Report - 13.64.77.223/c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com

Report Overview

Visitedpublic

2024-10-01 15:57:53

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-30 18:12:17	1.3 kB	3.6 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-30 18:12:04	1.6 kB	4.4 kB	23.36.77.32
13.64.77.223	unknown	unknown	No data	No data	542 B	3.5 MB	13.64.77.223

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-01	medium	13.64.77.223/c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com	meth_stackstrings

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-01	medium	13.64.77.223	Sinkholed

ThreatFox

No alerts detected

File detected

URL

13.64.77.223/c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com

IP / ASN

13.64.77.223

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File Overview

File TypePE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Size3.5 MB (3507704 bytes)

MD5945cd2628cd37c52169138570a47cc56

SHA191e36dc676e49810204a1d82c7e9640c25df1543

SHA25659e170e5aca2347617710a86487b83286941bda0e474295d83c7fcb4fc97548d

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-01

Last Seen2024-10-04

Times Seen13976

Size504 B (504 bytes)

MD59e96f1dff1bb5e6784958d21556e4a06

SHA1d4cb719b5fe9714d59866434ca13c389776a09f3

SHA25601b80c0b028333e119cbc3799424875028f0548b6e95d94e7738874c59883c00

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "01B80C0B028333E119CBC3799424875028F0548B6E95D94E7738874C59883C00"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2188
Expires: Tue, 01 Oct 2024 16:33:55 GMT
Date: Tue, 01 Oct 2024 15:57:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-01

Last Seen2024-10-04

Times Seen1373

Size504 B (504 bytes)

MD5c6642e3a07a3dd4b658150952a810fc2

SHA13fc0585970d83ec5ada396b19065d55d08aa0922

SHA2569faf8e5ee99f645f0c1cd7d715225894efc5864c0466a46206b40bfd875e4be6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9FAF8E5EE99F645F0C1CD7D715225894EFC5864C0466A46206B40BFD875E4BE6"
Last-Modified: Tue, 01 Oct 2024 04:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4969
Expires: Tue, 01 Oct 2024 17:20:16 GMT
Date: Tue, 01 Oct 2024 15:57:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-01

Last Seen2024-10-04

Times Seen3259

Size504 B (504 bytes)

MD5280abd583680094ddddb480769f3f61b

SHA126caab6dbbf50ba7442d0e3bd1c4a81b5e6d9236

SHA2568fc210d2f8ca54ae085b92a142cce3621730daf7a76e83076630e20d18f789cd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8FC210D2F8CA54AE085B92A142CCE3621730DAF7A76E83076630E20D18F789CD"
Last-Modified: Tue, 01 Oct 2024 04:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13559
Expires: Tue, 01 Oct 2024 19:43:26 GMT
Date: Tue, 01 Oct 2024 15:57:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-01

Last Seen2024-10-04

Times Seen9948

Size504 B (504 bytes)

MD55e3f6fc68f86be07d377aea0e7496870

SHA19d1005d0782906dfdfe4217125b907b86a22b530

SHA256c6309b6effe12dabaacc99df66e13fba72de8198e5bccf67198400576e3158da

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C6309B6EFFE12DABAACC99DF66E13FBA72DE8198E5BCCF67198400576E3158DA"
Last-Modified: Mon, 30 Sep 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10098
Expires: Tue, 01 Oct 2024 18:45:45 GMT
Date: Tue, 01 Oct 2024 15:57:27 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-30

Last Seen2024-10-04

Times Seen11739

Size504 B (504 bytes)

MD51ea0135b97b2fe570ff2a7922d0de74d

SHA1b8cc6287fc3ed63eb3295b95d37b983f8029971e

SHA256281373207c8277d4833ee0f9fa7d7043ed2e3a850659dfecb7851feb81452bb0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "281373207C8277D4833EE0F9FA7D7043ED2E3A850659DFECB7851FEB81452BB0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4644
Expires: Tue, 01 Oct 2024 17:14:53 GMT
Date: Tue, 01 Oct 2024 15:57:29 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-30

