207.244.241.61 0 B IP 207.244.241.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET / HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Tue, 07 Nov 2023 01:49:15 GMT
Server: Apache
Location: /backend/web/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
royalepass882.zzux.com/backend/web/
207.244.241.61302 Found 0 B URL User Request GET HTTP/1.1 royalepass882.zzux.com/backend/web/
IP 207.244.241.61:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/ HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Tue, 07 Nov 2023 01:49:16 GMT
Server: Apache
Set-Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
207.244.241.61200 OK 1.5 kB URL User Request GET HTTP/1.1 royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
IP 207.244.241.61:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1118)
Hash 21408b66a2ba96f875c22de7d3a125a5
bdabc6c25193435f65429f0c280b5607ab123cc6
b6c25ac04650266d69878e4c5292386f7faba09067884f891554d264953fd74c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/index.php?r=site%2Flogin HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D; path=/; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1483
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
royalepass882.zzux.com/backend/web/assets/94932517/css/bootstrap.css
207.244.241.61200 OK 21 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/94932517/css/bootstrap.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (386)
Hash 2dbb985a5bb6dd8ef0a7b21d290ea9ae
f8676e1f4a902a63088f45982f3f9b6a6c401b47
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/94932517/css/bootstrap.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:58 GMT
ETag: "23a0d-5e18d6499e980-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21275
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/bower_components/font-awesome/css/font-awesome.min.css
207.244.241.61200 OK 7.1 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/bower_components/font-awesome/css/font-awesome.min.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:51 GMT
ETag: "7918-5e17f4f4b89c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/bower_components/Ionicons/css/ionicons.min.css
207.244.241.61200 OK 8.3 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/bower_components/Ionicons/css/ionicons.min.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type Unicode text, UTF-8 text, with very long lines (50806)
Hash 0d6763b67616cb9183f3931313d42971
f0459300e39155df7aa5e94b3bdb8c8594f49a60
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/bower_components/Ionicons/css/ionicons.min.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:49 GMT
ETag: "c854-5e17f4f2d0540-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8284
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/dist/css/skins/skin-yellow.css
207.244.241.61200 OK 767 B URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/dist/css/skins/skin-yellow.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash 5d72c6cb9e553468b124cd905a1de96c
c397e56174de5bef535cd7f73107a8890170ad07
c50493b89177169f14b529772e7a8661b011250a0008cfb8d438bdb5eeae5c84
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/dist/css/skins/skin-yellow.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:53 GMT
ETag: "de8-5e17f4f6a0e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css
207.244.241.61200 OK 20 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (65369)
Hash 7f89537eaf606bff49f5cc1a7c24dbca
b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:50 GMT
ETag: "1da71-5e17f4f3c4780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19741
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/assets/744752e1/yii.js
207.244.241.61200 OK 5.8 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/744752e1/yii.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash 11c2f7dc661150befdee01a23246950c
597b845967289c989c7f153453313f2dfd9a6ab9
67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/744752e1/yii.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:57 GMT
ETag: "51c6-5e18d648aa740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5813
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/assets/744752e1/yii.validation.js
207.244.241.61200 OK 3.1 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/744752e1/yii.validation.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash 926d297d32127a64c0822c446e1d4378
4677fb8b913cd7fa6be98674946a6a0c47e6dfb3
bed9bcc372f2d6619d19a6e2d2a69092725530f20cdc7ffbe55a4a18cfb67b28
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/744752e1/yii.validation.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:57 GMT
ETag: "401a-5e18d648aa740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3068
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/dist/css/AdminLTE.min.css
207.244.241.61200 OK 15 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/dist/css/AdminLTE.min.css
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (65317)
Hash e3bd21ffe6ce31c1a7d79b7058533af4
32bec4614178d9ac432304eb929ffa8ffab41ec3
968d106d4bfc73434033d70d73309e7a3ba3f11fb286664ebcd6332c0f8dc339
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/dist/css/AdminLTE.min.css HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:53 GMT
ETag: "1656b-5e17f4f6a0e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14974
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
royalepass882.zzux.com/backend/web/assets/744752e1/yii.captcha.js
207.244.241.61200 OK 739 B URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/744752e1/yii.captcha.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash daae7efe2c15342aa8fbb9e2b6b01691
a6ee314a81dadaefeb5dc03de25bd5ac2a560966
33b2ef68729e9d637d5f082356938bdf03c2ef7b2b3dd09398bc9c53e1c0f56e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/744752e1/yii.captcha.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:57 GMT
ETag: "807-5e18d648aa740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 739
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/assets/744752e1/yii.activeForm.js
