17d2459d4cc5eb448942ae","sha1":"41058102fdcd6e176b54bba176e51ddff7f9d93c","sha256":"74846f024f7ead8523bbf6fc9689b6fbc10f1ab1376046cdb4bbd0b27e36a3d0","sha512":"5776584a2458565f2b6eb0c3c600738af3360c39c416a60083f3141374484fe0b8c8bbf3b0a41a2b580fe14879fdfb0257d6cc10b565abf251646cde4a21d720","ssdeep":"3:N/BKL1XFQpFC:eL1UC","tlshash":"165504c0544070711f30c403d1501475540f440114170405f07d05d41f301040110540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.078684Z","last_seen":"2025-09-22T16:57:47.078684Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=98335659cf1c7131\u0026lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dce797008e09cedbe09fa0d2b46896c6","sha1":"c68abaf7cd72d50b8dfd1c3f5c30775948b58efb","sha256":"74916f67fab329211fc0a25b3923f7a4432333caf23d3898790ef62013c734ff","sha512":"518f42b6210bfbbe400469d819c00d4882c0035279f82a88dbb7ee0cafb6a6f5f223b50ad650b7ebb0345fd6920823779391e4428cbfe788575d58f624e90255","ssdeep":"1536:ylBydFwfZILOXoMEmsU0wyeHsqQJxnbxO19v7ZisEiRcRT6ObJkxCaoKYm:ylByQoAJEmsU0zdJ1Q19v7aim6OkPYm","tlshash":"95e3fa8e75ca7786536230f2082b14fe719b6ca42028495dfa07f9e47ce17542ee6df8","size":143928,"data":"","first_seen":"2025-09-22T16:57:46.928338Z","last_seen":"2025-09-22T16:57:46.928338Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"695ba1749e028e650e1264a8b85432ce","sha1":"d78f17045034d6c60ab10f058633777a7e91ac10","sha256":"b354fe421759c68c0b28d84296da7592727d9ef010ec1b1311f3444dbb341a1d","sha512":"9490850b6cb1af07adb41dcd66dcbe5f19db2c90555bf282a5ad5ef5fc82498512d21b41e55143bc54589b1cb7d03ab244885f5dc371c7c6a97aa6811332efa2","ssdeep":"3:N/BKL1XFQpKSXn:eL11kn","tlshash":"0e5504d0544170714f10c403d1d4143d7505440114170401705d75d51f303001430540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.086795Z","last_seen":"2025-09-22T16:57:47.086795Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4f3971f8d1963c73636dd21ec2531b15","sha1":"83eb90a63be4c6403c6ade9852226c41a23ae979","sha256":"4d00300cbdb6381392dad2a54d9e6cd71526815692a98336cdf96859ddb4edba","sha512":"d15e5ac6965f0809701307796d3be59d67ac717c8d22948e3eedf7cb340e03381760ff1aadc9e138cec29249551d1f0f838d3760dfa3de98a91ba8bdc372aa32","ssdeep":"3:N/BKL1XFQpKz:eL1f","tlshash":"465504d0744070710f10cc03d1d434d5741755411517040df07d45d41f301000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.090068Z","last_seen":"2025-09-22T16:57:47.090068Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"2617081873ab8bc88a720ab3bfe98ac6","sha1":"085cd70bb6a9778f8ff610995882943cc793fcdc","sha256":"b98a6e80e07c15d489bcf4a41c0ba8701d94c6debec277577b4cc140f4df872c","sha512":"835d43ff4526b12bfa10b94b28bc7784014d960a4e74753afd8c66b38d47e3945b548e9c957fb8b1f944aa9cc16f6da915da4e4251c6b217a546996c66a82ebd","ssdeep":"3:N/BKL1XFQpS:eL1l","tlshash":"1e5504c0d44170710f10c403d5501c35d4054403151f040170dd75d45f301000410540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.0928Z","last_seen":"2025-09-22T16:57:47.0928Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"752806c6c99c666f502745fe01e33c43","sha1":"8d60a76a7196bbf6d6aef7aa8c2e3caaf7ea8d9b","sha256":"e734291b881393ee9ccd1bf09c24a25f817afc435457f32f3618ea453949d44c","sha512":"c5a14874ff78941d0ba651e76c16ef91142de9a711814879619b472b49792f84729802d7038baca66f52bdadcd6fd85e6c7bd9eb6a0fabf3aaa65506a0a11f4d","ssdeep":"3:N/BKL1XFQpk7n:eL137","tlshash":"035504d0544170710f10c403d5d0143d5405c4011c170401747d77d41f30d000030d44","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.095042Z","last_seen":"2025-09-22T16:57:47.095042Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e6cf9011d856a4c43d41cc0210ed7900","sha1":"9360beaeb48ac836dda5229c1882ff9b142e0ce3","sha256":"c15c7f6afe855ec178165ce2df5615fe141d902c21a7fb25c71ef3fbeccff16e","sha512":"c2dedbc96e0f3c0df4984ec9ff4658614012a408c470e2ed72ca5642ea5547538b58b8d6c37e48c8654d9aaf89d82412861c6fb3d5c343d13d45322929e26074","ssdeep":"","tlshash":"0661b8d7d6474832cfef15f2ca3ba73426b921a38c16349526c0b56ce86af4b8379584","size":3450,"data":"","first_seen":"2025-09-22T16:57:47.096653Z","last_seen":"2025-09-22T16:57:47.096653Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"920f69c502e672f948f3a28de13c06e1","sha1":"25829339ab0e3c6ad4014e0e1bd626f43f25df91","sha256":"4ff271d8c865bf6ce1a5c6a53e70d451abd61e589e4fb806c685a3acd5a53ec8","sha512":"a630e209b5d690cb4a035d24ea395dddf095696c9d2a2b4f5efb959df2012b6b8b247e28b0e8b064faf41db7f91249cb32a07978e52136c6e6ede778a62f1a61","ssdeep":"3:N/BKL1XFQpF5:eL1U5","tlshash":"e85504c0544070f50f10cc03d1503455540d4c031417040d70ff05d41f301000110541","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.098642Z","last_seen":"2025-09-22T16:57:47.098642Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fc811b9f5e600362b6a446f86a6e27c8","sha1":"f00850b43eee0845645ab99860bc207b49a64163","sha256":"b98c4d5db8ab32c3406b3e9adc6ceada6ee920d13ff066864342f8a95c03b2da","sha512":"fac5cf8782b3ba14d958e717b17199a29e80ad26f37d6976c03c5b62a04ed9337c749be7c2c4551995e2f154da7c5a4e999654f9b352712bedef56635f139d7c","ssdeep":"3:N/BKL1XFQpP+n:eL1e+","tlshash":"a45504c4544070710f10c503d1501455541744011417140f717d05d43f305000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.100411Z","last_seen":"2025-09-22T16:57:47.100411Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a894695d8d717246abe18c40f3da0c15","sha1":"3ef4a9