{"report_id":"47f17a15-a989-4b11-9966-ec703bf2b9d0","version":6,"status":"done","tags":["dyndns"],"date":"2023-12-05T08:12:33Z","url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"title":"Welcome to CentOS"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:03:17Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"etc-yppppppoty.zzux.com","ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"domain_registered":"2000-11-15","domain_rank":0,"first_seen":"2023-01-11 16:54:19","last_seen":"2023-12-05 09:12:10","alert_count":10,"request_count":5,"received_data":97338,"sent_data":1916,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36588,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:21.141718+0000\",\"flow_id\":139615887763862,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":36588,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":46360,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.141718+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36588,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:21.141718+0000\",\"flow_id\":139615887763862,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":36588,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":46360,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.141718+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52321,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:21.141876+0000\",\"flow_id\":98719209171508,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":52321,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2671,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.141876+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52321,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:21.141876+0000\",\"flow_id\":98719209171508,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":52321,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2671,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.141876+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:21.187016+0000\",\"flow_id\":2155231154920072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":34618,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":3350,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.187016+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:21.187016+0000\",\"flow_id\":2155231154920072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":34618,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":3350,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.187016+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59235,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:21.693181+0000\",\"flow_id\":234027858891709,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":59235,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":93,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.693181+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59235,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:21.693181+0000\",\"flow_id\":234027858891709,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":59235,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":93,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:21.693181+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Client IP","port":60266,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.55.103.15","port":443,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"severity":"medium","alert":"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.cf)","source":"{\"timestamp\":\"2023-12-05T08:12:21.726848+0000\",\"flow_id\":1189043901947500,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"198.55.103.15\",\"src_port\":443,\"dest_ip\":\"10.70.215.85\",\"dest_port\":60266,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031227,\"rev\":1,\"signature\":\"ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.cf)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=illusiondream.cf\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"4E:09:34:FE:25:62:0A:F7:FB:AF:5C:82:00:28:EA:3B\",\"fingerprint\":\"bb:e8:a6:ac:61:cf:c9:71:b9:2c:c3:7d:93:93:f6:c1:5c:ab:b4:f5\",\"sni\":\"etc-yppppppoty.zzux.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2021-08-24T00:00:00\",\"notafter\":\"2021-11-22T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1243,\"bytes_toclient\":4271,\"start\":\"2023-12-05T08:12:21.188012+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:21Z","timestamp":1701763941,"ip_dst":{"addr":"Client IP","port":60266,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.55.103.15","port":443,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2023-12-05T08:12:21.726848+0000\",\"flow_id\":1189043901947500,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"198.55.103.15\",\"src_port\":443,\"dest_ip\":\"10.70.215.85\",\"dest_port\":60266,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2020_11_23\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_11_23\"]}},\"tls\":{\"subject\":\"CN=illusiondream.cf\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"4E:09:34:FE:25:62:0A:F7:FB:AF:5C:82:00:28:EA:3B\",\"fingerprint\":\"bb:e8:a6:ac:61:cf:c9:71:b9:2c:c3:7d:93:93:f6:c1:5c:ab:b4:f5\",\"sni\":\"etc-yppppppoty.zzux.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2021-08-24T00:00:00\",\"notafter\":\"2021-11-22T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":6,\"bytes_toserver\":1243,\"bytes_toclient\":4271,\"start\":\"2023-12-05T08:12:21.188012+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57744,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.040035+0000\",\"flow_id\":1259532905190791,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57744,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1158},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":680,\"bytes_toclient\":4532,\"start\":\"2023-12-05T08:12:21.693639+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44520,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:22.161060+0000\",\"flow_id\":1686091877217572,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":44520,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":33379,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.161060+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44520,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.161060+0000\",\"flow_id\":1686091877217572,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":44520,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":33379,