🐾 - 🚨 Suspicious Zero SSL Certificate for public ip address

SID: 3301120Rev: 26 views
Sourcepawpatrules
CreatedJanuary 13, 2024
UpdatedFebruary 21, 2024
Classificationbad-unknown
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious Zero SSL Certificate for public ip address"; flow:to_client, stateless; tls.cert_issuer; content:"C=AT"; content:"O=ZeroSSL"; content:"CN=ZeroSSL RSA Domain Secure Site CA"; fast_pattern; tls.cert_subject; content:"CN="; pcre:"/CN=[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/"; reference:url,https://zerossl.com/; metadata:created_at 2024_01_13, updated_at 2024_02_21; sid:3301120; rev:2; classtype:bad-unknown;)

References

urlhttps://zerossl.com/

Metadata

created at2024_01_13
updated at2024_02_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!