| cert-agid.gov.it/download/log4shell-iocs.txt |  93.147.186.162 | 200 OK | 960 kB |
URL User Request GET HTTP/1.1cert-agid.gov.it/download/log4shell-iocs.txt IP93.147.186.162:443 ASN#30722 Vodafone Italia S.p.A.
CertificateIssuerLet's Encrypt Subjectcert-agid.gov.it Fingerprint4F:F0:75:AB:55:AC:13:28:22:FC:9F:F2:9A:E6:19:07:7F:87:F7:45 ValidityFri, 15 Sep 2023 13:42:05 GMT - Thu, 14 Dec 2023 13:42:04 GMT
File typeJSON data\012- , ASCII text Size960 kB (959618 bytes) Hash431b6bbf92fbe5bfc742f297bf19f6e7 3593b7c0cf8c6ee9cff479c6e0e3c5b57a0f6da5 01eb3542e9e6aa0887cd60d90c3f385adb481aa55b8b54e78b2541e130c84f50
| Analyzer | Verdict | Alert |
|---|
| Public Nextron YARA rules | malware | Detects JNDI Exploit Kit patterns in files | | Public Nextron YARA rules | malware | Detects base64 encoded strings found in payloads of exploits against log4j CVE-2021-44228 | | Public Nextron YARA rules | malware | Detects indicators of JDNI usage in log files and other payloads |
GET /download/log4shell-iocs.txt HTTP/1.1
Host: cert-agid.gov.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 03:55:38 GMT
Content-Type: text/plain
Content-Length: 959618
Last-Modified: Fri, 14 Oct 2022 09:25:26 GMT
Connection: keep-alive
ETag: "63492b06-ea482"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
|
| cert-agid.gov.it/favicon.ico | 93.147.186.162 | 200 OK | 2.2 kB |
URL GET HTTP/1.1cert-agid.gov.it/favicon.ico IP93.147.186.162:443 ASN#30722 Vodafone Italia S.p.A.
Requested byhttps://cert-agid.gov.it/download/log4shell-iocs.txt CertificateIssuerLet's Encrypt Subjectcert-agid.gov.it Fingerprint4F:F0:75:AB:55:AC:13:28:22:FC:9F:F2:9A:E6:19:07:7F:87:F7:45 ValidityFri, 15 Sep 2023 13:42:05 GMT - Thu, 14 Dec 2023 13:42:04 GMT
File typeMS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data Hash089f393733f65ae81cc06fd2eebad812 9fb291ce00f0cad86e1fe7e35eac0b3c18c17828 21fbda558e170e162752f486c6db8753ca366ef4f6d8e95cc2768664e134240c
GET /favicon.ico HTTP/1.1
Host: cert-agid.gov.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cert-agid.gov.it/download/log4shell-iocs.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Oct 2023 03:55:38 GMT
Content-Type: image/x-icon
Content-Length: 2238
Last-Modified: Mon, 20 Apr 2020 08:09:19 GMT
Connection: keep-alive
ETag: "5e9d58af-8be"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
|