{"report_id":"a372210b-716d-4a55-bca7-65cb7829e53c","version":6,"status":"done","tags":["dyndns"],"date":"2023-11-17T14:31:38Z","url":{"schema":"http","addr":"yvh7938.zzux.com/","fqdn":"yvh7938.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"173.249.11.182","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"yvh7938.zzux.com/","fqdn":"yvh7938.zzux.com","domain":"zzux.com","tld":"com"},"title":"yvh7938.zzux.com/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T13:05:34Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"yvh7938.zzux.com","ip":{"addr":"173.249.11.182","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2000-11-15","domain_rank":0,"first_seen":"2022-11-02 13:31:14","last_seen":"2023-11-05 00:08:50","alert_count":4,"request_count":2,"received_data":348,"sent_data":734,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59222,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.036653+0000\",\"flow_id\":1553103010303789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59222,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":28616,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.036653+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.036820+0000\",\"flow_id\":1479145820950484,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59246,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61953,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.036820+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59222,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.036653+0000\",\"flow_id\":1553103010303789,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59222,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":28616,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.036653+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.036820+0000\",\"flow_id\":1479145820950484,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59246,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61953,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.036820+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41409,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.048165+0000\",\"flow_id\":1993246963842085,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":41409,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17049,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.048165+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41409,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.048165+0000\",\"flow_id\":1993246963842085,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":41409,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17049,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.048165+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46933,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.056642+0000\",\"flow_id\":824717359111490,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":46933,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4931,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.056642+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46933,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.056642+0000\",\"flow_id\":824717359111490,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":46933,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4931,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.056642+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60392,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.197546+0000\",\"flow_id\":803487335711658,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":60392,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17089,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.197546+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60392,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.197546+0000\",\"flow_id\":803487335711658,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":60392,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17089,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.197546+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"173.249.11.182","port":80,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":59732,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.293355+0000\",\"flow_id\":46381238191981,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59732,\"dest_ip\":\"173.249.11.182\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"yvh7938.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":663,\"bytes_toclient\":382,\"start\":\"2023-11-17T14:31:22.198509+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48821,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-17T14:31:22.673088+0000\",\"flow_id\":1400569394251072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":48821,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56938,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.673088+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48821,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.673088+0000\",\"flow_id\":1400569394251072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":48821,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56938,\"rrname\":\"yvh7938.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":87,\"bytes_toclient\":0,\"start\":\"2023-11-17T14:31:22.673088+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"173.249.11.182","port":80,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":59732,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.710039+0000\",\"flow_id\":46381238191981,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59732,\"dest_ip\":\"173.249.11.182\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"yvh7938.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://yvh7938.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1142,\"bytes_toclient\":690,\"start\":\"2023-11-17T14:31:22.198509+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"yvh7938.zzux.com/","fqdn":"yvh7938.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"173.249.11.182","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-17T14:31:22.079Z","timestamp":1700231482079,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: yvh7938.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: Fri, 17 Nov 2023 14:31:21 GMT\r\nContent-Length: 19\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":19,"size_decoded":0,"mime_type":"","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-05-22T13:36:26.096694Z","times_seen":34611,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":1,"connect":40,"send":0,"wait":0,"receive":0,"ssl":40},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"173.249.11.182","port":80,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.69","port":59732,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.293355+0000\",\"flow_id\":46381238191981,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59732,\"dest_ip\":\"173.249.11.182\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"yvh7938.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":663,\"bytes_toclient\":382,\"start\":\"2023-11-17T14:31:22.198509+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"yvh7938.zzux.com/favicon.ico","fqdn":"yvh7938.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"173.249.11.182","port":80,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://yvh7938.zzux.com/","date":"2023-11-17T14:31:22.675Z","timestamp":1700231482675,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: yvh7938.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yvh7938.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Content-Type-Options: nosniff\r\nDate: Fri, 17 Nov 2023 14:31:21 GMT\r\nContent-Length: 19\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":19,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-05-22T13:36:26.096694Z","times_seen":34611,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-17T14:31:22Z","timestamp":1700231482,"ip_dst":{"addr":"173.249.11.182","port":80,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"10.70.215.69","port":59732,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-17T14:31:22.710039+0000\",\"flow_id\":46381238191981,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.69\",\"src_port\":59732,\"dest_ip\":\"173.249.11.182\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"yvh7938.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://yvh7938.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1142,\"bytes_toclient\":690,\"start\":\"2023-11-17T14:31:22.198509+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}