{"report_id":"55e39650-15b3-4154-bc6a-a14a9f8e340e","version":6,"status":"done","tags":["dyndns"],"date":"2023-11-27T16:37:39Z","url":{"schema":"http","addr":"pubgm-uc-gratis.zzux.com/","fqdn":"pubgm-uc-gratis.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":0,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"http","addr":"pubgm-uc-gratis.zzux.com/","fqdn":"pubgm-uc-gratis.zzux.com","domain":"zzux.com","tld":"com"},"title":"Apache2 Ubuntu Default Page: It works"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T10:28:10Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pubgm-uc-gratis.zzux.com","ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2021-05-03 09:39:32","last_seen":"2023-04-01 11:48:21","alert_count":6,"request_count":3,"received_data":7597,"sent_data":1159,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47312,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:25.532501+0000\",\"flow_id\":2008901256290325,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":47312,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":12540,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.532501+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47312,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:25.532501+0000\",\"flow_id\":2008901256290325,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":47312,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":12540,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.532501+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:25.532659+0000\",\"flow_id\":2066458113024179,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":36614,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29875,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.532659+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:25.532659+0000\",\"flow_id\":2066458113024179,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":36614,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29875,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.532659+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43970,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:25.553160+0000\",\"flow_id\":1228810641305800,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":43970,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40737,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.553160+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:25Z","timestamp":1701103045,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43970,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:25.553160+0000\",\"flow_id\":1228810641305800,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":43970,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40737,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:25.553160+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:26.010781+0000\",\"flow_id\":1091633680886301,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":49957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40375,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:26.010781+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.010781+0000\",\"flow_id\":1091633680886301,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":49957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40375,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:26.010781+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":46844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.391364+0000\",\"flow_id\":1182579613379494,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46844,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":681,\"bytes_toclient\":3815,\"start\":\"2023-11-27T16:37:26.011174+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:26.519032+0000\",\"flow_id\":1764685120990072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":56957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8698,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:26.519032+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.519032+0000\",\"flow_id\":1764685120990072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":56957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8698,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":95,\"bytes_toclient\":0,\"start\":\"2023-11-27T16:37:26.519032+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45780,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-27T16:37:26.647846+0000\",\"flow_id\":1623518127459496,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":45780,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":3852,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":194,\"bytes_toclient\":99,\"start\":\"2023-11-27T16:35:18.658600+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45780,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.647846+0000\",\"flow_id\":1623518127459496,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":45780,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":3852,\"rrname\":\"pubgm-uc-gratis.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":194,\"bytes_toclient\":99,\"start\":\"2023-11-27T16:35:18.658600+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":46844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.708221+0000\",\"flow_id\":1182579613379494,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46844,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/icons/ubuntu-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://pubgm-uc-gratis.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1163},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1328,\"bytes_toclient\":6909,\"start\":\"2023-11-27T16:37:26.011174+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:27Z","timestamp":1701103047,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":46854,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:27.004768+0000\",\"flow_id\":290446186570947,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46854,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://pubgm-uc-gratis.