URL User Request GET HTTP/1.1IP 172.67.152.70:80
File typeHTML document, ASCII text, with very long lines (394) Hashcd61569334be267f786aabda2747e31f 27892d1d1e0c94b5114046815e6f906a0df7ec0e 8965ab2882afb027199f1097bdac37d78b70c095456f8688e5f553fd50bd3557
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET / HTTP/1.1
Host: api.dyxs.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 02 Nov 2024 10:33:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Sat, 02 Nov 2024 10:33:50 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EOVd3wMPqCGp1ASsX1UjsLXfln9JDAUA0p8nXyOAkBBnkVgSLgyUwgMhis36OcZWqiBp2mojb%2BZcPt0L1xhN2S5iAGi25Toqd9X38OdTPi54k2t5f6D%2FP7R0IVAbESY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8dc3779bcf1a4181-HAM
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=14266&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=385&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| api.dyxs.zip/cdn-cgi/styles/cf.errors.css | 172.67.152.70 | 200 OK | 4.5 kB |
URL GET HTTP/1.1api.dyxs.zip/cdn-cgi/styles/cf.errors.css IP172.67.152.70:80
File typeASCII text, with very long lines (24050) Hash5e8c69a459a691b5d1b9be442332c87d f24dd1ad7c9080575d92a9a9a2c42620725ef836 84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: api.dyxs.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://api.dyxs.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 02 Nov 2024 10:33:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Oct 2024 16:48:04 GMT
ETag: W/"671bcbc4-5df3"
Server: cloudflare
CF-RAY: 8dc3779ce8214181-HAM
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 02 Nov 2024 12:33:35 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
|
IP172.67.152.70:80
File typeHTML document, ASCII text, with very long lines (394) Hash2a8329e3c5bfdd590063956197159d80 c8429207c0d3ec9a3aba7545d9ab47f3ac7248f2 dc400f69ad3adc5137e8655be0550b26416c3d84d5eed6797aab99fed14bfb4a
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /favicon.ico HTTP/1.1
Host: api.dyxs.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://api.dyxs.zip/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 02 Nov 2024 10:33:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: max-age=15
Expires: Sat, 02 Nov 2024 10:33:50 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jLhsc5d4EPkhxmN%2Fhg32vCXLIP1TkjH2izH6AMNNMbhJgltlIXCSDCQZB58wMiN1eJ402WAHukRINIAkzjMBVbsbteuKaTQ6oibELUYPPRrQyCh9u%2BBjLGEWriujj8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8dc3779d386d4181-HAM
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=14339&sent=9&recv=13&lost=0&retrans=0&sent_bytes=7625&recv_bytes=1069&delivery_rate=502010&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
| api.dyxs.zip/cdn-cgi/images/cf-no-screenshot-error.png |  104.21.12.115 | 200 OK | 3.2 kB |
URL GET HTTP/1.1api.dyxs.zip/cdn-cgi/images/cf-no-screenshot-error.png IP104.21.12.115:80
File typePNG image data, 178 x 175, 8-bit colormap, non-interlaced Hash0d768cbc261841d3affc933b9ac3130e aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7 1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked |
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1
Host: api.dyxs.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://api.dyxs.zip/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 02 Nov 2024 10:33:35 GMT
Content-Type: image/png
Content-Length: 3213
Connection: keep-alive
Last-Modified: Fri, 25 Oct 2024 16:48:04 GMT
ETag: "671bcbc4-c8d"
Server: cloudflare
CF-RAY: 8dc3779d6871b7d3-AMS
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 02 Nov 2024 12:33:35 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|
| api.dyxs.zip/cdn-cgi/images/browser-bar.png?1376755637 | 104.21.12.115 | 200 OK | 715 B |
URL GET HTTP/1.1api.dyxs.zip/cdn-cgi/images/browser-bar.png?1376755637 IP104.21.12.115:80
File typePNG image data, 960 x 53, 8-bit colormap, non-interlaced Hash226dcb8f6144bdaafdfbd8f2f354be64 3785cc5b3bf52f8e398177b0ff1020b24aa86b8c 8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Sinkholed / Blocked |
| NIDS | Severity | Alert |
|---|
| suricata | low | ET INFO HTTP Request to a *.zip Domain |
GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1
Host: api.dyxs.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://api.dyxs.zip/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 02 Nov 2024 10:33:35 GMT
Content-Type: image/png
Content-Length: 715
Connection: keep-alive
Last-Modified: Fri, 25 Oct 2024 16:48:04 GMT
ETag: "671bcbc4-2cb"
Server: cloudflare
CF-RAY: 8dc3779d69c10c09-AMS
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 02 Nov 2024 12:33:35 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
|