207.244.241.61200 OK 7.5 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/744752e1/yii.activeForm.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash 4466b185cf91846af63f3be90f78d585
3fa1ddf6a486107eb7aa1ca1bc703632c96dc8f0
86414ea5538d5f21da467f12d2334388a419e87dd0cc35b87469c7623c56a2c3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/744752e1/yii.activeForm.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:57 GMT
ETag: "9044-5e18d648aa740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7457
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js
207.244.241.61404 Not Found 268 B URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 501c9fb4d09d9e6de9284db094f71d42
7a7bc936d6d9504f670ea83814209127e59e9b75
a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/css/plugins/iCheck/icheck.min.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Content-Length: 268
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js
207.244.241.61200 OK 11 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (39553)
Hash 2f34b630ffe30ba2ff2b91e3f3c322a1
b16fd8226bd6bfb08e568f1b1d0a21d60247cefb
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:50 GMT
ETag: "9b00-5e17f4f3c4780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10940
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/dist/js/bootbox/bootbox.min.js
207.244.241.61200 OK 4.7 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/dist/js/bootbox/bootbox.min.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (14179)
Hash c03bd83e89ad00fa10479162362a6d4e
dcffcb01cc8e249920a7bccd87e0dbc681cd8b51
1d08a9ab08e9d94be79df1d9994e85cd43a66d01f521d6ce7632aabc49aca3ff
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/dist/js/bootbox/bootbox.min.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:53 GMT
ETag: "37a6-5e17f4f6a0e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4690
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/dist/js/bootbox/popper.js
207.244.241.61200 OK 23 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/dist/js/bootbox/popper.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type ASCII text, with very long lines (345)
Hash 09e3713f6fd15ee23bc80bfa4a51bedc
92cb1b7662dd25704ae9595e116b92a96f54e0ee
4787a7297e406f0a47a7994e827e78e60f84622f834792648f1ed9f89d67194d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/dist/js/bootbox/popper.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:53 GMT
ETag: "18ab9-5e17f4f6a0e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23181
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/assets/e922c812/jquery.js
207.244.241.61200 OK 85 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/assets/e922c812/jquery.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Hash 23c7c5d2d1317508e807a6c7f777d6ed
ad16c4a132ad2a03b4951185fed46d55397b5e88
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/assets/e922c812/jquery.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2022 09:37:57 GMT
ETag: "4638e-5e18d648aa740-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/javascript
royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2
207.244.241.61200 OK 18 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Wed, 15 Jun 2022 16:49:50 GMT
ETag: "466c-5e17f4f3c4780"
Accept-Ranges: bytes
Content-Length: 18028
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
royalepass882.zzux.com/backend/web/index.php?r=site%2Fcaptcha&v=6549979d02bdd2.26590695
207.244.241.61200 OK 2.8 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/index.php?r=site%2Fcaptcha&v=6549979d02bdd2.26590695
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type PNG image data, 120 x 50, 8-bit/color RGB, non-interlaced\012- data
Hash ff8bc075b116d51edcb1d4a175181e91
65829db32fa7892ce3f2edfebe683c28409f4e1d
29818edd0b52d585b3b8a929a857b8e2c85f38e9011e6900a4f9f4489bf8c44f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/index.php?r=site%2Fcaptcha&v=6549979d02bdd2.26590695 HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Expires: 0
Cache-Control: must-revalidate, post-check=0, pre-check=0
Pragma: public
Content-Transfer-Encoding: binary
Content-Length: 2757
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js
207.244.241.61404 Not Found 268 B URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 501c9fb4d09d9e6de9284db094f71d42
7a7bc936d6d9504f670ea83814209127e59e9b75
a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/css/plugins/iCheck/icheck.min.js HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Content-Length: 268
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
royalepass882.zzux.com/backend/web/dist/img/logo-2x.png
207.244.241.61200 OK 102 kB URL GET HTTP/1.1 royalepass882.zzux.com/backend/web/dist/img/logo-2x.png
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type PNG image data, 560 x 316, 8-bit colormap, non-interlaced\012- data
Size 102 kB (102521 bytes)
Hash f50f5ae735ad75ba46c7bc0357562324
7ae7ad920ddd44a90ba28ed8194f59a29630d723
81fc5a3eab22996fd30d156c7ddffbb66b4f3e38e82617482b562246e97a8a01
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /backend/web/dist/img/logo-2x.png HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Nov 2023 01:49:17 GMT
Server: Apache
Last-Modified: Sat, 18 Jun 2022 09:01:52 GMT
ETag: "19079-5e1b51f2e2000"
Accept-Ranges: bytes
Content-Length: 102521
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
royalepass882.zzux.com/favicon.ico
207.244.241.61404 Not Found 268 B URL GET HTTP/1.1 royalepass882.zzux.com/favicon.ico
IP 207.244.241.61:80
Requested by http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 501c9fb4d09d9e6de9284db094f71d42
7a7bc936d6d9504f670ea83814209127e59e9b75
a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain
GET /favicon.ico HTTP/1.1
Host: royalepass882.zzux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin
Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 Nov 2023 01:49:18 GMT
Server: Apache
Content-Length: 268
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1