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":286},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":645,\"bytes_toclient\":709,\"start\":\"2023-11-27T16:37:26.648387+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"pubgm-uc-gratis.zzux.com/","fqdn":"pubgm-uc-gratis.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-27T16:37:26.014Z","timestamp":1701103046014,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: pubgm-uc-gratis.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 27 Nov 2023 16:37:22 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Mon, 18 Sep 2023 04:20:07 GMT\r\nETag: \"2aa6-6059a7516b456-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 3138\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document text\\012- exported SGML document, ASCII text","md5":"3526531ccd6c6a1d2340574a305a18f8","sha1":"07993837ce7f0273a65b20db8ee9b24823da7e1e","sha256":"b663321ab439cc53a329ee352c1b855d9998d3af95524a05795a88b42a9acf07","sha512":"81053b8a1ccf04a091df853c91391484a9d2d9e5aba3f3af22b2d720d6e4efeaf49ccc67b0d03cf896d29fb9abf002847ba2988da535285eda7a81249071a87f","ssdeep":"96:lA46evqMhQKrFih8Wdp3667KoQAm+czjJX91GH1o03PHhdntun3nXhgJF2GiloeG:lV6yqGQKJUnpJKoOJaVB2GiLA1b","tlshash":"6f329825f9e521136203c06177f6ab532f769187ed0a562931be019c8fc6bf6c6a3389","first_seen":"2023-04-05T15:45:20Z","last_seen":"2026-05-09T10:20:55.720929Z","times_seen":2947,"resource_available":true,"data":null}},"time_used":567,"timings":{"blocked":187,"dns":0,"connect":190,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.220","port":46844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.391364+0000\",\"flow_id\":1182579613379494,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46844,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":681,\"bytes_toclient\":3815,\"start\":\"2023-11-27T16:37:26.011174+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"pubgm-uc-gratis.zzux.com/icons/ubuntu-logo.png","fqdn":"pubgm-uc-gratis.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://pubgm-uc-gratis.zzux.com/","date":"2023-11-27T16:37:26.522Z","timestamp":1701103046522,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /icons/ubuntu-logo.png HTTP/1.1\r\nHost: pubgm-uc-gratis.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://pubgm-uc-gratis.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 27 Nov 2023 16:37:22 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Wed, 08 Mar 2023 17:32:54 GMT\r\nETag: \"d0a-5f666eb0abd80\"\r\nAccept-Ranges: bytes\r\nContent-Length: 3338\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3338,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 99, 8-bit/color RGBA, non-interlaced\\012- data","md5":"5bf8c10887a4300160553ff99b3ee00b","sha1":"21b29d43acd3106347eacd8f3a36a38ad7d330ee","sha256":"ef6e62d62944c3b838f72816ba8e836fbdb46a8dcfb43ba62a4c387b65306fdb","sha512":"7f0b5bba4ab87b728af0ad1169ba2a6b11624e7ae08d23377442a2a6280053e4d99c6ccbfd49c87a2977305e2850d6cf356620a188161147d7ffdfec951293d3","ssdeep":"","tlshash":"60613bdf73b0a36076a2b2fd3a4ae215a22e538c5e9a475af8039f3102754c31452ab1","first_seen":"2023-05-01T15:41:17Z","last_seen":"2026-05-09T10:20:55.722632Z","times_seen":1845,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:26Z","timestamp":1701103046,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.220","port":46844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:26.708221+0000\",\"flow_id\":1182579613379494,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46844,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/icons/ubuntu-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://pubgm-uc-gratis.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1163},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1328,\"bytes_toclient\":6909,\"start\":\"2023-11-27T16:37:26.011174+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"pubgm-uc-gratis.zzux.com/favicon.ico","fqdn":"pubgm-uc-gratis.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://pubgm-uc-gratis.zzux.com/","date":"2023-11-27T16:37:26.648Z","timestamp":1701103046648,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pubgm-uc-gratis.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://pubgm-uc-gratis.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 27 Nov 2023 16:37:23 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nContent-Length: 286\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":286,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"9acbeb279fe500b4b5d7660a492ad152","sha1":"44c7beb2b69741dc32c622da3247bd11d313478b","sha256":"b2aeceaf91f3e33120e30268530ffafec0c8ea65e6f9a30c7abe0f77b193b8f7","sha512":"4e7006a49a60d5e7451069728b193502218fb4cefc7b5ee163dca16da235c3b3507b9c402cdfde60b5224b36d5fc2821caade5621a51f5bd4c6dd626e2a7046c","ssdeep":"","tlshash":"aed0e7df414363c70c12105034c554c62b4c12fd652945e42c45d043125853ecd876cc","first_seen":"2023-11-27T17:37:39Z","last_seen":"2023-11-27T17:37:39Z","times_seen":1,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":0,"dns":0,"connect":178,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-27T16:37:27Z","timestamp":1701103047,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.220","port":46854,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-27T16:37:27.004768+0000\",\"flow_id\":290446186570947,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.220\",\"src_port\":46854,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"pubgm-uc-gratis.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://pubgm-uc-gratis.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":286},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":645,\"bytes_toclient\":709,\"start\":\"2023-11-27T16:37:26.648387+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}