{"report_id":"e04bbadc-e8e3-457c-a31a-c75ee10eed63","version":6,"status":"done","tags":[],"date":"2025-10-14T07:27:36Z","url":{"schema":"http","addr":"setup.pekora.zip/version-7e043f9d229d4b9a-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"setup.pekora.zip/version-7e043f9d229d4b9a-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"title":"Not Found"},"submit":{"url":{"schema":"http","addr":"setup.pekora.zip/version-7e043f9d229d4b9a-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"172.67.144.192","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-18T07:27:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-14T07:27:11Z","timestamp":1760426831,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.24","port":35132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-10-14T07:27:11.671939+0000\",\"flow_id\":841487093857217,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":35132,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":35132},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-7e043f9d229d4b9a-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":886},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":717,\"bytes_toclient\":7188,\"start\":\"2025-10-14T07:27:11.588737+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"setup.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"setup.pekora.zip","ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-16","domain_rank":0,"first_seen":"2024-12-21T05:30:22.11876Z","last_seen":"2025-09-12T14:08:32.938605Z","alert_count":4,"request_count":2,"received_data":55390,"sent_data":974,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-14T07:27:11Z","timestamp":1760426831,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.24","port":35132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-10-14T07:27:11.671939+0000\",\"flow_id\":841487093857217,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":35132,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":35132},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-7e043f9d229d4b9a-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":886},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":717,\"bytes_toclient\":7188,\"start\":\"2025-10-14T07:27:11.588737+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"setup.pekora.zip/version-7e043f9d229d4b9a-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-14T07:27:11.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"deb1fe9d.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Oct 2025 16:21:57 GMT","end":"Thu, 08 Jan 2026 17:21:51 GMT"},"fingerprint":{"sha1":"ED:04:E2:F7:0A:60:7A:14:E6:34:A0:69:59:BF:F2:82:34:85:1C:6A","sha256":"A4:FB:AC:BC:27:98:A9:34:CE:FA:EE:29:2F:B8:82:09:49:58:DD:08:BB:47:79:40:D8:75:B9:EB:25:9C:55:10"}}},"request":{"raw":"GET /version-7e043f9d229d4b9a-projectxversion.txt HTTP/1.1\r\nHost: setup.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 14 Oct 2025 07:27:11 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xYfCwA1GQGOFfJdto5HYv08%2BPFufZftKZbqVBJErYrQLsNJ2l5w77WlzlPEJyOGvtcEY5TpLOIQlAG%2FI97mQjmszpFGAvp4Ynt%2FO%2FeeTOzU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncf-ray: 98e55a506c942efa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-04T17:42:20.907497Z","times_seen":30098,"resource_available":true,"data":null}},"time_used":173,"timings":{"blocked":47,"dns":29,"connect":1,"send":0,"wait":78,"receive":0,"ssl":16},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-14T07:27:11Z","timestamp":1760426831,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.24","port":35132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-10-14T07:27:11.671939+0000\",\"flow_id\":841487093857217,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":35132,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":35132},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-7e043f9d229d4b9a-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":886},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":717,\"bytes_toclient\":7188,\"start\":\"2025-10-14T07:27:11.588737+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"setup.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"setup.pekora.zip/version-7e043f9d229d4b9a-projectxversion.txt","fqdn":"setup.pekora.zip","domain":"pekora.zip","tld":"zip"},"ip":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-14T07:27:11.592Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /version-7e043f9d229d4b9a-projectxversion.txt HTTP/1.1\r\nHost: setup.pekora.zip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 14 Oct 2025 07:27:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5skE6HnIDOjF55yTKQKc68oyk5arXOmL6UJspkV7xxDZ9U%2FcS5EG1q%2Fizzl3BXtyOqRnxn3HldxIuB%2FUb3bAxFvAounsnEl8fipMX8On9Ng%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nVary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nContent-Encoding: gzip\r\nCF-RAY: 98e55a516cce1525-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-04T17:42:20.907497Z","times_seen":30098,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-14T07:27:11Z","timestamp":1760426831,"ip_dst":{"addr":"104.21.95.120","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.24","port":35132,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO HTTP Request to a *.zip Domain","source":"{\"timestamp\":\"2025-10-14T07:27:11.671939+0000\",\"flow_id\":841487093857217,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.24\",\"src_port\":35132,\"dest_ip\":\"104.21.95.120\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045975,\"rev\":3,\"signature\":\"ET INFO HTTP Request to a *.zip Domain\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.21.95.120\",\"port\":80},\"target\":{\"ip\":\"172.18.0.24\",\"port\":35132},\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_06_05\"]}},\"http\":{\"hostname\":\"setup.pekora.zip\",\"url\":\"/version-7e043f9d229d4b9a-projectxversion.txt\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":886},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":717,\"bytes_toclient\":7188,\"start\":\"2025-10-14T07:27:11.588737+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"setup.pekora.zip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}