See: https://urlquery.net/report/678d1019-02c1-4aa9-8c20-01037e5ba356 Client IP IDS alerts.
→ https://otx.alienvault.com/indicator/file/6332f0e5d6f6ef8adbd020257c66c4324d2d4d3f14992cf06e3917f41da25e33/
Nothing here: https://www.quttera.com/detailed_report/download.trusteer.com
and here: https://zulu.zscaler.com/submission/f794703c-50d1-4650-8a3b-f51da99fa92a
and here: https://virustotal.com/#/url/7be2cddbf7f58c7c08c5079ec17c1725713242dc2526421ea0bd2a197a9fc7bb/detection
DNS and cert. problems: https://threatintelligenceplatform.com/report/download.trusteer.com/ve8eQlwYOh
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Common name:
*.s3.amazonaws.com
SAN:
*.s3.amazonaws.com, s3.amazonaws.com Digi-Cert Baltimore CA-2 G2 & tested cert: .s3.amazonaws.com
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Unknown
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
Question - blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware ???
Read: https://lists.emergingthreats.net/pipermail/emerging-sigs/2011-August/015367.html
polonus (volunteer website security analyst and website error-hunter)