IP
ASN #20940 Akamai International B.V.
Hash 5c35a3180482afadf4e89f4cc249fa7b
8a088c184606fe3e4e0da8cd90b6eb5e6d30fb97
146fe131cf8436e3de4832a23b351400b4819dbd9b9716302248d3ab447f000c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "146FE131CF8436E3DE4832A23B351400B4819DBD9B9716302248D3AB447F000C"
Last-Modified: Sat, 15 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6934
Expires: Mon, 17 Jun 2024 15:06:50 GMT
Date: Mon, 17 Jun 2024 13:11:16 GMT
Connection: keep-alive
IP
ASN #20940 Akamai International B.V.
Hash 9d139a09a36fce99ece1fb963d49d2a9
a7d96d8755d02c7204c147daade1b1168a6ddb73
f9a59ebef1ee608c709b274e1c7be1320323232cdc79b17bdbf453a5a5aead09
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9A59EBEF1EE608C709B274E1C7BE1320323232CDC79B17BDBF453A5A5AEAD09"
Last-Modified: Mon, 17 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16579
Expires: Mon, 17 Jun 2024 17:47:36 GMT
Date: Mon, 17 Jun 2024 13:11:17 GMT
Connection: keep-alive
packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi
200 OK 6.5 MB URL User Request GET HTTP/2 packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi
IP
Certificate IssuerAmazon
Subject*.wazuh.com
FingerprintCF:4D:CE:24:A3:51:29:86:B2:45:74:77:BC:30:52:93:0E:1E:65:07
ValidityTue, 04 Jun 2024 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT
File type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Wazuh helps you to gain security visibility into your infrastructure by monitoring hosts at an operating system and application level. It provides the following capabilities: log analysis, file integrity monitoring, intrusions detection and policy and compliance monitoring, Author: Wazuh, Inc., Keywords: Installer, Comments: wazuh-agent, Template: Intel;1033, Revision Number: {CB60DD88-E320-4D22-B205-72A0C426CFC4}, Create Time/Date: Wed May 29 16:48:00 2024, Last Saved Time/Date: Wed May 29 16:48:00 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Size 6.5 MB (6524928 bytes)
Hash ddeac83317792be043f82a839dc58e9a
8c875718cc618eaca6ec727701a22feaa5ced5b0
fea6b6743f49b56b3910e654212c89e931dacae8b7bfeb9bb39c9809bb871df2
Analyzer Verdict Alert YARAhub by abuse.ch malware Detect files is `SliverFox` malware
GET /4.x/windows/wazuh-agent-4.7.5-1.msi HTTP/1.1
Host: packages.wazuh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 6524928
last-modified: Thu, 30 May 2024 14:51:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: JpxxMv9XYWn_DOIIwaAsEQl.doctLEB8
accept-ranges: bytes
server: AmazonS3
date: Mon, 17 Jun 2024 04:00:08 GMT
etag: "ddeac83317792be043f82a839dc58e9a"
x-cache: Hit from cloudfront
via: 1.1 a75b33507c98ec56d93666d653f76f76.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN53-P1
x-amz-cf-id: oc32nHbEB7BVh6WTOmFE8RJ6MQj1hB6Hb78JUhPEIPoOoU3An8t9jg==
age: 33070
X-Firefox-Spdy: h2
IP
ASN #20940 Akamai International B.V.
Hash ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20267
Expires: Mon, 17 Jun 2024 18:49:07 GMT
Date: Mon, 17 Jun 2024 13:11:20 GMT
Connection: keep-alive
IP
ASN #20940 Akamai International B.V.
Hash ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20267
Expires: Mon, 17 Jun 2024 18:49:07 GMT
Date: Mon, 17 Jun 2024 13:11:20 GMT
Connection: keep-alive
IP
ASN #20940 Akamai International B.V.
Hash ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20267
Expires: Mon, 17 Jun 2024 18:49:07 GMT
Date: Mon, 17 Jun 2024 13:11:20 GMT
Connection: keep-alive
IP
ASN #20940 Akamai International B.V.
Hash ede0b27def700f18bb6d4eb4c1d97352
c802c366cb2eee6b9339349aa21677fdb1bd5fa5
18ffb58da62f40b37a43b0baaceefe8bc3ef83ccdf9ee19ff874ccb0d802c9f2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18FFB58DA62F40B37A43B0BAACEEFE8BC3EF83CCDF9EE19FF874CCB0D802C9F2"
Last-Modified: Sat, 15 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20267
Expires: Mon, 17 Jun 2024 18:49:07 GMT
Date: Mon, 17 Jun 2024 13:11:20 GMT
Connection: keep-alive
3.164.230.32
23.36.77.32