192d156632c3a453a73ed0e302653c1e2d","sha256":"35afe572f2af955c146395d43b0e65b5153e2c862b643dca95d24a00103927fa","sha512":"05228aa0f7bac38934d4c20e1c2b618b80c6f0f6941eba3157378409b03f2f4ebc6079fab48bd82f2e3adbc4098346c203d02d40de1c1ead6b91a24914b41edb","ssdeep":"3:N/BKL1XFQpLrn:eL1ar","tlshash":"8e5504c05c4070710f10cc03d150147555054c011417040570fd45d41f301000030540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.102129Z","last_seen":"2025-09-22T16:57:47.102129Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"68e444de39c611d3ab11ed4dab95df72","sha1":"e2e9e7f0fd3272d07b959c5fa803b4cee20101c7","sha256":"785616060377930a018747a24f52f263aaba381b0a3a836960bbbbb8115092f0","sha512":"1a1168c3c5ad5f1dd9824f9eb4bbf41b6d7615aac127347ec67c0de7403f57ce6fdf3efefb5a8b14c12593a360524816633e3b2c5fda4b2cf7706a13ef4349af","ssdeep":"3:N/BKL1XFQpN/:eL1c/","tlshash":"3c5504c0544070710f54c403d1d01c5d5405450114370405707d55d41f303000410d40","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.104666Z","last_seen":"2025-09-22T16:57:47.104666Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"87297ff0e98b97b10793ecd604de40bd","sha1":"8b2e166d5601ba463795e8b63f2a1c589573dda8","sha256":"595e4237c145b278f35ccd9ffa3ec9c24a0ace43527c9198dd13ffec016a379c","sha512":"87f86a90c3b5fc41ee0778d70470a8cca40cd64945b4da4b4802d8dc72328ea2755eeaec8e24433762d1f9481cf2eb891a09df762e5179121dc85f4784f7cfc2","ssdeep":"3:N/BKL1XFQpETSn:eL1hSn","tlshash":"5c5504c154407c710f10f403d1d0345554055401141f1405707d05d41f305000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.109146Z","last_seen":"2025-09-22T16:57:47.109146Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"3e3531b713f122dfaabe3612a6264a4d","sha1":"41c8047311f85200261437441f3a714a68083f1e","sha256":"bfdd2d6494f6ecb2e297e63803b604da03b9d2212b00af895deec672f557b3a4","sha512":"ddc5979f42a61dde4c0d3a49f70c99d65ed4e3d7b764fe1ccf841f1ea4e7b1c52add45cbbb8797591522865f527664e3e792dbf19ee153d150bebcf9eae2b996","ssdeep":"3:N/BKL1XFQpFK:eL1UK","tlshash":"ed5504c0544070710f11c403d1501455541d4401141f0405707d07d41f7010001105c1","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.11197Z","last_seen":"2025-09-22T16:57:47.11197Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a175f5453d1b361033391756c542048a","sha1":"994c7422531dcdd02048b50a2849ef64d1f3bbed","sha256":"f7433a90053492468d6e1b3d6fa727a6fb32c7b7fc38ff3b67798c2bf36f288f","sha512":"a141ae608ce6c96f0d3724694923cbab6b3dcb98ca439ad5498fee853ae6a4e89c93eb4619cd719510e1bf348db1198157b3a285f016802b3857307a9d63305e","ssdeep":"3:N/BKL1XFQpbn:eL1gn","tlshash":"5d5504c0544070710f30c443d1f0745574174441141f0401705d05d41f301000110d45","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.113948Z","last_seen":"2025-09-22T16:57:47.113948Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"aaad7552a2cec9c13c3468c5ae653882","sha1":"a2a08782c5bc7b99ca19b79ca936d4b4a9f69788","sha256":"52cbad195192fd162dea5470c5c6360a64e6c26d204015ec5e73f732dde1dee2","sha512":"ab974e02b99f5647769e4a95a10ce945f38d70989073eeca8b56f3d2a42ac951ac1a28ec197cc32339aa29e25b9a360d4662552765efff7f51734e7439d99d80","ssdeep":"3:N/BKL1XFQpa:eL1V","tlshash":"935504c0544174710f10c403d150143d550d440114170401715d35d41f301100130540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.11546Z","last_seen":"2025-09-22T16:57:47.11546Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9634a05f3a78af19bd5f6266c58e13f0","sha1":"4249d6509a4857ba7a3337507c5fda6c04ada962","sha256":"72b1cd70bc451d806938fb898ad2bce89a9cf51722174b37725bcf7f1e2598ec","sha512":"ac3bb5c488c12985c99283a44835548bf46efb696a27123532fa428947851bfc26b9bb9a62bf8c34bddee19efdd41265c0aae2148adbd5873d0741ca282af65b","ssdeep":"3:N/BKL1XFQpEMT:eL1s","tlshash":"2f5504d0d440f0710f31cc03d1d014555c0554011417040570fd05d41f307000014540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.117109Z","last_seen":"2025-09-22T16:57:47.117109Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"be83b4d2ee0652d44c6a530de72eedbf","sha1":"b49eaf862b3c3763ca606ae82b7430ff95df5064","sha256":"c0948795be1ce77eb4b97c41f6872a903e69746da67e256a9b0e14967a7098a2","sha512":"08bcf1bf6f5b6a27c3abe77113d34579d072b3b350fbdcdfad715becd51792476373bb2b0d1c34eb6c8f2d62929fad0e9dd60a810458729c8aa8c0f674adf60f","ssdeep":"3:N/BKL1XFQpE1T:eL1XT","tlshash":"075504c0544071710f10c403d1d014555405540114170405707d05d41f7450000105c0","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.118915Z","last_seen":"2025-09-22T16:57:47.118915Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4f6062df77f00dcf31e1bcaedc43ee84","sha1":"c359e34f2d57fb24e441be28e566c18635a61d1f","sha256":"ccd5a0af2d2d320cbcac7ab16f2ca336a38b21728c021a410baab335af2fb817","sha512":"8347ad558078b8930096b2e180110f29d61d635124f851c16c927cdee66a530c6c59eaf812739d0f0bc78e314169e5f2aae153d75efe32c28802d2ce5a8f2f11","ssdeep":"3:N/BKL1XFQpLIn:eL1aIn","tlshash":"0c5504c0d44070710f10c403d150145555154c011417040d717f05d41f3010030115c0","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.120573Z","last_seen":"2025-09-22T16:57:47.120573Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"19429da3851ce7cb12745555f6564655","sha1":"29413ee9c2613cc1a7371ee5ffa4895342053156","sha256":"7620f43440898c717e510608d04577c28ddb6d3c4b80ccc61f9d8927eacf8355","sha512":"41689111b5052a6ec644ccadfe76b85ab0632