Last Seen2024-10-04

Times Seen11739

Size504 B (504 bytes)

MD51ea0135b97b2fe570ff2a7922d0de74d

SHA1b8cc6287fc3ed63eb3295b95d37b983f8029971e

SHA256281373207c8277d4833ee0f9fa7d7043ed2e3a850659dfecb7851feb81452bb0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "281373207C8277D4833EE0F9FA7D7043ED2E3A850659DFECB7851FEB81452BB0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4644
Expires: Tue, 01 Oct 2024 17:14:53 GMT
Date: Tue, 01 Oct 2024 15:57:29 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-30

Last Seen2024-10-04

Times Seen11739

Size504 B (504 bytes)

MD51ea0135b97b2fe570ff2a7922d0de74d

SHA1b8cc6287fc3ed63eb3295b95d37b983f8029971e

SHA256281373207c8277d4833ee0f9fa7d7043ed2e3a850659dfecb7851feb81452bb0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "281373207C8277D4833EE0F9FA7D7043ED2E3A850659DFECB7851FEB81452BB0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4644
Expires: Tue, 01 Oct 2024 17:14:53 GMT
Date: Tue, 01 Oct 2024 15:57:29 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-30

Last Seen2024-10-04

Times Seen11739

Size504 B (504 bytes)

MD51ea0135b97b2fe570ff2a7922d0de74d

SHA1b8cc6287fc3ed63eb3295b95d37b983f8029971e

SHA256281373207c8277d4833ee0f9fa7d7043ed2e3a850659dfecb7851feb81452bb0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "281373207C8277D4833EE0F9FA7D7043ED2E3A850659DFECB7851FEB81452BB0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4644
Expires: Tue, 01 Oct 2024 17:14:53 GMT
Date: Tue, 01 Oct 2024 15:57:29 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-30

Last Seen2024-10-04

Times Seen11739

Size504 B (504 bytes)

MD51ea0135b97b2fe570ff2a7922d0de74d

SHA1b8cc6287fc3ed63eb3295b95d37b983f8029971e

SHA256281373207c8277d4833ee0f9fa7d7043ed2e3a850659dfecb7851feb81452bb0

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "281373207C8277D4833EE0F9FA7D7043ED2E3A850659DFECB7851FEB81452BB0"
Last-Modified: Mon, 30 Sep 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4644
Expires: Tue, 01 Oct 2024 17:14:53 GMT
Date: Tue, 01 Oct 2024 15:57:29 GMT
Connection: keep-alive

GET 13.64.77.223/c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com

13.64.77.223

200 OK

3.5 MB

URL User Request GET HTTP

13.64.77.223/c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com

IP / ASN

13.64.77.223

#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested byN/A

Resource Info

File typePE32+ executable (GUI) x86-64, for MS Windows, 6 sections

First Seen2024-10-01

Last Seen2024-10-04

Times Seen4

Size3.5 MB (3507704 bytes)

MD5945cd2628cd37c52169138570a47cc56

SHA191e36dc676e49810204a1d82c7e9640c25df1543

SHA25659e170e5aca2347617710a86487b83286941bda0e474295d83c7fcb4fc97548d

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_stackstrings
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c/msdownload/update/software/defu/2024/10/am_delta_patch_1.419.281.0_91e36dc676e49810204a1d82c7e9640c25df1543.exe?cacheHostOrigin=au.download.windowsupdate.com HTTP/1.1
Host: 13.64.77.223
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Oct 2024 15:57:28 GMT
Content-Type: application/octet-stream
Content-Length: 3507704
Connection: keep-alive
Cache-Control: public,max-age=172800
Last-Modified: Tue, 01 Oct 2024 11:35:44 GMT
Age: 4162
Via: 1.1 varnish
X-Served-By: cache-pao-kpao1770067-PAO
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1727787523.441273,VS0,VE1
X-CID: 10004
X-CCC: acda2ed2-50dd-461a-96f6-1ce4095d6948
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache-Status: HIT
Accept-Ranges: bytes