IP 185.58.116.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.binotti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: https://www.amico-on-line.it/aol/home.asp
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDCCBBSAAQ=IOKPPAIDMGEBNIDKNNHIKJMA; path=/
X-Powered-By: ASP.NET
Date: Wed, 07 Jun 2023 01:33:51 GMT
ocsp06.actalis.it/VA/AUTHDV-G3
109.70.240.114 3.9 kB URL ocsp06.actalis.it/VA/AUTHDV-G3
IP 109.70.240.114:0
Hash 9ea39049afc32212b013b6bd65087750
95f0eb3966b2023153aaa7a0ec9e76aeb39cb1e6
985da4098cc4eef129e525bc23b525bf91f967f9bd0e1d4fe1f078d190ed5388
POST /VA/AUTHDV-G3 HTTP/1.1
Host: ocsp06.actalis.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: nginx
Date: Wed, 07 Jun 2023 01:33:56 GMT
Content-Type: application/ocsp-response
Content-Length: 3926
Connection: keep-alive
Last-Modified: Wed, 07 Jun 2023 00:05:49 GMT
Expires: Thu, 08 Jun 2023 00:05:48 GMT
ETag: "95f0eb3966b2023153aaa7a0ec9e76aeb39cb1e6"
www.amico-on-line.it/aol/home.asp
31.11.32.239 3.6 kB URL www.amico-on-line.it/aol/home.asp
IP 31.11.32.239:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (769), with CR line terminators
Hash 595fffc940cec25c9d2104cebec61f75
f1066b0c5838a587bbc1888700833719a583165c
5ec5caa54ca75d9b8e252f111a9fe7035f477647d5214d1876efd6e9ac55ae3d
GET /aol/home.asp HTTP/1.1
Host: www.amico-on-line.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: Private
Content-Type: text/html; Charset=iso-8859-1
Expires: Wed, 07 Jun 2023 01:33:56 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDAEBTCQBD=ONOEMIHDIAAOLONIMILDIPJC; secure; path=/
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Wed, 07 Jun 2023 01:33:55 GMT
Content-Length: 3621
www.binotti.com/programmi/cm10setup.exe
185.58.116.129200 OK 5.6 MB URL User Request GET HTTP/1.1 www.binotti.com/programmi/cm10setup.exe
IP 185.58.116.129:80
File type PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size 5.6 MB (5567688 bytes)
Hash cd02a9f6c236fe37f894dbf897167fe6
c095a9c799e68e62849e98b91023022364f4d386
f6c50b301d3b36aa4f29d8699554cfb2f24c5463b7a69bf1d2dcfc996e313326
Analyzer Verdict Alert VirusTotal 0/67
NIDS Severity Alert suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /programmi/cm10setup.exe HTTP/1.1
Host: www.binotti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Mon, 04 Mar 2019 10:45:57 GMT
Accept-Ranges: bytes
ETag: "73aa697377d2d41:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 07 Jun 2023 01:33:51 GMT
Content-Length: 5567688