| inkcentergroup.it/bin/put5.exe | 62.149.128.74 | 302 Moved Temporarily | 138 B |
URL User Request GET HTTP/1.1inkcentergroup.it/bin/put5.exe IP62.149.128.74:80
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /bin/put5.exe HTTP/1.1
Host: inkcentergroup.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 10 Jun 2023 14:52:44 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://www.inkcentergroup.it/bin/put5.exe
X-ServerName: redirposta02.ad.aruba.it
|
| ocsp06.actalis.it/VA/AUTHDV-G3 | 109.70.240.114 | | 3.9 kB |
URL ocsp06.actalis.it/VA/AUTHDV-G3 IP109.70.240.114:0
Hash5ededb75ec6d5c867f382d15bdf9c767 d886cc91991a734cd3558c4c4e43052e803cf1cb 24b4e88a35f09aa94938ca54f90f721192146a2d92dd0db822d8343e49a5a562
POST /VA/AUTHDV-G3 HTTP/1.1
Host: ocsp06.actalis.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: nginx
Date: Sat, 10 Jun 2023 14:52:44 GMT
Content-Type: application/ocsp-response
Content-Length: 3926
Connection: keep-alive
Last-Modified: Sat, 10 Jun 2023 13:25:51 GMT
Expires: Sun, 11 Jun 2023 13:25:50 GMT
ETag: "d886cc91991a734cd3558c4c4e43052e803cf1cb"
|
| www.inkcentergroup.it/bin/put5.exe | 89.46.104.12 | 403 Forbidden | 168 B |
URL User Request GET HTTP/2www.inkcentergroup.it/bin/put5.exe IP89.46.104.12:443
CertificateIssuerActalis S.p.A. Subject*.inkcentergroup.it Fingerprint23:0E:4C:BE:19:C6:CA:BB:99:D5:F0:5B:AF:FC:CF:E6:7C:15:FC:D9 ValidityTue, 28 Mar 2023 03:21:57 GMT - Sat, 27 Apr 2024 03:21:56 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash82f04704c04c2706b1b96a73be2ff3a9 8cd210a378b7f54ce8945cdf1c7ce1f696171eee ede97dbf06b3e703cd950b3591a29351ce9b24eccab58b1a913b3c7e4571bf02
NIDS | Severity | Alert | suricata | medium | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile |
GET /bin/put5.exe HTTP/1.1
Host: www.inkcentergroup.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: aruba-proxy
Date: Sat, 10 Jun 2023 14:52:44 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Location: https://www.inkcentergroup.it/bin/put5.exe
X-ServerName: ipvsproxy01.ad.aruba.it
|
| www.inkcentergroup.it/favicon.ico | 89.46.104.12 | 404 Not Found | 1.6 kB |
URL GET HTTP/2www.inkcentergroup.it/favicon.ico IP89.46.104.12:443
Requested byhttps://www.inkcentergroup.it/bin/put5.exe CertificateIssuerActalis S.p.A. Subject*.inkcentergroup.it Fingerprint23:0E:4C:BE:19:C6:CA:BB:99:D5:F0:5B:AF:FC:CF:E6:7C:15:FC:D9 ValidityTue, 28 Mar 2023 03:21:57 GMT - Sat, 27 Apr 2024 03:21:56 GMT
File typeASCII text, with very long lines (1663), with no line terminators Hash6b559fe56a22a1e74e420a93adabf6ab 03ac2518e7d32010f0a3bfb455ec0fdf258f5e2e 83bcffeb02e3a5aec15e4492ea0142b981060a27a5bc6a81951ccd019b9b67d4
GET /favicon.ico HTTP/1.1
Host: www.inkcentergroup.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.inkcentergroup.it/bin/put5.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: aruba-proxy
date: Sat, 10 Jun 2023 14:52:45 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|