{"report_id":"df684fc5-deea-4424-a01e-31cf7be8bccc","version":6,"status":"done","tags":["dyndns"],"date":"2023-11-07T01:49:29Z","url":{"schema":"http","addr":"royalepass882.zzux.com/","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":0,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"title":"Login"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T15:23:24Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"royalepass882.zzux.com","ip":{"addr":"207.244.241.61","port":0,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"domain_registered":"2000-11-15","domain_rank":0,"first_seen":"2021-03-15 20:44:28","last_seen":"2023-08-03 16:00:07","alert_count":48,"request_count":23,"received_data":345566,"sent_data":14546,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:10Z","timestamp":1699321750,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":38636,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:10.755791+0000\",\"flow_id\":649332878903375,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":38636,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56757,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:10.755791+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:10Z","timestamp":1699321750,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":38636,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:10.755791+0000\",\"flow_id\":649332878903375,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":38636,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56757,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:10.755791+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:10Z","timestamp":1699321750,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58671,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:10.755615+0000\",\"flow_id\":618683992278943,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":58671,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":65377,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:10.755615+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:10Z","timestamp":1699321750,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58671,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:10.755615+0000\",\"flow_id\":618683992278943,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":58671,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":65377,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:10.755615+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:15Z","timestamp":1699321755,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46740,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:15.745677+0000\",\"flow_id\":222778202218701,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46740,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8492,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:15.745677+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:15Z","timestamp":1699321755,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46740,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:15.745677+0000\",\"flow_id\":222778202218701,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46740,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8492,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:15.745677+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.009795+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/backend/web/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":669,\"bytes_toclient\":421,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.018293+0000\",\"flow_id\":39632206841717,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":36324,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":54492,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.018293+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.018293+0000\",\"flow_id\":39632206841717,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":36324,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":54492,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.018293+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46707,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.019683+0000\",\"flow_id\":53629505260771,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46707,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31240,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.019683+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46707,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.019683+0000\",\"flow_id\":53629505260771,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46707,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31240,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.019683+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33872,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.279939+0000\",\"flow_id\":139326987715971,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":33872,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":47122,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.279939+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33872,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.279939+0000\",\"flow_id\":139326987715971,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":33872,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":47122,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.279939+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.409211+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":1210,\"bytes_toclient\":939,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34548,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.413823+0000\",\"flow_id\":655839754735743,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":34548,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49162,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.413823+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34548,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.413823+0000\",\"flow_id\":655839754735743,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":34548,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49162,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.413823+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.415545+0000\",\"flow_id\":1449652790253369,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":34998,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":47337,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.415545+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34998,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.415545+0000\",\"flow_id\":1449652790253369,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":34998,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":47337,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.415545+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46225,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:16.932556+0000\",\"flow_id\":1098479084255948,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46225,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8037,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.932556+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46225,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.932556+0000\",\"flow_id\":1098479084255948,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46225,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":8037,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:16.932556+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.065030+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/index.php?r=site%2Flogin\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":867},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1828,\"bytes_toclient\":3135,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46515,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.179202+0000\",\"flow_id\":1957085996497922,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