083a959d707270daa2aef985a3e2ca4cce1ebed23062e84f7b6a56f328b7fa5d3c456a7f3e2c5a29410961d00ff","ssdeep":"3:N/BKL1XFQpFtn:eL1Utn","tlshash":"495504c0544070714f10c403d1503455540d444114170407707d05d41f301040110d40","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.128261Z","last_seen":"2025-09-22T16:57:47.128261Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc641eed053207cab1b0745ed62b9ea3","sha1":"1a2362d3bbf6179d3b2dadb02b8dbe3b05783c44","sha256":"9d5b19037591f3375618d7abd5c72d5c0beeb75d1064256c9a4c5fc0ad2c0c2b","sha512":"3336f01dd55b918437b8a08b0467a6319efb0aac5741aa9e0252e9283b2e4a8419ecc5f4d55a527f63889ed38e43464f3ea05876bb6ed0d7f95e48fdf47cc119","ssdeep":"1536:QlGfNShVj7qEOZ73WOFJkNm5arSi1BkiyGkPEqV0BCA3JezN8Ro1:QwVShN7q/5s1BkHPcRJezN821","tlshash":"88b319cfb9de7245433360f9001b25da61aaac446018492de901ede47ce375abbf7db8","size":117918,"data":"","first_seen":"2025-09-22T16:57:46.907446Z","last_seen":"2025-09-22T16:57:46.907446Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.346930+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":798,\"bytes_toclient\":582,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"aa6a9d71a8f574ec969529c8b5d59e21","sha1":"17986fe093316adc94bc24d2894db9e6881bacdd","sha256":"089930a11f256f9f38a8c2ba8436faebda12cfddffdcb7b6485b804d678d609a","sha512":"416286ac1d3afc6f33dc31187f411408b706303d1f3699122d371e9853f0dbf319fa09654d5c7e604ccc523fb0a3a593107052954969d7c8638739b538a44033","ssdeep":"3:N/BKL1XFQpn:eL1w","tlshash":"f65504c0d44174710f10c403d17414755415444314170411705d35d41f301000010d40","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.130965Z","last_seen":"2025-09-22T16:57:47.130965Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b6efb32b67f5e420462a2529d152bea9","sha1":"2c0e1cce63ac241a0eb73989da735752d2f4b653","sha256":"335291e4c7aee0fb1fcabfcb86319008195f5e9ab08c3a3b308f18d5c30e08e8","sha512":"9c4161e2325420930243be40a05ad27b192d170e68a44c4cf08f1b20c10fa05605d5a0ff55cc63630f509525ec3084c3603f189938f97cc1bb384eb9edf3e16a","ssdeep":"3:N/BKL1XFQpfn:eL1o","tlshash":"a25504c054c570710f10c403d150143554454411141f0401705d35d41f303100014540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.133157Z","last_seen":"2025-09-22T16:57:47.133157Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"f47389d2f1abd47dbebeef3e2d3ae8a7","sha1":"dde5aa75f9a647e73d3e2d3fdda68898f850f72d","sha256":"30893b81b3c71cdbd5cf34b54fb52f8eef50b27d8a3f2498a28d2b89bd987fda","sha512":"3524a8ed2b83fe9d62a0708424707959d6cc8e89a918407da7c46540b5982fea9230792acffc47517cf5d009231375b00d5ec2ff5689bfb74ea6a3c926653318","ssdeep":"","tlshash":"56b0028869e5a404e21975a5495fd144f12cc802148a0515658885515f114294167868","size":94,"data":"","first_seen":"2024-12-12T23:50:40.522517Z","last_seen":"2026-04-04T18:46:53.590679Z","times_seen":245603,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"144b0079a100f5622d5743a67a46cabd","sha1":"ed68158401fcbcba8d47a58b2513f8bd178d7c05","sha256":"1c9569c8d1b2b5655823838777416f92213f5a396d652f76ddc630780072dd6b","sha512":"c05e6f37a7137ac18b663e64f0d38c0071b996fd56458a410afaaac52bc5523b8bc1cf9b7967b79036d36ec8418d93dd05570726fabeec1e03a7d0be5aaf7374","ssdeep":"3:N/BKL1XFQpNed:eL1cC","tlshash":"965504c05440f0710f10cc03d150145554c5c50114170405747d05d41f303104410540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.138414Z","last_seen":"2025-09-22T16:57:47.138414Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"556e6d4a75d78155a97eb3275348ba0e","sha1":"8ed5df2c6cfe1a239340de30b41406460ed45c65","sha256":"e647118d2d7f533d07ddf41581670ee3110d7c1690ca1b27f5446620ca3b4bc5","sha512":"2aec3863cc754ac06c379a99c3c1adde88a37759e6c8e06632eb05a0e24f15bcc81a8e792d86e79b2302b8bab730d0f5b16192dcc1e9058d416c7e710f25d6dc","ssdeep":"3:N/BKL1XFQpIkn:eL1+n","tlshash":"9d5504c4544070710f10c403f1503c75540544051c170407707d45d41f701000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.140338Z","last_seen":"2025-09-22T16:57:47.140338Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b7dfc1e8a255ebc63c7148d9457cdedf","sha1":"0d57cb17634cba0bb72274c4ba57e2ce04ddb74e","sha256":"ea3f4d360e0611d061cab98cd478b74e63827ce1b56dc2c58679ade9b22ac9c5","sha512":"77bf90bb1c62a91d46a5a6b92f3c7fea8bb40bbed43aae182f0c78ab381a535d31a09293f078ad95d39b760ff84683e3d8cfceab48e2532f0151aaa018769445","ssdeep":"3:N/BKL1XFQpKJ:eL1d","tlshash":"b35504d0544070710f10c403d3d414d5750544011417040570fd05d41f3034040157c0","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.142103Z","last_seen":"2025-09-22T16:57:47.142103Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ff03fc8f0c3179fb4dcf4389f88a1c16","sha1":"05ff911d7ddf2d7c14b4316a87fd08f42c618f9f","sha256":"025229ec6bb50e915572750c5045d22c5fe16851fd077f1411f41b19aa1dfece","sha512":"4acb3551ec49556a2a64f4a47e480df29f611f67d0ef4b2474e90f7b86caed3dedb0b56eba12e577f1401d4d701c9a4f0898a06eee8f6d7dbe3b4b5283a854e8","ssdeep":"","tlshash":"4f60000000c000000000030cc00300003cc0003300fc0300c30c003000cf3cc0000000","size":14,"data":"","first_seen":"2024-12-12T23:50:40.182598Z","last_seen":"2026-04-04T18:46:53.565574Z","times_seen":247182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-04-04T18:46:53.546146Z","times_seen":666336,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6a46bd988af6455be08a0b0957cd9235","sha1":"1fbffa62aa90baa