Cuckoo Sandbox

IP Address	Status	Action	VT	Location
No hosts contacted.

Name	Response	Post-Analysis Lookup
No hosts contacted.

No traffic

No traffic

No traffic

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.168.229:60849 -> 8.8.8.8:53	2032759	ET HUNTING Suspicious Netlify Hosted DNS Request - Possible Phishing Landing	Possible Social Engineering Attempted
TCP 192.168.168.229:49236 -> 35.157.26.135:443	2032760	ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing	Possible Social Engineering Attempted
TCP 192.168.168.229:49237 -> 35.157.26.135:443	2032760	ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing	Possible Social Engineering Attempted
TCP 192.168.168.229:49246 -> 35.157.26.135:443	2032760	ET HUNTING Suspicious Netlify Hosted TLS SNI Request - Possible Phishing Landing	Possible Social Engineering Attempted

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.168.229:49236 35.157.26.135:443	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app	04:28:c9:a3:bc:06:50:9c:6b:0b:67:72:82:27:c6:3d:99:1b:5b:71
TLS 1.2 192.168.168.229:49237 35.157.26.135:443	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app	04:28:c9:a3:bc:06:50:9c:6b:0b:67:72:82:27:c6:3d:99:1b:5b:71
TLS 1.2 192.168.168.229:49246 35.157.26.135:443	C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1	C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app	04:28:c9:a3:bc:06:50:9c:6b:0b:67:72:82:27:c6:3d:99:1b:5b:71

Snort Alerts

Flow	SID	Message
UDP 192.168.168.229:60849 -> 8.8.8.8:53	2032759	ET INFO Suspicious Netlify Hosted DNS Request - Possible Phishing Landing

Cuckoo

We're processing your submission... This could take a few seconds.