46515,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":11439,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.179202+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46515,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.179202+0000\",\"flow_id\":1957085996497922,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":46515,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":11439,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.179202+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45543,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.181272+0000\",\"flow_id\":1067095758324760,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":45543,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":170,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.181272+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45543,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.181272+0000\",\"flow_id\":1067095758324760,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":45543,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":170,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.181272+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35137,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.187896+0000\",\"flow_id\":498867290103288,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":35137,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61529,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.187896+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35137,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.187896+0000\",\"flow_id\":498867290103288,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":35137,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61529,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.187896+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47827,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.189350+0000\",\"flow_id\":136221726466982,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":47827,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17411,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.189350+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47827,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.189350+0000\",\"flow_id\":136221726466982,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":47827,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":17411,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.189350+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42318,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.190545+0000\",\"flow_id\":928153559840246,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42318,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":13153,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":183,\"bytes_toclient\":90,\"start\":\"2023-11-07T01:47:39.734710+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42318,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.190545+0000\",\"flow_id\":928153559840246,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42318,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":13153,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":183,\"bytes_toclient\":90,\"start\":\"2023-11-07T01:47:39.734710+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.191290+0000\",\"flow_id\":1974832801377082,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42816,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2597,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.191290+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.191290+0000\",\"flow_id\":1974832801377082,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42816,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2597,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.191290+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51271,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.192274+0000\",\"flow_id\":1431820086144786,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":51271,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":10046,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.192274+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51271,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.192274+0000\",\"flow_id\":1431820086144786,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":51271,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":10046,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.192274+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53585,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.193945+0000\",\"flow_id\":911828395619737,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":53585,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":60846,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.193945+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53585,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.193945+0000\",\"flow_id\":911828395619737,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":53585,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":60846,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.193945+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45047,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.198240+0000\",\"flow_id\":124539415365216,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":45047,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45476,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.198240+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58445,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.199890+0000\",\"flow_id\":1649196970872018,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":58445,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49358,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.199890+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53096,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.200774+0000\",\"flow_id\":525697950748742,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":53096,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":21299,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.200774+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49792,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.198907+0000\",\"flow_id\":2173522283399419,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":49792,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":39809,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.198907+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45047,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.198240+0000\",\"flow_id\":124539415365216,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":45047,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45476,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.198240+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53096,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.200774+0000\",\"flow_id\":525697950748742,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":53096,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":21299,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.200774+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58445,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.199890+0000\",\"flow_id\":1649196970872018,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":58445,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49358,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.199890+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49792,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.198907+0000\",\"flow_id\":2173522283399419,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":49792,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":39809,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.198907+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.309136+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/94932517/css/bootstrap.