4e611fbc6e5b6ed01235f2349","sha256":"62c50845c3a61175982fe7361b22ceb8ad267ae55d3a3c2d0131c75baaac04e9","sha512":"432c6d4aec1a54d9fa1eb8903de88678fe146f04166ace833d63779952bc17fe2d8882c6d698a408d61b99fae4e7c63ef5bf8eecd56b482b7959854e5ab18887","ssdeep":"3:N/BKL1XFQpI9:eL1/","tlshash":"765504c0544070710f14c403d1501455740d44411c570405707d45d41f303000010540","size":1337359,"data":"","first_seen":"2025-09-22T16:57:47.144674Z","last_seen":"2025-09-22T16:57:47.144674Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","size":39,"data":"","first_seen":"2023-03-07T01:03:24Z","last_seen":"2026-04-04T18:46:53.62713Z","times_seen":747713,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"www.pekora.zip/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.337Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691 HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 98335656ddf25690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117918,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"dc641eed053207cab1b0745ed62b9ea3","sha1":"1a2362d3bbf6179d3b2dadb02b8dbe3b05783c44","sha256":"9d5b19037591f3375618d7abd5c72d5c0beeb75d1064256c9a4c5fc0ad2c0c2b","sha512":"3336f01dd55b918437b8a08b0467a6319efb0aac5741aa9e0252e9283b2e4a8419ecc5f4d55a527f63889ed38e43464f3ea05876bb6ed0d7f95e48fdf47cc119","ssdeep":"1536:QlGfNShVj7qEOZ73WOFJkNm5arSi1BkiyGkPEqV0BCA3JezN8Ro1:QwVShN7q/5s1BkHPcRJezN821","tlshash":"88b319cfb9de7245433360f9001b25da61aaac446018492de901ede47ce375abbf7db8","first_seen":"2025-09-22T16:57:46.907446Z","last_seen":"2025-09-22T16:57:46.907446Z","times_seen":1,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":1,"dns":1,"connect":1,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.346930+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=98335655bebb5691\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":798,\"bytes_toclient\":582,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/b/5783333ceb22/api.js?onload=DndV2\u0026render=explicit","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"GET /turnstile/v0/b/5783333ceb22/api.js?onload=DndV2\u0026render=explicit HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://www.pekora.zip\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:43 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Fri, 19 Sep 2025 11:55:05 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 983356576a51dfec-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49070,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (49069)","md5":"f7cbbd4a46cb9ee9282e6f4337d5e31a","sha1":"e39621a6d78045a52188ec4462c8863203c71d3d","sha256":"e14d9d846b4464b05ad6cd15328f9d7196f960cc6ed30fc8a3a27a782e28f0ad","sha512":"4c9e836eaee72ece3096f68fd2644763a5d7e791475541631bf3560ac8b8cf8d7969b160479862d5f1a4887bf4a0c9f8284857d37d90dbbf2408e22df1616c9d","ssdeep":"768:2C6BtV2fM2txa+Qnr7dd5buBKu5PUJ1RvPPBrhfsskjvM8PFY13Fop+ORWqxIrm7:g2E2txa+QnrJfGPOFdkjJaI","tlshash":"94232c583256793267e984e1617ba74373297939e94ccc50d823c86532bcec9d233fba","first_seen":"2025-09-19T16:22:31.849963Z","last_seen":"2025-12-23T23:29:05.321053Z","times_seen":7412,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":14,"dns":1,"connect":1,"send":0,"wait":10,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","date":"2025-09-22T16:56:43.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 86\r\ncf-ray: 9833565a3f8f7131-OSL\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":86,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced","md5":"70c202196187ab3c11b4e094c20c6de1","sha1":"9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863","sha256":"6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643","sha512":"7e6168e40cce79239fc00a05381e1e95ca3534905d3fc1467973927f317b7f12b6f3e76960d5202c40046618b51e0895082e22338b1b9971038fa0ba158117e4","ssdeep":"","tlshash":"4ea022f3b2203c3eeb2a2333022e8030f83020b803828e0c000eec332a20208c0ca2c2","first_seen":"2025-05-13T14:11:45.873663Z","last_seen":"2026-04-03T11:40:49.866694Z","times_seen":265776,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pekora.zip/pekora.zip","fqdn":"pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T16:56:42.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pekora.zip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 22:10:12 GMT","end":"Fri, 07 Nov 2025 23:08:52 GMT"},"fingerprint":{"sha1":"A7:59:5D:19:DC:D4:F7:81:81:3D:C2:4D:A9:92:61:45:EE:DC:8A:4A","sha256":"DB:AE:4F:06:B5:63:0A:2B:60:2D:A7:63:9D:C8:EC:B3:8F:99:93:2A:3C:0D:BB:C3:12:A7:E8:63:5F:4E:80:5A"}}},"request":{"raw":"GET /pekora.zip HTTP/1.1\r\nHost: pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Mon, 22 Sep 2025 16:56:42 GMT\r\nlocation: http://www.pekora.zip/pekora.zip\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sDpSRFLmzS6aVfTVMey4cOWZQTb9fls0nX9u706TJHGrRPbAqxyOKRWBiA%2Ba4f7HEE6nDvVpck1FX88rWygdqtSr7d8PIs2X\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 