The alert SOC133 Suspicious Request to New Registered Domain triggered after host KatharinePRD accessed the domain amesiana.com, which was registered one day prior. Analysis shows a single connection with no further suspicious activity or follow-on requests.
Feb 28 2021 07:57 PM
Host KatharinePRD (172.16.15.78), user Leo, connected to amesiana.com (23.227.38.71)
The alert was triggered because the domain was newly registered, which can indicate potential malicious infrastructure. However, investigation shows no malicious indicators. VirusTotal and IP reputation checks are clean, no additional connections were observed, and no evidence of phishing or malware delivery was found. The activity is classified as a false positive.
T1583.001 Acquire Infrastructure Domains Newly registered domain characteristic often used by attackers (contextual only, no confirmed malicious use)