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1125},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":2692,\"bytes_toclient\":9191,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.427931+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1124},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":958,\"bytes_toclient\":6196,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.432135+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/font-awesome/css/font-awesome.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":959,\"bytes_toclient\":7710,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.433629+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/Ionicons/css/ionicons.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":951,\"bytes_toclient\":7710,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.435753+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/css/AdminLTE.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1124},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":12,\"bytes_toserver\":930,\"bytes_toclient\":15280,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.436080+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/css/skins/skin-yellow.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":767},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":935,\"bytes_toclient\":1293,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.555172+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5813},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2061,\"bytes_toclient\":14382,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.556575+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.validation.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":2064,\"bytes_toclient\":12736,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.560664+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.captcha.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":739},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":2363,\"bytes_toclient\":2424,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.566547+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/e922c812/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5457},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":25,\"bytes_toserver\":4325,\"bytes_toclient\":31779,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.608866+0000\",\"flow_id\":232570727778914,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":36957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40560,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.608866+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36957,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.608866+0000\",\"flow_id\":232570727778914,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":36957,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40560,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.608866+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.672659+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.activeForm.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2533,\"bytes_toclient\":24157,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.677073+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":14,\"bytes_toserver\":3503,\"bytes_toclient\":14916,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.682740+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10940},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":19,\"bytes_toserver\":2865,\"bytes_toclient\":24533,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.684881+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/bootbox.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4690},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":2429,\"bytes_toclient\":7706,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.685246+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/popper.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":23181},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":30,\"bytes_toserver\":2365,\"bytes_toclient\":40797,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.796998+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"font/woff2\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":14208},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":35,\"bytes_toserver\":3508,\"bytes_toclient\":48468,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.799386+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/img/logo-2x.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4071},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":24,\"bytes_toserver\":3569,\"bytes_toclient\":30056,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49573,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:17.800903+0000\",\"flow_id\":1555502259320967,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":49573,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":28172,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.800903+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49573,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.800903+0000\",\"flow_id\":1555502259320967,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":49573,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":28172,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:17.800903+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.814156+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/index.php?r=site%2Fcaptcha\u0026v=6549979d02bdd2.26590695\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2757},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":22,\"bytes_toserver\":3689,\"bytes_toclient\":27784,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.968466+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":31,\"bytes_toserver\":3147,\"bytes_toclient\":41331,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:18Z","timestamp":1699321758,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-11-07T01:49:18.038057+0000\",\"flow_id\":1068268284449961,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42468,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":60773,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:18.038057+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:18Z","timestamp":1699321758,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:18.038057+0000\",\"flow_id\":1068268284449961,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":42468,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":60773,\"rrname\":\"royalepass882.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":93,\"bytes_toclient\":0,\"start\":\"2023-11-07T01:49:18.038057+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:18Z","timestamp":1699321758,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:18.159109+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":32,\"bytes_toserver\":3918,\"bytes_toclient\":41865,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.validation.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"926d297d32127a64c0822c446e1d4378","sha1":"4677fb8b913cd7fa6be98674946a6a0c47e6dfb3","sha256":"bed9bcc372f2d6619d19a6e2d2a69092725530f20cdc7ffbe55a4a18cfb67b28","sha512":"d655bb801a2756c50af20c6797cff298c2cbe035ed8063b7ce417e949bad6f61ffbc729c007c2dcdb58c0554ca2eccc62082ea8830a73d1f810e35e241914534","ssdeep":"192:/laldMtH04lLZ/vpIC8l+ARBc0KltNolNhZ5lkbl2tUs0lnnQlya0AcapvVkfPrL:x3vd8xU5gxJnmR8RQ","tlshash":"e172905c6cf71a5948a371e93adf6008b6b9c223100dde55be5c83c16f94834f2e7b99","size":16410,"data":"","first_seen":"2023-03-07T01:14:59Z","last_seen":"2026-05-14T16:00:54.718694Z","times_seen":91,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.556575+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.validation.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":2064,\"bytes_toclient\":12736,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/js/bootbox/popper.