98335654afea5684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5452,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T18:47:00.89111Z","times_seen":13342615,"resource_available":true,"data":null}},"time_used":464,"timings":{"blocked":229,"dns":24,"connect":1,"send":0,"wait":6,"receive":0,"ssl":201},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/cdn-cgi/challenge-platform/h/b/flow/ov1/464871312:1758558406:BWgTAvvnkMKAqetGWBMTGw6aZctge1dwYQJJ1yPyNtY/98335655bebb5691/SK3cLxYGbUJOm1S3Drt_oTZAu5elxFjyxktz5zDW3Mk-1758560203-1.2.1.1-bAQ4z5r.ZjYSYNjYYfhVVTnZU2c.NDl7K85NyQNsyMOGU00nHjK9gE_OvzU89N3E","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.614Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/flow/ov1/464871312:1758558406:BWgTAvvnkMKAqetGWBMTGw6aZctge1dwYQJJ1yPyNtY/98335655bebb5691/SK3cLxYGbUJOm1S3Drt_oTZAu5elxFjyxktz5zDW3Mk-1758560203-1.2.1.1-bAQ4z5r.ZjYSYNjYYfhVVTnZU2c.NDl7K85NyQNsyMOGU00nHjK9gE_OvzU89N3E HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.pekora.zip/auth/home\r\ncf-chl: SK3cLxYGbUJOm1S3Drt_oTZAu5elxFjyxktz5zDW3Mk-1758560203-1.2.1.1-bAQ4z5r.ZjYSYNjYYfhVVTnZU2c.NDl7K85NyQNsyMOGU00nHjK9gE_OvzU89N3E\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2114\r\nOrigin: http://www.pekora.zip\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncf-chl-gen: XTK3wZ2Ftj5bYHpIZjptHlzNC2/byFknNgLzgjfeqxU=$0DoYtsHK+x6HogcD746AXw==\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 983356589f335690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19328,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (19328), with no line terminators","md5":"fb3074e740d3def1fccf4e03c7e1a185","sha1":"448c6adf987030a363eac5cca717e310e3428e8d","sha256":"92f7e427caaeb02b7295d13c7b05a21b7492598798ce7de024afe751c39ad094","sha512":"9e8d0f435ac39acb12f8eb729460d2e226024495b423ce45f8f7809ca0ad63166db6a8f5c53d3b595faeec0ed502a7b33666d15897a75458cc89e91a97b3d27d","ssdeep":"384:puMwW9J6pAoSit4KPryOQnQ/lCAz0LcDL6VBg92ZEzOLLefvzKfE6gTLgjz:puMwxSLmlYi3zUqgG4ZLL2zQE6gHS","tlshash":"3692d1feecd28fd4cb5a31f97dbbb4140d863622427138662798294542239f6506768f","first_seen":"2025-09-22T16:57:46.911802Z","last_seen":"2025-09-22T16:57:46.911802Z","times_seen":1,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: br\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npermissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\ncontent-security-policy: default-src 'none'; script-src 'nonce-QXypBS4Za3KfqKSZ' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nreferrer-policy: same-origin\r\ndocument-policy: js-profiling\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 98335659cf1c7131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (27150), with no line terminators","md5":"9ca9fe5eb88eb5f634a7d00b5c8b2b64","sha1":"c636cf814eddb0a860125e99d7c3edf155731291","sha256":"74110ed45e68dfcfea5536110b46bbb1d8b5d400e2be7da8e942ee05fa108637","sha512":"72cb0f7dbf690b43a11250865fdc785b6286d736a86216a6ca08e7f35e2ebc6da175d75f9dabf6bdc6a6f4c2a7c758ed592d30586a337f4e6c8fb389dd1aff9f","ssdeep":"384:F+6U+qdB83E29aJC6tHzSk1b2xdLVSmda3mDI9FBW+jZP2C+G:CdGrkHzlJUdLV9da3m8GCd","tlshash":"33c2c8038a101b7e7453872db3d1b5c9a338ba025f56b2b7f25053a58f4d69e3b53b0a","first_seen":"2025-09-22T16:57:46.917656Z","last_seen":"2025-09-22T16:57:46.917656Z","times_seen":1,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1243622019:1758558406:NM0AT8lfqCk1q3u_5X7iZSsberZIvkj8mzxaao-XF4Y/98335659cf1c7131/WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","date":"2025-09-22T16:56:44.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1243622019:1758558406:NM0AT8lfqCk1q3u_5X7iZSsberZIvkj8mzxaao-XF4Y/98335659cf1c7131/WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto\r\ncf-chl: WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 4055\r\nOrigin: https://challenges.cloudflare.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:44 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-encoding: br\r\ncf-chl-gen: ICzfQ53eHRjmAySgtLnBxZqCTkQ2QZtzq1+pxmKZ0SeQKBlEzypVZLDkz76rPgOFTCJDHZLkSELTgMROdVHxA2KmlUaBBsh+O6go9nPRMmelNFKHraELVcv24i4AUT1hHQ1KPc3pzgPYNKowF7LEYeTdfIMtOIFC3u1d1LAF6ka5qhSIOjWFe9fLR6t9Lv6hvv4rQaLdTQJzUG640CvKnsCzVrSpq+wyztt5UEZ5UdVsr9Wg76JN8AuTDWnI7nSNyIdn+CSjIE/+9mLCuTL84j0TgkOffioQ38r2op72GCD0WOjZxRTAa6jQEyJ2qo9wi7Y1JQFWubExtdCeb+hIkJBuwmrONVb40lH4O+U0tSjKtgusxC5c3ISOsMenvQ34DosDj8m/Ia0HJ4PXQqFWMEMoXkljxE1RS5zUw6BAPXycU/1vUCGvt3C+Amnjp9j3SN+k2WVw38nbT0fzBAVTLen0SIK5uKEC4d7qBZ4y1ka0+rqZ92eZAqvdcQMgFS1cSexcyh7Tuhmc0KGq6i03onRBWRh8/86dH+NQkevHdpbHJvAPzLaRyJ8MOZ9H2zQ+8l1D2tcDb2LW7UgEoA4PpBEJClAjztFX8+yBGspUh8bxImwSh3bF20RleNNIIoRpfOorpWnP7k/izeyd7S7/Jy8rnv5lNyRDl24zuArr91xF/sye5MXmJ2SmJ/YkP4RZ1I05wF68KVUj0tfQu4OaY8zSuzi6bHQ/jS4PR7QvoGjrFQ6F0WbE9czkCDxpPwdeyQGlG/UdxM535LcOBV863g==$9xF+tHCmDS+BsZSmscWwhQ==\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9833565c89357131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":264892,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5b59a8d0d30f91630c70b7666019843e","sha1":"7a903f09c782daf1e59f33fc8e51560048a73ad4","sha256":"86fb390774a213d9dafd25a1d22034a2364290cba1970374211b9e4fa7a4db84","sha512":"68286daad9d6a990a916b2bbd42f1804bed2789507a153d14e62d1677e88b01d3b115eefa6ff0399aaf54b7051af414b6cfd457776521d63248567808ee7192f","ssdeep":"6144:F+FutYCg7fzYCPcwUHrjaweLxWw2Eq0joH7QRdPUZT400V:F0ut47fzdPZUvan2JQRlqT41V","tlshash":"3044224b599fbfa6470d423052b0ba36ad60ab840875bc68d6f53cefd9dbd00817271b","first_seen":"2025-09-22T16:57:46.921356Z","last_seen":"2025-09-22T16:57:46.921356Z","times_seen":1,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/98335659cf1c7131/1758560204264/p_exTIwLYarc-uq","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","date":"2025-09-22T16:56:46.