Overview

URL redirector.gvt1.com/edgedl/release2/chrome/Xrq7cZoMXhA_74.0.3729.169/74.0.3729.169_74.0.3729.157_chrome_updater.exe
IP172.217.21.174
ASNAS15169 Google Inc.
Location United States
Report completed2019-06-14 19:44:27 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-14 19:43:56 CEST 1  193.90.147.172 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.217.21.174

Date UQ / IDS / BL URL IP
2019-06-30 01:16:47 +0200
0 - 0 - 0 google.com 172.217.21.174
2019-06-30 01:09:12 +0200
0 - 0 - 0 https://youtu.be/gGeJzY4OSTs 172.217.21.174
2019-06-30 00:53:08 +0200
0 - 0 - 0 https://drive.google.com/uc?id=1-m2MXKUOJZHOS (...) 172.217.21.174
2019-06-30 00:38:38 +0200
0 - 0 - 0 https://youtu.be/eDMciq04_d8 172.217.21.174
2019-06-27 16:23:16 +0200
0 - 0 - 0 https://docs.google.com/ 172.217.21.174
2019-06-27 12:18:17 +0200
0 - 0 - 0 https://youtu.be/G9KFEh3ruLg 172.217.21.174
2019-06-26 23:10:32 +0200
0 - 0 - 1 https://google.com/url?q=https%3A%2F%2Foptimi (...) 172.217.21.174
2019-06-26 22:50:06 +0200
0 - 0 - 0 www.youtube.com/watch?v=T94R_oRBOtw 172.217.21.174
2019-06-26 22:15:55 +0200
0 - 0 - 0 https://goo.gl/x4kBBr 172.217.21.174
2019-06-26 16:24:35 +0200
0 - 0 - 0 https://goo.gl/bNDPfh 172.217.21.174

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2019-07-01 11:14:59 +0200
0 - 0 - 0 https://docs.google.com/forms/d/e/1FAIpQLSfZp (...) 216.58.207.206
2019-07-01 09:39:24 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt 216.58.211.1
2019-07-01 09:33:26 +0200
0 - 0 - 0 https://movieok4k.blogspot.com/2019/06/articl (...) 216.58.211.1
2019-07-01 09:28:48 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt/ 216.58.211.1
2019-07-01 09:19:18 +0200
0 - 0 - 1 https://bartuatenbe1974.blogspot.pt/ 216.58.207.193
2019-07-01 08:47:18 +0200
0 - 0 - 1 https://elmulrapan1981.blogspot.ca/ 216.58.207.225
2019-07-01 08:24:54 +0200
0 - 0 - 1 pacarama1983.blogspot.com 216.58.207.193
2019-07-01 08:19:22 +0200
0 - 1 - 0 mycricketlive.live 172.217.22.179
2019-07-01 07:21:49 +0200
0 - 0 - 0 fijisharkdiving.blogspot.com/2018/10/my-fiji- (...) 216.58.207.193
2019-07-01 06:37:59 +0200
0 - 0 - 0 ta.wow-auto-forms.appspot.com/bower_component (...) 216.58.211.148

No other reports on domain: gvt1.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (2)


Request Response
                                        
                                            GET /edgedl/release2/chrome/Xrq7cZoMXhA_74.0.3729.169/74.0.3729.169_74.0.3729.157_chrome_updater.exe HTTP/1.1 
Host: redirector.gvt1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.21.174
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 14 Jun 2019 17:43:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://r1---sn-8xouxav-vnas.gvt1.com/edgedl/release2/chrome/Xrq7cZoMXhA_74.0.3729.169/74.0.3729.169_74.0.3729.157_chrome_updater.exe?cms_redirect=yes&mip=77.40.129.123&mm=28&mn=sn-8xouxav-vnas&ms=nvh&mt=1560533371&mv=u&pl=20&shardbypass=yes
Server: ClientMapServer
Content-Length: 469
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  HTML document text
Size:   469
Md5:    8ce98da60502ff1c4def16d016482173
Sha1:   3970cd87c65bb14559dee512a5157f0ea901b594
Sha256: 6a25e833326f2bbf2c44361311d67eeb06ced93e0845ddf47894f32bd0ce6b5d
                                        
                                            GET /edgedl/release2/chrome/Xrq7cZoMXhA_74.0.3729.169/74.0.3729.169_74.0.3729.157_chrome_updater.exe?cms_redirect=yes&mip=77.40.129.123&mm=28&mn=sn-8xouxav-vnas&ms=nvh&mt=1560533371&mv=u&pl=20&shardbypass=yes HTTP/1.1 
Host: r1---sn-8xouxav-vnas.gvt1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         193.90.147.172
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Accept-Ranges: bytes
Content-Length: 506624
Etag: "3ad1af"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Fri, 14 Jun 2019 06:32:22 GMT
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Last-Modified: Tue, 21 May 2019 05:26:30 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  PE32+ executable for MS Windows (GUI) Mono/.Net assembly
Size:   506624
Md5:    120b8e8eb67052f76476f1438f2e2fe5
Sha1:   60e7af20de75cb63ba18cb1180d7474fd0d09901
Sha256: 23bc643c32661ccd3d381bf382fe9c4fee3f316f67d537f0c2b26f9bab7b47fc

Alerts:
  IDS:
    - ET POLICY PE EXE or DLL Windows file download HTTP