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"09e3713f6fd15ee23bc80bfa4a51bedc","sha1":"92cb1b7662dd25704ae9595e116b92a96f54e0ee","sha256":"4787a7297e406f0a47a7994e827e78e60f84622f834792648f1ed9f89d67194d","sha512":"55b9be9de382ac896062b3d17019da0c3a0ebb981e7ac491050c6c24d5986d57fed9a367f314199ffacfe210f1f940226cadb841b2e1ac8a8bb0d778585add97","ssdeep":"1536:Y67ixtqChckw1MhqZsKk0IhmyYwRGiR/3GzcpGkO/jQLA:zixtXhcpMhqnkSwRGiR/3GzcY9Q8","tlshash":"2fa3a65a78e6b2b609a7616f43afa14df131913b2219e81038ccd3782f61f3451eb9f5","size":101049,"data":"","first_seen":"2023-03-26T14:22:04Z","last_seen":"2026-01-10T11:32:07.891532Z","times_seen":21,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.685246+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/popper.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":23181},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":30,\"bytes_toserver\":2365,\"bytes_toclient\":40797,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/js/bootbox/bootbox.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c03bd83e89ad00fa10479162362a6d4e","sha1":"dcffcb01cc8e249920a7bccd87e0dbc681cd8b51","sha256":"1d08a9ab08e9d94be79df1d9994e85cd43a66d01f521d6ce7632aabc49aca3ff","sha512":"35cdf739826f9707480e9231f81dfb28366b724315110e55daeddd89b173fa340be614a084f6563c38e4c8a5dff94bb46835517384044bf77e89c4837e5acc7a","ssdeep":"384:Sk7fSfMasp7Ex/iH5ufhiYlvHdvIPtAGo:S8t9maZmnHdgFm","tlshash":"f652e6c1f568b26312b729f621dfd202a16ac214d4b18955e261e3d34fe1c0d67ffe29","size":14246,"data":"","first_seen":"2023-03-10T01:42:34Z","last_seen":"2026-05-13T05:31:33.489664Z","times_seen":33,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.684881+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/bootbox.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4690},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":2429,\"bytes_toclient\":7706,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"82bdfbcd62121cbf35b418529616be28","sha1":"022950b708ef4e6c8b17a04b37f1f56270da8b57","sha256":"26e3e3969e61aa4d5ff99873a6143b16d5380de42b4667a0567f75464e22b1b7","sha512":"64c7a51b8dffe12c06a2c59f6502a56b40e12df9439b9ba237f01ebdb199b9ac124fb9613dacbf649141e6d5cda7d0daabf4030422ba6dba65c63b1219242b9c","ssdeep":"","tlshash":"b721af29ed38ed06bdc20c9ab8fb6d26eecdc004c0169682d926d29c538c975078279f","size":1412,"data":"","first_seen":"2024-08-20T20:36:19.824796Z","last_seen":"2024-08-20T20:36:19.824796Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.065030+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/index.php?r=site%2Flogin\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":867},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1828,\"bytes_toclient\":3135,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/e922c812/jquery.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"23c7c5d2d1317508e807a6c7f777d6ed","sha1":"ad16c4a132ad2a03b4951185fed46d55397b5e88","sha256":"416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37","sha512":"58d2f17cfffc71560bf6c8fc267a7a7add0192e6cb3f7d638531bdbe12ff179b84666839c04ccaa17a75909b25ccf416c0f4f57b23224b194a0a0cc72ce4ce4d","ssdeep":"6144:pJChNVls+TCtlFhTzeKR7cYmD2zK8EAbEtPx+WI+Y7cFyW48L/dyVxNaIPfytrAP:xf7cYmD43APx+WI+Y7cFyMyDTPfCAeuH","tlshash":"2354a4d9f78d112e423231aaac2f12cdb77cd171560458aebd4d597c24a083d83baf7a","size":287630,"data":"","first_seen":"2023-03-07T01:03:32Z","last_seen":"2026-05-15T01:27:14.931848Z","times_seen":8346,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.566547+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/e922c812/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5457},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":25,\"bytes_toserver\":4325,\"bytes_toclient\":31779,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"11c2f7dc661150befdee01a23246950c","sha1":"597b845967289c989c7f153453313f2dfd9a6ab9","sha256":"67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54","sha512":"832f2f165e9c9a6dfbfdc5999c31ac5534feec5bc256ab2fb1faffdec028defb5886e3ab8b68d6b2af4fd5df2a0d201270efcc2a395b1f089307c709e1acd14c","ssdeep":"384:qj0RfTossjpOkUeUnMkx8QfiZ9/lvitSlu11kAd5:o0RfTosxkURMk2QfMpi0luzXd5","tlshash":"db92a3197de330a32077747e9b9f4098a675901b212ace503c4c97b84f54eb986f2fe9","size":20934,"data":"","first_seen":"2023-03-07T01:03:32Z","last_seen":"2026-05-15T01:27:15.027389Z","times_seen":3136,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.555172+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5813},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2061,\"bytes_toclient\":14382,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.captcha.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"daae7efe2c15342aa8fbb9e2b6b01691","sha1":"a6ee314a81dadaefeb5dc03de25bd5ac2a560966","sha256":"33b2ef68729e9d637d5f082356938bdf03c2ef7b2b3dd09398bc9c53e1c0f56e","sha512":"3e3a72947c5d1125190dc4d6b8f7aa60be5f93f9e6701f21dbedb0c94b44d32136e8afef07cacb8acf430e7ef643ed3d013819c94b8213a9d2e8c5127001fce7","ssdeep":"","tlshash":"2a41bd0f79b620344aababe99f7ed109a21cb68ca027cd107d1c64d25749865d191bfc","size":2055,"data":"","first_seen":"2023-03-07T13:01:23Z","last_seen":"2026-04-03T00:31:27.985252Z","times_seen":70,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.560664+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.captcha.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":739},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":2363,\"bytes_toclient\":2424,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.activeForm.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4466b185cf91846af63f3be90f78d585","sha1":"3fa1ddf6a486107eb7aa1ca1bc703632c96dc8f0","sha256":"86414ea5538d5f21da467f12d2334388a419e87dd0cc35b87469c7623c56a2c3","sha512":"ec81e04a852d6a8b34a519ec65f529bffda53435c1b5f6c7f2d40d085fb027502609eab3164efda339b2f6235834eedf04d32ed76a14bb152735189261239c56","ssdeep":"384:VPS9DqKGYydjgqIx6Ytw+2DTP1tpU/DJwNSHnKLGJC4d6xwF//5r0jYhQrVyHNlH:A45X0zvsxG","tlshash":"9df232581ee2033b2d6331bdd7df9145e264902b0006da647c9dd7a12f88e7493b5bee","size":36932,"data":"","first_seen":"2023-03-07T01:14:59Z","last_seen":"2026-05-14T16:00:54.726619Z","times_seen":158,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.672659+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.activeForm.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2533,\"bytes_toclient\":24157,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f34b630ffe30ba2ff2b91e3f3c322a1","sha1":"b16fd8226bd6bfb08e568f1b1d0a21d60247cefb","sha256":"9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe","sha512":"a014e9acc78d10a0a7a9fbaa29deac6ef17398542d9574b77b40bf446155d210fa43384757e3837da41b025998ebfab4b9b6f094033f9c226392b800df068bce","ssdeep":"768:up/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5YW:NorXfURXiUrmq5YW","tlshash":"1b03950ab22031a107efa1a5414b020e73366a7df94791ac78a9d9f22db4c49717bf7d","size":39680,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-15T03:10:24.292941Z","times_seen":26783,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.682740+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10940},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":19,\"bytes_toserver\":2865,\"bytes_toclient\":24533,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"royalepass882.zzux.com/","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":0,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-07T01:49:10.755Z","timestamp":1699321750755,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Tue, 07 Nov 2023 01:49:15 GMT\r\nServer: Apache\r\nLocation: /backend/web/\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T03:59:12.236673Z","times_seen":15198060,"resource_available":true,"data":null}},"time_used":1306,"timings":{"blocked":1306,"dns":0,"connect":122,"send":0,"wait":0,"receive":0,"ssl":127},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.009795+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/backend/web/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":669,\"bytes_toclient\":421,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-07T01:49:16.282Z","timestamp":1699321756282,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/ HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Tue, 07 Nov 2023 01:49:16 GMT\r\nServer: Apache\r\nSet-Cookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; path=/; HttpOnly\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nLocation: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T03:59:12.236673Z","times_seen":15198060,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:16Z","timestamp":1699321756,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:16.409211+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":1210,\"bytes_toclient\":939,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-07T01:49:16.935Z","timestamp":1699321756935,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/index.php?r=site%2Flogin HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D; path=/; HttpOnly; SameSite=Lax\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1483\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1483,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (1118)","md5":"21408b66a2ba96f875c22de7d3a125a5","sha1":"bdabc6c25193435f65429f0c280b5607ab123cc6","sha256":"b6c25ac04650266d69878e4c5292386f7faba09067884f891554d264953fd74c","sha512":"9cf1da8a1ba7d94f40824b57a9916b6cf07ea627d0532eca392b691b89b31b96af8a579821c99b5a7e5048c30d2e5f8844d10e146f59dd71a1941f1f79319744","ssdeep":"96:/QtkovBMXtLgVN4mZ8ipaSTCWh/8Lpt6AP7NBaEF7NBLEp7NBOOX:/2kovBMXtMVN4myipaSTCWhAt6AP7DaN","tlshash":"faa120288d6c0c2f3ad288c479b2721c9acdd14ec555de58b6fc82d81b9de8a4a43b4d","first_seen":"2023-11-07T02:49:30Z","last_seen":"2023-11-07T02:49:30Z","times_seen":1,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.065030+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/index.php?r=site%2Flogin\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":867},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":1828,\"bytes_toclient\":3135,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/94932517/css/bootstrap.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.202Z","timestamp":1699321757202,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/94932517/css/bootstrap.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:58 GMT\r\nETag: \"23a0d-5e18d6499e980-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 21275\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21275,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (386)","md5":"2dbb985a5bb6dd8ef0a7b21d290ea9ae","sha1":"f8676e1f4a902a63088f45982f3f9b6a6c401b47","sha256":"d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a","sha512":"986ed7a3a5cb950d772463d02e02f123b6f3f10944aebb04f6b6100d1805fba0254079bd4e7e5b87fbda20ac4198cf6650b3c2eb28b30211262b21a0347088be","ssdeep":"1536:RP2v8UU8K3LVH5h8BICxV3gzUNbDYv8/nG/BP9IZpHWJ23yJ8:RyUNLhmIGgAdU8/G/BP9IZpHWJ23n","tlshash":"bae394d8f6b039403223c09835939e52b71da143d41fed7ab7a235acafc91958573b8a","first_seen":"2023-04-07T10:31:45Z","last_seen":"2026-05-15T01:27:14.912429Z","times_seen":1389,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":123,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.309136+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/94932517/css/bootstrap.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1125},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":10,\"bytes_toserver\":2692,\"bytes_toclient\":9191,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/font-awesome/css/font-awesome.min.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.205Z","timestamp":1699321757205,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:51 GMT\r\nETag: \"7918-5e17f4f4b89c0-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 7053\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7053,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-05-15T03:36:48.266962Z","times_seen":270678,"resource_available":true,"data":null}},"time_used":350,"timings":{"blocked":105,"dns":0,"connect":121,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.432135+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/font-awesome/css/font-awesome.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":959,\"bytes_toclient\":7710,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/Ionicons/css/ionicons.min.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.206Z","timestamp":1699321757206,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/bower_components/Ionicons/css/ionicons.min.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:49 GMT\r\nETag: \"c854-5e17f4f2d0540-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 8284\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8284,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (50806)","md5":"0d6763b67616cb9183f3931313d42971","sha1":"f0459300e39155df7aa5e94b3bdb8c8594f49a60","sha256":"de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa","sha512":"240a635919dfa2715e18163bb78caaf125abd40eb155810980efd430860e371691dc2f461132948342e16ab6c99dc133245e4d9a2bfe3ebe5036e96bf352e319","ssdeep":"384:048l+hhJhjRqFdtYRjJIjsjaHnNfc2C4741mf5HRzL:04DhhjQFduRjJ7uHFcu7Smf5xzL","tlshash":"c833f8e4d20c0dd0ab35c447ab49674858b5f7fbe4584ca8e42fd4ac39cb224a3e5b6d","first_seen":"2023-04-05T07:17:57Z","last_seen":"2025-03-01T07:51:18.597046Z","times_seen":2266,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":105,"dns":0,"connect":121,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.433629+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/Ionicons/css/ionicons.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1126},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":951,\"bytes_toclient\":7710,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/css/skins/skin-yellow.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.209Z","timestamp":1699321757209,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/dist/css/skins/skin-yellow.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:53 GMT\r\nETag: \"de8-5e17f4f6a0e40-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 767\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":767,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5d72c6cb9e553468b124cd905a1de96c","sha1":"c397e56174de5bef535cd7f73107a8890170ad07","sha256":"c50493b89177169f14b529772e7a8661b011250a0008cfb8d438bdb5eeae5c84","sha512":"2aa64691bfd4c0c6b39becc064c1f20049bf99b0330fbf0a33c6d4b3ec51dce18904e6eca39dd93c141bd50ed0ad83c351b7923925bb167e64603bb27fd15222","ssdeep":"","tlshash":"e571809976e57d06602ec22c14c2ca5027cd35489009eb2bbfbfa16dd7885e1fcb5988","first_seen":"2023-04-11T00:52:27Z","last_seen":"2026-01-10T11:32:07.896237Z","times_seen":21,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":103,"dns":1,"connect":123,"send":0,"wait":123,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.436080+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/css/skins/skin-yellow.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":767},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":935,\"bytes_toclient\":1293,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.203Z","timestamp":1699321757203,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:50 GMT\r\nETag: \"1da71-5e17f4f3c4780-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 19741\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19741,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65369)","md5":"7f89537eaf606bff49f5cc1a7c24dbca","sha1":"b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0","sha256":"6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11","sha512":"0e8a7fbd6de23ad6b27ab95802a0a0915af6693af612bc304d83af445529ce5d95842309ca3405d10f538d45c8a3a261b8cff78b4bd512dd9effb4109a71d0ab","ssdeep":"768:rf7Gxw/Tc/hOWlJ+UtVIuiHlqAmQI4X8OAdXFxbv8KIf2BdU+JdOMx1iVvH1FS:sw/YGGIuiHlqAmO8l1bNXdOqT","tlshash":"0dc3c7a0f21031ea7333c55a71d0fd872219a153e6664eb7f22f25d88f846ca1673f1a","first_seen":"2023-03-07T12:03:40Z","last_seen":"2026-05-15T03:10:15.221144Z","times_seen":18845,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":100,"dns":1,"connect":121,"send":0,"wait":125,"receive":122,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.427931+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1124},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":958,\"bytes_toclient\":6196,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.214Z","timestamp":1699321757214,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/744752e1/yii.