URL User Request GET HTTP/1.1 IP 198.55.103.15:80
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (507)
Hash a76b2b824459a563428efee4e4e10dfa
22e5446e82b3e46da34b5ebce6de5751664fb867
4fee32fb8b130a7d5c4b176767a85ab4c5bd6cb1f6cd0a7c506aa476ccfaec0e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET / HTTP/1.1
Host: etc-yppppppoty.zzux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 08:12:43 GMT
Content-Type: text/html
Content-Length: 4833
Last-Modified: Fri, 16 May 2014 15:12:48 GMT
Connection: keep-alive
ETag: "53762af0-12e1"
Accept-Ranges: bytes
etc-yppppppoty.zzux.com/img/centos-logo.png
198.55.103.15200 OK 3.0 kB URL GET HTTP/1.1 etc-yppppppoty.zzux.com/img/centos-logo.png
IP 198.55.103.15:80
ASN #8100 ASN-QUADRANET-GLOBAL
Requested by http://etc-yppppppoty.zzux.com/
File type PNG image data, 100 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 2ce1e69697251116dca5bf7b17690010
76bda5761b81e1dc29357acf760b05112d85d18b
69dbbb0073c44a64da2de10dc969dd5b0118bc09a28f77be63a62ddaf382d6e4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /img/centos-logo.png HTTP/1.1
Host: etc-yppppppoty.zzux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://etc-yppppppoty.zzux.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 08:12:43 GMT
Content-Type: image/png
Content-Length: 3030
Last-Modified: Sun, 28 Dec 2008 06:10:39 GMT
Connection: keep-alive
ETag: "4957185f-bd6"
Accept-Ranges: bytes
etc-yppppppoty.zzux.com/img/html-background.png
198.55.103.15200 OK 1.8 kB URL GET HTTP/1.1 etc-yppppppoty.zzux.com/img/html-background.png
IP 198.55.103.15:80
ASN #8100 ASN-QUADRANET-GLOBAL
Requested by http://etc-yppppppoty.zzux.com/
File type PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced\012- data
Hash c0286057b6d3c023125b921a96a73938
9095eee294484da98aacc3d9818a3ee9101b3123
79dda1a317f732bc2e6c15013254e833d65ecbb99feb572df0309a2c14f1b7d3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /img/html-background.png HTTP/1.1
Host: etc-yppppppoty.zzux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://etc-yppppppoty.zzux.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 08:12:43 GMT
Content-Type: image/png
Content-Length: 1801
Last-Modified: Sun, 28 Dec 2008 06:10:39 GMT
Connection: keep-alive
ETag: "4957185f-709"
Accept-Ranges: bytes
etc-yppppppoty.zzux.com/favicon.ico
198.55.103.15404 Not Found 3.7 kB URL GET HTTP/1.1 etc-yppppppoty.zzux.com/favicon.ico
IP 198.55.103.15:80
ASN #8100 ASN-QUADRANET-GLOBAL
Requested by http://etc-yppppppoty.zzux.com/
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0723e124f290ef0c356627361c46b792
073b4812a3b57c6f67cfdaa9a6e8ac68797ec492
7f8c7f918148b32820b0c39f8904de975147f2a5d34a3f676298a691ae857284
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /favicon.ico HTTP/1.1
Host: etc-yppppppoty.zzux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://etc-yppppppoty.zzux.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 08:12:44 GMT
Content-Type: text/html
Content-Length: 3650
Connection: keep-alive
ETag: "60b6cf1d-e42"
etc-yppppppoty.zzux.com/img/header-background.png
198.55.103.15200 OK 83 kB URL GET HTTP/1.1 etc-yppppppoty.zzux.com/img/header-background.png
IP 198.55.103.15:80
ASN #8100 ASN-QUADRANET-GLOBAL
Requested by http://etc-yppppppoty.zzux.com/
File type PNG image data, 280 x 185, 8-bit/color RGBA, interlaced\012- data
Hash 7a40c93046dbdba584c6dd907d43701e
d2c8070a41c9ff7703b399ed237e34f928ccb27b
14a76d84a155acadb5d84695e7e6f2ba8042d2527fadf4e71ee1c84581164e8c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /img/header-background.png HTTP/1.1
Host: etc-yppppppoty.zzux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://etc-yppppppoty.zzux.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 05 Dec 2023 08:12:43 GMT
Content-Type: image/png
Content-Length: 82896
Last-Modified: Fri, 16 May 2014 14:33:46 GMT
Connection: keep-alive
ETag: "537621ca-143d0"
Accept-Ranges: bytes