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/d/98335659cf1c7131/1758560204264/p_exTIwLYarc-uq HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 287\r\ncf-ray: 983356687aa27131-OSL\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":287,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 29 x 40, 8-bit/color RGBA, non-interlaced","md5":"afc123dfc7b013fd86d4c671b23adde1","sha1":"56ae03bf41f6cc5d005679f8a0592b2eed1abc70","sha256":"81849700c269947abb411a7f98d0654c9fed5880c43fc5c25716d8de36fe41de","sha512":"ac8af94954a0f2ae1537ff56c918f2a24d318e9bd71d48e4b8c848e603c2860c2326cc687963aa60ce889fb5828c9a9ed516d471ab294e38e7e2b7d12941a965","ssdeep":"","tlshash":"92d04eb2e795a7208a4b9b23f254f204c86c0899372c5678d73fec382f336b58744180","first_seen":"2025-05-14T15:46:37.678337Z","last_seen":"2026-04-01T04:48:59.949892Z","times_seen":119,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/favicon.ico","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.358Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nContent-Type: image/x-icon\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data: https://cdn.discordapp.com https://*.pekora.zip https://*.cdn.com https://*.archive.org http://*.archive.org https://challenges.cloudflare.com/*; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/gulpfile.min.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com https://*.archive.org; style-src 'unsafe-inline' 'self' http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://pekora.zip https://www.pekora.zip https://cdn.jsdelivr.net/npm/bootstrap-icons/font/bootstrap-icons.css https://cdn.jsdelivr.net/gh/AllienWorks/cryptocoins@2.7.0/webfont/cryptocoins.css https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css https://pekora.zip/fonts/gotham1.css http://*.pekora.zip https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/webfont/cryptocoins.min.css; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net http://www.pekora.zip https://pekora.zip https://*.pekora.zip https://www.pekora.zip/fonts/GothamSSmBold.woff2 https://www.pekora.zip/fonts/GothamSSmMedium.woff2 https://www.pekora.zip/fonts/GothamSSmBook.woff2; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/* ws://localhost:*; worker-src 'self';\r\nAge: 6729\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Mon, 22 Sep 2025 15:04:34 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BAZwDv%2BC80psl2d7xU1NrC%2BqaqV48PfpRYEoc4oQBGOqwu%2FqhpxQhqKzySfVUqZBsZgz1Rl9Japfl3AMYWfkVhj2WHFvG7OqS6o3BQ%3D%3D\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 98335656fe145690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"hCaptcha","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"677c40e1598f3740487c46fbc7cab9bb","sha1":"ba68f81e693de00e67877d12fe393c4636a7bb43","sha256":"5aeb4fa5ddd1e3c0e37c273478cd09f8db1315d09efad31eeaab5dafdda28b0a","sha512":"ab592e1a11d008634b693bda8d7e3841f20e8ed6dd8c5219e10a78e583410b4beef049e0d2d671c69f86a68aa2b61b3174c2a668204fbe41bedf1f657a76cb28","ssdeep":"96:Qis99Hyw9QNUv+fNRpxOsxJ5inKLm1VgaUyPGXOgAYcfnges8a86ujpflvvwfZeE:QJ9hfeIXQ5mgA3nhq0jHvVEd4","tlshash":"506207a7b306560ce93f5b7cc107a821a03a6d251873611192bf771b24336b7d6be1a7","first_seen":"2025-09-22T16:57:46.924306Z","last_seen":"2026-03-04T12:57:45.925627Z","times_seen":6,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.368987+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":39,\"bytes_toserver\":2536,\"bytes_toclient\":52355,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.405750+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":48,\"bytes_toserver\":3228,\"bytes_toclient\":61927,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/auth/home","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T16:56:43.154Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /auth/home HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: close\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncf-mitigated: challenge\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\npermissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=rZmlKVtImzx70cR6QCqrDE%2FwVZn8NNOdZH0XfE3ZqmtweMBqPgGHmYfhKj7qTFN%2Fjz0WzxuQRKrn6MYt7l%2F%2BnBaasxeyL4QZiwqa1OynM1DBftCtyFoLFhRoa613ozR9EQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 98335655bebb5691-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: chlray;desc=\"98335655bebb5691\", cfL4;desc=\"?proto=TCP\u0026rtt=493\u0026min_rtt=406\u0026rtt_var=153\u0026sent=6\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2616\u0026recv_bytes=817\u0026delivery_rate=5569230\u0026cwnd=253\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5452,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (5452), with no line