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:57 GMT\r\nETag: \"51c6-5e18d648aa740-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 5813\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5813,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"11c2f7dc661150befdee01a23246950c","sha1":"597b845967289c989c7f153453313f2dfd9a6ab9","sha256":"67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54","sha512":"832f2f165e9c9a6dfbfdc5999c31ac5534feec5bc256ab2fb1faffdec028defb5886e3ab8b68d6b2af4fd5df2a0d201270efcc2a395b1f089307c709e1acd14c","ssdeep":"384:qj0RfTossjpOkUeUnMkx8QfiZ9/lvitSlu11kAd5:o0RfTosxkURMk2QfMpi0luzXd5","tlshash":"db92a3197de330a32077747e9b9f4098a675901b212ace503c4c97b84f54eb986f2fe9","first_seen":"2023-03-07T01:03:32Z","last_seen":"2026-05-15T01:27:15.027389Z","times_seen":3136,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":219,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.555172+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5813},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":13,\"bytes_toserver\":2061,\"bytes_toclient\":14382,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.validation.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.215Z","timestamp":1699321757215,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/744752e1/yii.validation.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:57 GMT\r\nETag: \"401a-5e18d648aa740-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 3068\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3068,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"926d297d32127a64c0822c446e1d4378","sha1":"4677fb8b913cd7fa6be98674946a6a0c47e6dfb3","sha256":"bed9bcc372f2d6619d19a6e2d2a69092725530f20cdc7ffbe55a4a18cfb67b28","sha512":"d655bb801a2756c50af20c6797cff298c2cbe035ed8063b7ce417e949bad6f61ffbc729c007c2dcdb58c0554ca2eccc62082ea8830a73d1f810e35e241914534","ssdeep":"192:/laldMtH04lLZ/vpIC8l+ARBc0KltNolNhZ5lkbl2tUs0lnnQlya0AcapvVkfPrL:x3vd8xU5gxJnmR8RQ","tlshash":"e172905c6cf71a5948a371e93adf6008b6b9c223100dde55be5c83c16f94834f2e7b99","first_seen":"2023-03-07T01:14:59Z","last_seen":"2026-05-14T16:00:54.718694Z","times_seen":91,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":219,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.556575+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.validation.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":2064,\"bytes_toclient\":12736,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/css/AdminLTE.min.css","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.206Z","timestamp":1699321757206,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/dist/css/AdminLTE.min.css HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:53 GMT\r\nETag: \"1656b-5e17f4f6a0e40-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 14974\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14974,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65317)","md5":"e3bd21ffe6ce31c1a7d79b7058533af4","sha1":"32bec4614178d9ac432304eb929ffa8ffab41ec3","sha256":"968d106d4bfc73434033d70d73309e7a3ba3f11fb286664ebcd6332c0f8dc339","sha512":"dbe4ae447cb25d3d2c619c8ed28b6a118857dfc8cdeab1792bdd7841b807ad1bd1dd74c641bf558c7216c2a0f3ad9471a7e1b92c61a5fbf5544b68f31e110dbd","ssdeep":"1536:B9o/whovK1aE8GCPXbocNJB1brKKSP7LkZwRm:B9FXsE8GCPXEkB","tlshash":"b993a771f4a4302a7027c61d74d1fea9222e96e2e6064b7ff63bb568ce812cf1553b05","first_seen":"2023-04-11T00:52:27Z","last_seen":"2026-01-10T11:32:07.90961Z","times_seen":21,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":105,"dns":1,"connect":121,"send":0,"wait":125,"receive":122,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.435753+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/css/AdminLTE.min.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1124},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":12,\"bytes_toserver\":930,\"bytes_toclient\":15280,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.captcha.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.216Z","timestamp":1699321757216,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/744752e1/yii.captcha.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:57 GMT\r\nETag: \"807-5e18d648aa740-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 739\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":739,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"daae7efe2c15342aa8fbb9e2b6b01691","sha1":"a6ee314a81dadaefeb5dc03de25bd5ac2a560966","sha256":"33b2ef68729e9d637d5f082356938bdf03c2ef7b2b3dd09398bc9c53e1c0f56e","sha512":"3e3a72947c5d1125190dc4d6b8f7aa60be5f93f9e6701f21dbedb0c94b44d32136e8afef07cacb8acf430e7ef643ed3d013819c94b8213a9d2e8c5127001fce7","ssdeep":"","tlshash":"2a41bd0f79b620344aababe99f7ed109a21cb68ca027cd107d1c64d25749865d191bfc","first_seen":"2023-03-07T13:01:23Z","last_seen":"2026-04-03T00:31:27.985252Z","times_seen":70,"resource_available":true,"data":null}},"time_used":344,"timings":{"blocked":221,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.560664+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.captcha.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":739},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":2363,\"bytes_toclient\":2424,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/744752e1/yii.activeForm.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.217Z","timestamp":1699321757217,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/744752e1/yii.activeForm.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:57 GMT\r\nETag: \"9044-5e18d648aa740-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 7457\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7457,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"4466b185cf91846af63f3be90f78d585","sha1":"3fa1ddf6a486107eb7aa1ca1bc703632c96dc8f0","sha256":"86414ea5538d5f21da467f12d2334388a419e87dd0cc35b87469c7623c56a2c3","sha512":"ec81e04a852d6a8b34a519ec65f529bffda53435c1b5f6c7f2d40d085fb027502609eab3164efda339b2f6235834eedf04d32ed76a14bb152735189261239c56","ssdeep":"384:VPS9DqKGYydjgqIx6Ytw+2DTP1tpU/DJwNSHnKLGJC4d6xwF//5r0jYhQrVyHNlH:A45X0zvsxG","tlshash":"9df232581ee2033b2d6331bdd7df9145e264902b0006da647c9dd7a12f88e7493b5bee","first_seen":"2023-03-07T01:14:59Z","last_seen":"2026-05-14T16:00:54.726619Z","times_seen":158,"resource_available":true,"data":null}},"time_used":456,"timings":{"blocked":333,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.672659+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/744752e1/yii.activeForm.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2568},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2533,\"bytes_toclient\":24157,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.803Z","timestamp":1699321757803,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/css/plugins/iCheck/icheck.min.