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.161060+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56747,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:22.162651+0000\",\"flow_id\":1032406444702555,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":56747,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":54899,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.162651+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56747,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.162651+0000\",\"flow_id\":1032406444702555,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":56747,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":54899,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.162651+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":50358,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:22.164258+0000\",\"flow_id\":1282193152704930,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":50358,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61535,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.164258+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":50358,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.164258+0000\",\"flow_id\":1282193152704930,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":50358,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61535,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.164258+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57744,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.333743+0000\",\"flow_id\":1259532905190791,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57744,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/centos-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1159},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1389,\"bytes_toclient\":8471,\"start\":\"2023-12-05T08:12:21.693639+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.514208+0000\",\"flow_id\":1333131464839789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57750,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/html-background.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1159},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":655,\"bytes_toclient\":1604,\"start\":\"2023-12-05T08:12:22.168557+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57748,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.520791+0000\",\"flow_id\":748079609713109,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57748,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/header-background.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1156},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":657,\"bytes_toclient\":7460,\"start\":\"2023-12-05T08:12:22.168405+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-05T08:12:22.619584+0000\",\"flow_id\":81105548375104,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":55472,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":379,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.619584+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55472,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.619584+0000\",\"flow_id\":81105548375104,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":55472,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":379,\"rrname\":\"etc-yppppppoty.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":94,\"bytes_toclient\":0,\"start\":\"2023-12-05T08:12:22.619584+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":57750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.797938+0000\",\"flow_id\":1333131464839789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57750,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1220},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1224,\"bytes_toclient\":6404,\"start\":\"2023-12-05T08:12:22.168557+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-05T08:12:21.696Z","timestamp":1701763941696,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: etc-yppppppoty.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Tue, 05 Dec 2023 08:12:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 4833\r\nLast-Modified: Fri, 16 May 2014 15:12:48 GMT\r\nConnection: keep-alive\r\nETag: \"53762af0-12e1\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4833,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (507)","md5":"a76b2b824459a563428efee4e4e10dfa","sha1":"22e5446e82b3e46da34b5ebce6de5751664fb867","sha256":"4fee32fb8b130a7d5c4b176767a85ab4c5bd6cb1f6cd0a7c506aa476ccfaec0e","sha512":"752915a270cd87ef0bb431bf5bcc0644a45020bc62ca2203f28359c3f4a31e121d0b524726e48b0f6845cddb8cbbc3d932dfd01a9e50a2414f54bda94290a76f","ssdeep":"96:7pDsnggCBAsMz1fr5641WILA00wx9F71nTe:7gfr5P1WaA0vx77Be","tlshash":"20a1763a5944222213078691fd6197f8a23342e3f5aa8de2f8fd157ddb48284f473b8d","first_seen":"2023-04-10T12:02:07Z","last_seen":"2026-05-12T20:33:21.704313Z","times_seen":469,"resource_available":true,"data":null}},"time_used":519,"timings":{"blocked":172,"dns":0,"connect":174,"send":0,"wait":172,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.85","port":57744,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.040035+0000\",\"flow_id\":1259532905190791,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57744,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1158},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":680,\"bytes_toclient\":4532,\"start\":\"2023-12-05T08:12:21.693639+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/img/centos-logo.png","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://etc-yppppppoty.zzux.com/","date":"2023-12-05T08:12:22.169Z","timestamp":1701763942169,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/centos-logo.png HTTP/1.1\r\nHost: etc-yppppppoty.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://etc-yppppppoty.