{"report_id":"ffa7f230-7c0b-45e1-8c81-6697ec0fb5ce","version":6,"status":"done","tags":["dyndns"],"date":"2023-12-04T20:01:21Z","url":{"schema":"http","addr":"gratis-uc-pubmobile.zzux.com/","fqdn":"gratis-uc-pubmobile.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":0,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"http","addr":"gratis-uc-pubmobile.zzux.com/","fqdn":"gratis-uc-pubmobile.zzux.com","domain":"zzux.com","tld":"com"},"title":"Apache2 Ubuntu Default Page: It works"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:08:21Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"gratis-uc-pubmobile.zzux.com","ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2000-11-15","domain_rank":0,"first_seen":"2021-05-03 14:23:07","last_seen":"2023-10-26 06:45:36","alert_count":6,"request_count":3,"received_data":7601,"sent_data":1179,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":37952,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.301687+0000\",\"flow_id\":1029446484466295,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":37952,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":14573,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.301687+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33989,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.301905+0000\",\"flow_id\":2237002309540689,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":33989,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":26646,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.301905+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":37952,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.301687+0000\",\"flow_id\":1029446484466295,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":37952,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":14573,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.301687+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33989,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.301905+0000\",\"flow_id\":2237002309540689,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":33989,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":26646,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.301905+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52155,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.380270+0000\",\"flow_id\":1559082524069230,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":52155,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31558,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.380270+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52155,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.380270+0000\",\"flow_id\":1559082524069230,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":52155,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31558,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.380270+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":32985,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.381947+0000\",\"flow_id\":1726311370707963,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":32985,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49593,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.381947+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":32985,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.381947+0000\",\"flow_id\":1726311370707963,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":32985,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":49593,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.381947+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51812,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.806298+0000\",\"flow_id\":1676775365365146,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":51812,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45059,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.806298+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51812,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.806298+0000\",\"flow_id\":1676775365365146,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":51812,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45059,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.806298+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33982,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:09.817562+0000\",\"flow_id\":319234987358618,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":33982,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":12765,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.817562+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:09Z","timestamp":1701720069,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33982,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:09.817562+0000\",\"flow_id\":319234987358618,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":33982,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":12765,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:09.817562+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":50742,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.174039+0000\",\"flow_id\":1752169221291069,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50742,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":685,\"bytes_toclient\":1654,\"start\":\"2023-12-04T20:01:09.818237+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52727,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:10.283198+0000\",\"flow_id\":146401208455742,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":52727,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":7718,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:10.283198+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52727,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.283198+0000\",\"flow_id\":146401208455742,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":52727,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":7718,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:10.283198+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58830,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Observed DNS Query to DDNS Domain .zzux .com","source":"{\"timestamp\":\"2023-12-04T20:01:10.385670+0000\",\"flow_id\":1755680357147270,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":58830,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033122,\"rev\":1,\"signature\":\"ET INFO Observed DNS Query to DDNS Domain .zzux .com\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2021_06_09\"],\"former_category\":[\"INFO\"],\"updated_at\":[\"2021_06_09\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29402,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:10.385670+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58830,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.385670+0000\",\"flow_id\":1755680357147270,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":58830,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042727,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS Query to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_13\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_13\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29402,\"rrname\":\"gratis-uc-pubmobile.zzux.