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nContent-Length: 268\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":268,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"501c9fb4d09d9e6de9284db094f71d42","sha1":"7a7bc936d6d9504f670ea83814209127e59e9b75","sha256":"a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74","sha512":"69f54bbed3639374e7a0fe93b55e250f926715637f619fc20fe7f656ba2cfeb1374541a55636ba74f2f434901cb11d13b8268b0172b8bc36d18ff48d1ff27331","ssdeep":"","tlshash":"6cd02b9e9043229b4c12255039c551c6228913fa743985e86e87d487935893edc8a2cd","first_seen":"2023-08-17T14:05:12Z","last_seen":"2023-11-07T02:49:30Z","times_seen":2,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.677073+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":14,\"bytes_toserver\":3503,\"bytes_toclient\":14916,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.968466+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":31,\"bytes_toserver\":3147,\"bytes_toclient\":41331,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.219Z","timestamp":1699321757219,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:50 GMT\r\nETag: \"9b00-5e17f4f3c4780-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 10940\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10940,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (39553)","md5":"2f34b630ffe30ba2ff2b91e3f3c322a1","sha1":"b16fd8226bd6bfb08e568f1b1d0a21d60247cefb","sha256":"9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe","sha512":"a014e9acc78d10a0a7a9fbaa29deac6ef17398542d9574b77b40bf446155d210fa43384757e3837da41b025998ebfab4b9b6f094033f9c226392b800df068bce","ssdeep":"768:up/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5YW:NorXfURXiUrmq5YW","tlshash":"1b03950ab22031a107efa1a5414b020e73366a7df94791ac78a9d9f22db4c49717bf7d","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-15T03:10:24.292941Z","times_seen":26783,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":338,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.682740+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/js/bootstrap.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":10940},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":19,\"bytes_toserver\":2865,\"bytes_toclient\":24533,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/js/bootbox/bootbox.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.220Z","timestamp":1699321757220,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/dist/js/bootbox/bootbox.min.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:53 GMT\r\nETag: \"37a6-5e17f4f6a0e40-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 4690\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4690,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (14179)","md5":"c03bd83e89ad00fa10479162362a6d4e","sha1":"dcffcb01cc8e249920a7bccd87e0dbc681cd8b51","sha256":"1d08a9ab08e9d94be79df1d9994e85cd43a66d01f521d6ce7632aabc49aca3ff","sha512":"35cdf739826f9707480e9231f81dfb28366b724315110e55daeddd89b173fa340be614a084f6563c38e4c8a5dff94bb46835517384044bf77e89c4837e5acc7a","ssdeep":"384:Sk7fSfMasp7Ex/iH5ufhiYlvHdvIPtAGo:S8t9maZmnHdgFm","tlshash":"f652e6c1f568b26312b729f621dfd202a16ac214d4b18955e261e3d34fe1c0d67ffe29","first_seen":"2023-03-10T01:42:34Z","last_seen":"2026-05-13T05:31:33.489664Z","times_seen":33,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":341,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59618,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.684881+0000\",\"flow_id\":1903042423023081,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59618,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/bootbox.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4690},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":8,\"bytes_toserver\":2429,\"bytes_toclient\":7706,\"start\":\"2023-11-07T01:49:17.189929+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/js/bootbox/popper.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.219Z","timestamp":1699321757219,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/dist/js/bootbox/popper.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:53 GMT\r\nETag: \"18ab9-5e17f4f6a0e40-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 23181\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23181,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (345)","md5":"09e3713f6fd15ee23bc80bfa4a51bedc","sha1":"92cb1b7662dd25704ae9595e116b92a96f54e0ee","sha256":"4787a7297e406f0a47a7994e827e78e60f84622f834792648f1ed9f89d67194d","sha512":"55b9be9de382ac896062b3d17019da0c3a0ebb981e7ac491050c6c24d5986d57fed9a367f314199ffacfe210f1f940226cadb841b2e1ac8a8bb0d778585add97","ssdeep":"1536:Y67ixtqChckw1MhqZsKk0IhmyYwRGiR/3GzcpGkO/jQLA:zixtXhcpMhqnkSwRGiR/3GzcY9Q8","tlshash":"2fa3a65a78e6b2b609a7616f43afa14df131913b2219e81038ccd3782f61f3451eb9f5","first_seen":"2023-03-26T14:22:04Z","last_seen":"2026-01-10T11:32:07.891532Z","times_seen":21,"resource_available":true,"data":null}},"time_used":467,"timings":{"blocked":338,"dns":0,"connect":0,"send":0,"wait":128,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.685246+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/js/bootbox/popper.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":23181},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":16,\"pkts_toclient\":30,\"bytes_toserver\":2365,\"bytes_toclient\":40797,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/assets/e922c812/jquery.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.213Z","timestamp":1699321757213,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/assets/e922c812/jquery.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 16 Jun 2022 09:37:57 GMT\r\nETag: \"4638e-5e18d648aa740-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nKeep-Alive: timeout=5, max=96\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84781,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"23c7c5d2d1317508e807a6c7f777d6ed","sha1":"ad16c4a132ad2a03b4951185fed46d55397b5e88","sha256":"416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37","sha512":"58d2f17cfffc71560bf6c8fc267a7a7add0192e6cb3f7d638531bdbe12ff179b84666839c04ccaa17a75909b25ccf416c0f4f57b23224b194a0a0cc72ce4ce4d","ssdeep":"6144:pJChNVls+TCtlFhTzeKR7cYmD2zK8EAbEtPx+WI+Y7cFyW48L/dyVxNaIPfytrAP:xf7cYmD43APx+WI+Y7cFyMyDTPfCAeuH","tlshash":"2354a4d9f78d112e423231aaac2f12cdb77cd171560458aebd4d597c24a083d83baf7a","first_seen":"2023-03-07T01:03:32Z","last_seen":"2026-05-15T01:27:14.931848Z","times_seen":8346,"resource_available":true,"data":null}},"time_used":529,"timings":{"blocked":220,"dns":0,"connect":0,"send":0,"wait":134,"receive":175,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59598,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.566547+0000\",\"flow_id\":2159954481619761,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59598,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":4,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/assets/e922c812/jquery.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":5457},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":25,\"bytes_toserver\":4325,\"bytes_toclient\":31779,\"start\":\"2023-11-07T01:49:15.762673+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.609Z","timestamp":1699321757609,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 15 Jun 2022 16:49:50 GMT\r\nETag: \"466c-5e17f4f3c4780\"\r\nAccept-Ranges: bytes\r\nContent-Length: 18028\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: font/woff2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18028,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\\012- data","md5":"448c34a56d699c29117adc64c43affeb","sha1":"ca35b697d99cae4d1b60f2d60fcd37771987eb07","sha256":"fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c","sha512":"3811804f56ec3c82f0bef35de0a9250e546a1e357fb59e2784f610d638fec355a27b480e3f796243c0e3d3743be3eadda8f9064c2b5b49577e16b7e40efcdb83","ssdeep":"384:Y22oezK7jlf4flnEPn9+1z2DIH6r3lEsNgV:Y22oeKjlCnm9+1y8gA","tlshash":"d082d0f4ea92999085b01c37d19acb48dc87b9cef5a4d01611e4e13eb5ff8ad684c6c8","first_seen":"2023-04-05T16:42:51Z","last_seen":"2026-05-15T04:08:15.544413Z","times_seen":43391,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":123,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59610,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.796998+0000\",\"flow_id\":795026759992835,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59610,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/bower_components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"font/woff2\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/bower_components/bootstrap/dist/css/bootstrap.min.