terminators","md5":"6c929adcf9ea58901fa38add986f7611","sha1":"4b25e4d685bddc0e64c74a78d6beaeca7bdae3b4","sha256":"6a6900df3619c77f8f49035cedd7ddc2dac6038a096ab0c134160a53bad67d89","sha512":"f3c7cb78c9c8ac308a1368679bae42eafa218a3ee1f472c7c9aab05d1d29baf87fdc0b7a93f4593add440ebd615c0827b30a9272b41d105888c42459fffcecf4","ssdeep":"96:PNybXZtIEb0EFW87IBtq4Jmgg++8JDU5OwKCKC/eUSP2mYzueh8omw:PNadBiqWg+RjwKeXDLy5w","tlshash":"a0b12aa3d6035037d7bf09f3857bb3345164a293da062494e6d0f6acc4def0b826a548","first_seen":"2025-09-22T16:57:46.926395Z","last_seen":"2025-09-22T16:57:46.926395Z","times_seen":1,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.172598+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/auth/home\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1419,\"bytes_toclient\":5358,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/favicon.ico","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.pekora.zip/auth/home","date":"2025-09-22T16:56:43.397Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://www.pekora.zip/auth/home\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nContent-Type: image/x-icon\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data: https://cdn.discordapp.com https://*.pekora.zip https://*.cdn.com https://*.archive.org http://*.archive.org https://challenges.cloudflare.com/*; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/gulpfile.min.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com https://*.archive.org; style-src 'unsafe-inline' 'self' http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://pekora.zip https://www.pekora.zip https://cdn.jsdelivr.net/npm/bootstrap-icons/font/bootstrap-icons.css https://cdn.jsdelivr.net/gh/AllienWorks/cryptocoins@2.7.0/webfont/cryptocoins.css https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css https://pekora.zip/fonts/gotham1.css http://*.pekora.zip https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/webfont/cryptocoins.min.css; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net http://www.pekora.zip https://pekora.zip https://*.pekora.zip https://www.pekora.zip/fonts/GothamSSmBold.woff2 https://www.pekora.zip/fonts/GothamSSmMedium.woff2 https://www.pekora.zip/fonts/GothamSSmBook.woff2; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/* ws://localhost:*; worker-src 'self';\r\nAge: 6729\r\nCache-Control: max-age=14400\r\ncf-cache-status: HIT\r\nlast-modified: Mon, 22 Sep 2025 15:04:34 GMT\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S9QtwvmOvzAJNvOv%2BOFjP%2FA8Puujd0npFeEw4afdcOw91vizVaTmrd22ayQDIZm6Js8xUtvePZ7PhSGCBUT%2FfwJRw0VOGesFLgCHyA%3D%3D\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 983356573e515690-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"hCaptcha","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"677c40e1598f3740487c46fbc7cab9bb","sha1":"ba68f81e693de00e67877d12fe393c4636a7bb43","sha256":"5aeb4fa5ddd1e3c0e37c273478cd09f8db1315d09efad31eeaab5dafdda28b0a","sha512":"ab592e1a11d008634b693bda8d7e3841f20e8ed6dd8c5219e10a78e583410b4beef049e0d2d671c69f86a68aa2b61b3174c2a668204fbe41bedf1f657a76cb28","ssdeep":"96:Qis99Hyw9QNUv+fNRpxOsxJ5inKLm1VgaUyPGXOgAYcfnges8a86ujpflvvwfZeE:QJ9hfeIXQ5mgA3nhq0jHvVEd4","tlshash":"506207a7b306560ce93f5b7cc107a821a03a6d251873611192bf771b24336b7d6be1a7","first_seen":"2025-09-22T16:57:46.924306Z","last_seen":"2026-03-04T12:57:45.925627Z","times_seen":6,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.368987+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home?__cf_chl_rt_tk=huKMiBXWquxyr1u3JaAjJf0SzmAymmfNKPCqaobr_k8-1758560203-1.0.1.1-qKQgoQOtSEA_i8i_kMQMUuh.jxXh.D8ESVJAczEW5fM\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":39,\"bytes_toserver\":2536,\"bytes_toclient\":52355,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":57564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.405750+0000\",\"flow_id\":771380417864440,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":57564,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":57564},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://www.pekora.zip/auth/home\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":28,\"pkts_toclient\":48,\"bytes_toserver\":3228,\"bytes_toclient\":61927,\"start\":\"2025-09-22T16:56:43.336632+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=98335659cf1c7131\u0026lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","date":"2025-09-22T16:56:43.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=98335659cf1c7131\u0026lang=auto HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:43 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9833565a4fa27131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":143928,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dce797008e09cedbe09fa0d2b46896c6","sha1":"c68abaf7cd72d50b8dfd1c3f5c30775948b58efb","sha256":"74916f67fab329211fc0a25b3923f7a4432333caf23d3898790ef62013c734ff","sha512":"518f42b6210bfbbe400469d819c00d4882c0035279f82a88dbb7ee0cafb6a6f5f223b50ad650b7ebb0345fd6920823779391e4428cbfe788575d58f624e90255","ssdeep":"1536:ylBydFwfZILOXoMEmsU0wyeHsqQJxnbxO19v7ZisEiRcRT6ObJkxCaoKYm:ylByQoAJEmsU0zdJ1Q19v7aim6OkPYm","tlshash":"95e3fa8e75ca7786536230f2082b14fe719b6ca42028495dfa07f9e47ce17542ee6df8","first_seen":"2025-09-22T16:57:46.928338Z","last_seen":"2025-09-22T16:57:46.928338Z","times_seen":1,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1243622019:1758558406:NM0AT8lfqCk1q3u_5X7iZSsberZIvkj8mzxaao-XF4Y/98335659cf1c7131/WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto","date":"2025-09-22T16:56:50.