Network Analysis
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
No traffic
No traffic
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 37.48.80.112:443 -> 192.168.168.219:49248 | 2025194 | ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) | Potentially Bad Traffic |
| TCP 37.48.80.112:443 -> 192.168.168.219:49247 | 2025194 | ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz) | Potentially Bad Traffic |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.168.219:49247 37.48.80.112:443 |
C=US, O=Let's Encrypt, CN=E6 | CN=*.l3t5d01tr19ht.xyz | 9a:72:f8:93:dd:06:0b:cc:00:9b:ae:a3:30:57:97:43:2b:5d:75:6d |
|
TLS 1.2 192.168.168.219:49248 37.48.80.112:443 |
C=US, O=Let's Encrypt, CN=E6 | CN=*.l3t5d01tr19ht.xyz | 9a:72:f8:93:dd:06:0b:cc:00:9b:ae:a3:30:57:97:43:2b:5d:75:6d |
|
TLS 1.2 192.168.168.219:49257 37.48.80.112:443 |
None | None | None |
Snort Alerts
No Snort Alerts