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":14208},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":35,\"bytes_toserver\":3508,\"bytes_toclient\":48468,\"start\":\"2023-11-07T01:49:17.181763+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/index.php?r=site%2Fcaptcha\u0026v=6549979d02bdd2.26590695","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.212Z","timestamp":1699321757212,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/index.php?r=site%2Fcaptcha\u0026v=6549979d02bdd2.26590695 HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nExpires: 0\r\nCache-Control: must-revalidate, post-check=0, pre-check=0\r\nPragma: public\r\nContent-Transfer-Encoding: binary\r\nContent-Length: 2757\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2757,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 50, 8-bit/color RGB, non-interlaced\\012- data","md5":"ff8bc075b116d51edcb1d4a175181e91","sha1":"65829db32fa7892ce3f2edfebe683c28409f4e1d","sha256":"29818edd0b52d585b3b8a929a857b8e2c85f38e9011e6900a4f9f4489bf8c44f","sha512":"8d0b2ac1be0e3b2353507414fcbe5ef3ca836bf0ddefcda196d76b3b2a0981846ecd010dbfefb3f4089d8247911ecb5fef921ee6e0d6bd18b3280d3da9a1ed83","ssdeep":"","tlshash":"","first_seen":"2023-11-07T02:49:30Z","last_seen":"2023-11-07T02:49:30Z","times_seen":1,"resource_available":false,"data":null}},"time_used":604,"timings":{"blocked":473,"dns":0,"connect":0,"send":0,"wait":129,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59626,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.814156+0000\",\"flow_id\":1797893033682497,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59626,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/index.php?r=site%2Fcaptcha\u0026v=6549979d02bdd2.26590695\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2757},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":22,\"bytes_toserver\":3689,\"bytes_toclient\":27784,\"start\":\"2023-11-07T01:49:17.190017+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/css/plugins/iCheck/icheck.min.js","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.803Z","timestamp":1699321757803,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/css/plugins/iCheck/icheck.min.js HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nContent-Length: 268\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":268,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"501c9fb4d09d9e6de9284db094f71d42","sha1":"7a7bc936d6d9504f670ea83814209127e59e9b75","sha256":"a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74","sha512":"69f54bbed3639374e7a0fe93b55e250f926715637f619fc20fe7f656ba2cfeb1374541a55636ba74f2f434901cb11d13b8268b0172b8bc36d18ff48d1ff27331","ssdeep":"","tlshash":"6cd02b9e9043229b4c12255039c551c6228913fa743985e86e87d487935893edc8a2cd","first_seen":"2023-08-17T14:05:12Z","last_seen":"2023-11-07T02:49:30Z","times_seen":2,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.677073+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":14,\"bytes_toserver\":3503,\"bytes_toclient\":14916,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.968466+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/css/plugins/iCheck/icheck.min.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":31,\"bytes_toserver\":3147,\"bytes_toclient\":41331,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/backend/web/dist/img/logo-2x.png","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:17.211Z","timestamp":1699321757211,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /backend/web/dist/img/logo-2x.png HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 07 Nov 2023 01:49:17 GMT\r\nServer: Apache\r\nLast-Modified: Sat, 18 Jun 2022 09:01:52 GMT\r\nETag: \"19079-5e1b51f2e2000\"\r\nAccept-Ranges: bytes\r\nContent-Length: 102521\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":102521,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 560 x 316, 8-bit colormap, non-interlaced\\012- data","md5":"f50f5ae735ad75ba46c7bc0357562324","sha1":"7ae7ad920ddd44a90ba28ed8194f59a29630d723","sha256":"81fc5a3eab22996fd30d156c7ddffbb66b4f3e38e82617482b562246e97a8a01","sha512":"1dee3409d9db69780bcc1d5388f8d5fbea734a168756df3b37a2e3f7e6bd4d29de01c82968fb1092062af74e6be8a1477372a09a12071b72f350eb30a8d322e5","ssdeep":"1536:JGPbV/aog4yEesyp1+T42kzkE3MkTXiM1cbLDJGSdmaLxQYl6wm5BUtoYhTrXk:JG1xyEeNw42kr3MkTSSIDJCkQYVnxk","tlshash":"8fa3020d8388c3229fe32f165b7b46d69b0747e0e4e05a4fb6bc31561a859e13c3ec89","first_seen":"2023-05-05T01:21:41Z","last_seen":"2026-01-10T11:32:07.884208Z","times_seen":21,"resource_available":false,"data":null}},"time_used":834,"timings":{"blocked":466,"dns":0,"connect":0,"send":0,"wait":122,"receive":246,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:17Z","timestamp":1699321757,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59614,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:17.799386+0000\",\"flow_id\":1013138084192241,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59614,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/backend/web/dist/img/logo-2x.png\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4071},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":14,\"pkts_toclient\":24,\"bytes_toserver\":3569,\"bytes_toclient\":30056,\"start\":\"2023-11-07T01:49:17.188401+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"royalepass882.zzux.com/favicon.ico","fqdn":"royalepass882.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin","date":"2023-11-07T01:49:18.038Z","timestamp":1699321758038,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: royalepass882.zzux.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\r\nCookie: advanced-backend=rkvfv40eoien4d3jpml4fivomb; _csrf-backend=497b63e916b573f478054e61fd42803e13160a5e165efba1e3328fb123ecdd0ba%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf-backend%22%3Bi%3A1%3Bs%3A32%3A%22Lp8sF0X1mlLMIcGPTUNyc1p1V3eHqji-%22%3B%7D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 07 Nov 2023 01:49:18 GMT\r\nServer: Apache\r\nContent-Length: 268\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":268,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"501c9fb4d09d9e6de9284db094f71d42","sha1":"7a7bc936d6d9504f670ea83814209127e59e9b75","sha256":"a7258fd42e5b217c61f0da08da821a8bf7db151c158b8695e172eba5f4cefd74","sha512":"69f54bbed3639374e7a0fe93b55e250f926715637f619fc20fe7f656ba2cfeb1374541a55636ba74f2f434901cb11d13b8268b0172b8bc36d18ff48d1ff27331","ssdeep":"","tlshash":"6cd02b9e9043229b4c12255039c551c6228913fa743985e86e87d487935893edc8a2cd","first_seen":"2023-08-17T14:05:12Z","last_seen":"2023-11-07T02:49:30Z","times_seen":2,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":122,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-07T01:49:18Z","timestamp":1699321758,"ip_dst":{"addr":"207.244.241.61","port":80,"asn":40021,"as":"CONTABO","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.111","port":59642,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-11-07T01:49:18.159109+0000\",\"flow_id\":324925409584992,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.111\",\"src_port\":59642,\"dest_ip\":\"207.244.241.61\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"royalepass882.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://royalepass882.zzux.com/backend/web/index.php?r=site%2Flogin\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":268},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":32,\"bytes_toserver\":3918,\"bytes_toclient\":41865,\"start\":\"2023-11-07T01:49:17.190304+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}