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 18:43:17 GMT","end":"Sun, 23 Nov 2025 19:43:11 GMT"},"fingerprint":{"sha1":"E6:D7:22:96:F5:75:38:F4:31:98:86:D2:9F:14:0C:18:3E:EA:F1:7A","sha256":"8C:19:99:03:18:5F:A0:C5:46:F9:CE:6C:A5:40:91:3A:C6:83:68:6F:EE:9B:6D:71:DF:32:C6:91:6D:55:64:6C"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1243622019:1758558406:NM0AT8lfqCk1q3u_5X7iZSsberZIvkj8mzxaao-XF4Y/98335659cf1c7131/WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rch/hkwiz/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto\r\ncf-chl: WRZiXTgD6QsyyKFYW49QhNiMRa1BoWU.Fx7wypbFW6E-1758560203-1.2.1.1-XgK4ic.wH4BQLy1T2_s73CGwHymncbUOJxExLEwOlbBYG3s0dT749.QVU4mMRdwu\r\ncf-chl-ra: 0\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 33612\r\nOrigin: https://challenges.cloudflare.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 22 Sep 2025 16:56:50 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-encoding: br\r\ncf-chl-gen: +xNGmUe5IcF8TeeHDWNWHq4+uDWumJ8y7foE8ok/IIErWzvBkM2Vb4pm+8GlkUO1$NyiPk5JNgb3OEPgHbU0CKQ==\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 983356829f687131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29224,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (29224), with no line terminators","md5":"a079307a943d46fb0843b5d479ba5a56","sha1":"b02065e1a3dbcc561ed8ff3127c5785cb0076d78","sha256":"1eb2c7e9aaaea0f38e490cfc9a39b0617bf7a47af4a471415989a57a0f11c41f","sha512":"b4aebfe6b691c837a0084db6d998d5236da07d526dacfa4dde857ca26afb78f7cf6b69b28eeff03ad9f126f901163bb4509b4fe904b63f1d57624594d4ae5968","ssdeep":"768:DDXUb3CSDRAitvWK1h+ryTcKy82CtBLu4iKhC7EOL:HXUb3VpWY4r4R3LuIhCoOL","tlshash":"64d2e0731db2ae0d5bf0a23f97802ce4a8f19a9a86472005f4b76d8df26c5f1693530d","first_seen":"2025-09-22T16:57:46.930555Z","last_seen":"2025-09-22T16:57:46.930555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.pekora.zip/pekora.zip","fqdn":"www.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T16:56:43.003Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /pekora.zip HTTP/1.1\r\nHost: www.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Mon, 22 Sep 2025 16:56:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: cloudflare\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nAccess-Control-Allow-Origin: *\r\nLocation: /auth/home\r\nCross-Origin-Opener-Policy: same-origin\r\nCross-Origin-Resource-Policy: cross-origin\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; img-src 'self' data: https://cdn.discordapp.com; child-src 'self'; script-src 'unsafe-eval' 'self' https://challenges.cloudflare.com/turnstile/v0/api.js https://translate.google.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://pekora.zip http://*.archive.org https://*.archive.org http://js.rbxcdn.com/46eace8231bf3c1ce64c55407d9ae60d.js https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/gulpfile.min.js; frame-src 'self' https://hcaptcha.com https://challenges.cloudflare.com http://challenges.cloudflare.com https://*.archive.org; style-src 'unsafe-inline' 'self' http://*.archive.org https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://pekora.zip https://www.pekora.zip https://cdn.jsdelivr.net/npm/bootstrap-icons/font/bootstrap-icons.css https://cdn.jsdelivr.net/gh/AllienWorks/cryptocoins@2.7.0/webfont/cryptocoins.css https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css https://pekora.zip/fonts/gotham1.css http://*.pekora.zip https://cdn.jsdelivr.net/npm/cryptocoins-icons@2.9.0/webfont/cryptocoins.min.css; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net http://www.pekora.zip https://pekora.zip https://*.pekora.zip https://www.pekora.zip/fonts/GothamSSmBold.woff2 https://www.pekora.zip/fonts/GothamSSmMedium.woff2 https://www.pekora.zip/fonts/GothamSSmBook.woff2; connect-src 'self' https://*.pekora.zip wss://*.pekora.zip https://hcaptcha.com https://*.hcaptcha.com https://*.cdn.com https://*.archive.org/* https://web.archive.org https://challenges.cloudflare.com/* ws://localhost:*; worker-src 'self';\r\ncf-cache-status: BYPASS\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DoZnjgJolzeqcvwc3lLQQx0Q76lQdRQOPcRPM%2BTrbGvoN%2Ba04SU5iprCWEXdBaa1o17x1xm7vLttYFtL3mBHAZOV9jD%2F1PaoBKTpyA%3D%3D\"}]}\r\nCF-RAY: 98335654fe025691-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"hCaptcha","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}],"data":{"size":5452,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T18:47:00.89111Z","times_seen":13342615,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":33,"dns":33,"connect":1,"send":0,"wait":83,"receive":29,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-22T16:56:43Z","timestamp":1758560203,"ip_dst":{"addr":"172.67.144.192","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":33896,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-09-22T16:56:43.118936+0000\",\"flow_id\":2213016255564112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":33896,\"dest_ip\":\"172.67.144.192\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"172.67.144.192\",\"port\":80},\"target\":{\"ip\":\"172.18.0.12\",\"port\":33896},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"www.pekora.zip\",\"url\":\"/pekora.zip\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/auth/home\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":681,\"bytes_toclient\":1654,\"start\":\"2025-09-22T16:56:43.035152+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"www.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}