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":99,\"bytes_toclient\":0,\"start\":\"2023-12-04T20:01:10.385670+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":50742,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.460388+0000\",\"flow_id\":1752169221291069,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50742,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/icons/ubuntu-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://gratis-uc-pubmobile.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1163},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1340,\"bytes_toclient\":6909,\"start\":\"2023-12-04T20:01:09.818237+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"Client IP","port":50750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.764624+0000\",\"flow_id\":1533881803531782,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50750,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://gratis-uc-pubmobile.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":290},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":653,\"bytes_toclient\":713,\"start\":\"2023-12-04T20:01:10.386566+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"gratis-uc-pubmobile.zzux.com/","fqdn":"gratis-uc-pubmobile.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T20:01:09.819Z","timestamp":1701720069819,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: gratis-uc-pubmobile.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 04 Dec 2023 20:01:04 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Mon, 18 Sep 2023 04:20:07 GMT\r\nETag: \"2aa6-6059a7516b456-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 3138\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document text\\012- exported SGML document, ASCII text","md5":"3526531ccd6c6a1d2340574a305a18f8","sha1":"07993837ce7f0273a65b20db8ee9b24823da7e1e","sha256":"b663321ab439cc53a329ee352c1b855d9998d3af95524a05795a88b42a9acf07","sha512":"81053b8a1ccf04a091df853c91391484a9d2d9e5aba3f3af22b2d720d6e4efeaf49ccc67b0d03cf896d29fb9abf002847ba2988da535285eda7a81249071a87f","ssdeep":"96:lA46evqMhQKrFih8Wdp3667KoQAm+czjJX91GH1o03PHhdntun3nXhgJF2GiloeG:lV6yqGQKJUnpJKoOJaVB2GiLA1b","tlshash":"6f329825f9e521136203c06177f6ab532f769187ed0a562931be019c8fc6bf6c6a3389","first_seen":"2023-04-05T15:45:20Z","last_seen":"2026-05-20T11:00:53.974619Z","times_seen":2970,"resource_available":true,"data":null}},"time_used":535,"timings":{"blocked":177,"dns":1,"connect":177,"send":0,"wait":178,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.35","port":50742,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.174039+0000\",\"flow_id\":1752169221291069,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50742,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":685,\"bytes_toclient\":1654,\"start\":\"2023-12-04T20:01:09.818237+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"gratis-uc-pubmobile.zzux.com/icons/ubuntu-logo.png","fqdn":"gratis-uc-pubmobile.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gratis-uc-pubmobile.zzux.com/","date":"2023-12-04T20:01:10.285Z","timestamp":1701720070285,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /icons/ubuntu-logo.png HTTP/1.1\r\nHost: gratis-uc-pubmobile.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gratis-uc-pubmobile.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 04 Dec 2023 20:01:04 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nLast-Modified: Wed, 08 Mar 2023 17:32:54 GMT\r\nETag: \"d0a-5f666eb0abd80\"\r\nAccept-Ranges: bytes\r\nContent-Length: 3338\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3338,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 99, 8-bit/color RGBA, non-interlaced\\012- data","md5":"5bf8c10887a4300160553ff99b3ee00b","sha1":"21b29d43acd3106347eacd8f3a36a38ad7d330ee","sha256":"ef6e62d62944c3b838f72816ba8e836fbdb46a8dcfb43ba62a4c387b65306fdb","sha512":"7f0b5bba4ab87b728af0ad1169ba2a6b11624e7ae08d23377442a2a6280053e4d99c6ccbfd49c87a2977305e2850d6cf356620a188161147d7ffdfec951293d3","ssdeep":"","tlshash":"60613bdf73b0a36076a2b2fd3a4ae215a22e538c5e9a475af8039f3102754c31452ab1","first_seen":"2023-05-01T15:41:17Z","last_seen":"2026-05-20T11:00:53.976009Z","times_seen":1865,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.35","port":50742,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.460388+0000\",\"flow_id\":1752169221291069,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50742,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/icons/ubuntu-logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://gratis-uc-pubmobile.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1163},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1340,\"bytes_toclient\":6909,\"start\":\"2023-12-04T20:01:09.818237+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"gratis-uc-pubmobile.zzux.com/favicon.ico","fqdn":"gratis-uc-pubmobile.zzux.com","domain":"zzux.com","tld":"com"},"ip":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gratis-uc-pubmobile.zzux.com/","date":"2023-12-04T20:01:10.386Z","timestamp":1701720070386,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gratis-uc-pubmobile.zzux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gratis-uc-pubmobile.zzux.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 04 Dec 2023 20:01:04 GMT\r\nServer: Apache/2.4.41 (Ubuntu)\r\nContent-Length: 290\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":290,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"cf0109a264e8cf94436140616e00fa60","sha1":"316935744ec47f995d42c0a56e574fe314884bcc","sha256":"1d1955346b17117e089fd9451d00180e97e1b6c350678d13f86060eee4acac15","sha512":"09bddd5b145d02283ddae612a897723337183ffbc2a8eed3320a7a443710781116967bf90a59aa7ab7d179d8cc2c82e9bb5b0eb2e9d17249a1a4ad9d506f7f9f","ssdeep":"","tlshash":"77d0e79f4143a3870c13155034c55cc1324c12f9f82945d42c85d083125853ecdc77cc","first_seen":"2023-11-07T02:35:16Z","last_seen":"2023-12-04T21:01:21Z","times_seen":2,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":0,"dns":1,"connect":189,"send":0,"wait":189,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T20:01:10Z","timestamp":1701720070,"ip_dst":{"addr":"194.233.69.12","port":80,"asn":141995,"as":"Contabo Asia Private Limited","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"10.70.215.35","port":50750,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain","source":"{\"timestamp\":\"2023-12-04T20:01:10.764624+0000\",\"flow_id\":1533881803531782,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.35\",\"src_port\":50750,\"dest_ip\":\"194.233.69.12\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2035965,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.zzux .com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_04_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_14\"]}},\"http\":{\"hostname\":\"gratis-uc-pubmobile.zzux.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://gratis-uc-pubmobile.zzux.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":290},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":653,\"bytes_toclient\":713,\"start\":\"2023-12-04T20:01:10.386566+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}