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Tue, 05 Dec 2023 08:12:43 GMT\r\nContent-Type: image/png\r\nContent-Length: 3030\r\nLast-Modified: Sun, 28 Dec 2008 06:10:39 GMT\r\nConnection: keep-alive\r\nETag: \"4957185f-bd6\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3030,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 32, 8-bit/color RGBA, non-interlaced\\012- data","md5":"2ce1e69697251116dca5bf7b17690010","sha1":"76bda5761b81e1dc29357acf760b05112d85d18b","sha256":"69dbbb0073c44a64da2de10dc969dd5b0118bc09a28f77be63a62ddaf382d6e4","sha512":"19aea919c7e7f72e0441661b230917d6f948bf30358c2ba33f2db8238d037a27362d77c0d02ebe22819fb58062b05e2599e5344b33ae64faf49cf2a826fd3332","ssdeep":"","tlshash":"cb514cdf723eb73d42741b76ab570fdcc928cd805c29fb640540522d5b99a25b2092c2","first_seen":"2023-04-15T16:15:33Z","last_seen":"2026-05-08T01:13:14.336565Z","times_seen":453,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.85","port":57744,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.333743+0000\",\"flow_id\":1259532905190791,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57744,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/centos-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1159},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1389,\"bytes_toclient\":8471,\"start\":\"2023-12-05T08:12:21.693639+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/img/html-background.png","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://etc-yppppppoty.zzux.com/","date":"2023-12-05T08:12:22.173Z","timestamp":1701763942173,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/html-background.png HTTP/1.1\r\nHost: etc-yppppppoty.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://etc-yppppppoty.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Tue, 05 Dec 2023 08:12:43 GMT\r\nContent-Type: image/png\r\nContent-Length: 1801\r\nLast-Modified: Sun, 28 Dec 2008 06:10:39 GMT\r\nConnection: keep-alive\r\nETag: \"4957185f-709\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced\\012- data","md5":"c0286057b6d3c023125b921a96a73938","sha1":"9095eee294484da98aacc3d9818a3ee9101b3123","sha256":"79dda1a317f732bc2e6c15013254e833d65ecbb99feb572df0309a2c14f1b7d3","sha512":"a315fd1350712ef2e59ace1c3dd848975c98e726f1078a9b7fb4c328170ebee779a5910101158f3f6a4a20868fe42a2f9cb883ef2b0edf37375d2b6d2c828e24","ssdeep":"","tlshash":"4031ea9ae9834a32204a5627c61e4f6fc1bd6b0f9cecdc41fe76e056b005c80843f68b","first_seen":"2023-04-15T16:15:33Z","last_seen":"2026-05-08T01:13:14.33086Z","times_seen":454,"resource_available":false,"data":null}},"time_used":519,"timings":{"blocked":168,"dns":3,"connect":173,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.85","port":57750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.514208+0000\",\"flow_id\":1333131464839789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57750,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/html-background.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1159},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":655,\"bytes_toclient\":1604,\"start\":\"2023-12-05T08:12:22.168557+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/favicon.ico","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://etc-yppppppoty.zzux.com/","date":"2023-12-05T08:12:22.620Z","timestamp":1701763942620,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: etc-yppppppoty.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://etc-yppppppoty.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.20.1\r\nDate: Tue, 05 Dec 2023 08:12:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 3650\r\nConnection: keep-alive\r\nETag: \"60b6cf1d-e42\"\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3650,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"0723e124f290ef0c356627361c46b792","sha1":"073b4812a3b57c6f67cfdaa9a6e8ac68797ec492","sha256":"7f8c7f918148b32820b0c39f8904de975147f2a5d34a3f676298a691ae857284","sha512":"422562d9aa1d8883421c89ab67ca45fff7f8b9dcf4c403f6f180e044d106ae141c80dd9b4c9d502a781fc7790539051741c56287e174a33202bf9b38c79d2d87","ssdeep":"","tlshash":"24714f2867e30513b64bc9b47bb627992741d1c7824bcf687f8c52a0cf8559168f738c","first_seen":"2023-04-05T16:41:13Z","last_seen":"2026-05-18T23:48:17.983524Z","times_seen":591,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.85","port":57750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.797938+0000\",\"flow_id\":1333131464839789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57750,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":1220},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":1224,\"bytes_toclient\":6404,\"start\":\"2023-12-05T08:12:22.168557+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"etc-yppppppoty.zzux.com/img/header-background.png","fqdn":"etc-yppppppoty.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://etc-yppppppoty.zzux.com/","date":"2023-12-05T08:12:22.181Z","timestamp":1701763942181,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/header-background.png HTTP/1.1\r\nHost: etc-yppppppoty.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://etc-yppppppoty.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Tue, 05 Dec 2023 08:12:43 GMT\r\nContent-Type: image/png\r\nContent-Length: 82896\r\nLast-Modified: Fri, 16 May 2014 14:33:46 GMT\r\nConnection: keep-alive\r\nETag: \"537621ca-143d0\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":82896,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 280 x 185, 8-bit/color RGBA, interlaced\\012- data","md5":"7a40c93046dbdba584c6dd907d43701e","sha1":"d2c8070a41c9ff7703b399ed237e34f928ccb27b","sha256":"14a76d84a155acadb5d84695e7e6f2ba8042d2527fadf4e71ee1c84581164e8c","sha512":"323236dca1953f8c0efc9d4839e028cbe003510bef30da668b23f2048f3075ddeb8d7a9f33e2bc9c00c366d9bc22dd7acfcf0617fa7ee9f7f7ed9efe786e124f","ssdeep":"1536:sh+6d/r6iHQALIBExGgCzSlXG66TIte25Rsr/A82xRZ5i+5w:swer6iHQKIBOGgZ5GfkeOQ/52zs","tlshash":"a2831217af2a0d30302ef212164a47a7fc7723d326a3b23111ee875d6db42457197f9a","first_seen":"2023-04-15T16:15:33Z","last_seen":"2026-05-08T01:13:14.327817Z","times_seen":452,"resource_available":false,"data":null}},"time_used":1058,"timings":{"blocked":163,"dns":4,"connect":176,"send":0,"wait":177,"receive":538,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-05T08:12:22Z","timestamp":1701763942,"ip_dst":{"addr":"198.55.103.15","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.85","port":57748,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-05T08:12:22.520791+0000\",\"flow_id\":748079609713109,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.85\",\"src_port\":57748,\"dest_ip\":\"198.55.103.15\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"etc-yppppppoty.zzux.com\",\"url\":\"/img/header-background.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://etc-yppppppoty.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1156},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":657,\"bytes_toclient\":7460,\"start\":\"2023-12-05T08:12:22.168405+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}