Report - 89.106.20.202/d/msdownload/update/software/defu/2025/09/am_delta_patch_1.435.600.0_24a329dae6c0724f072ed736cc14a0b43a4f009a.exe?cacheHostOrigin=4.au.download.windowsupdate.com

Report Overview

Visitedpublic

2025-09-08 12:18:27

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
89.106.20.202	unknown	unknown	No data	No data	1.2 kB	3.1 MB	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-09-08 12:18:08	medium	89.106.20.202	Client IP	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
YARAhub by abuse.ch	89.106.20.202/d/msdownload/update/software/defu/2025/09/am_delta_patch_1.435.600.0_24a329dae6c0724f072ed736cc14a0b43a4f009a.exe?cacheHostOrigin=4.au.download.windowsupdate.com	malware	meth_stackstrings
Quad9 DNS	89.106.20.202	malicious	Sinkholed

File detected

URL

89.106.20.202/d/msdownload/update/software/defu/2025/09/am_delta_patch_1.435.600.0_24a329dae6c0724f072ed736cc14a0b43a4f009a.exe?cacheHostOrigin=4.au.download.windowsupdate.com

IP / ASN

89.106.20.202

#39582 Grid Telekomunikasyon Hizmetleri AS

File Overview

File TypePE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Size3.1 MB (3094944 bytes)

MD5032753f8c26cd1aa20d06b1954f3f220

SHA17c6e089bd90a1d3f25d92b0f12c97df076b72f76

SHA256a1e5fa7f70e935689bbd0efff6e0f0c846763006389572435a4ed42a451a1c90

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size