Overview

URL redirector.gvt1.com/edgedl/release2/chrome/AMrRQuNQHFRt_76.0.3801.0/76.0.3801.0_76.0.3800.2_chrome_updater.exe
IP172.217.21.174
ASNAS15169 Google Inc.
Location United States
Report completed2019-05-21 15:21:26 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-21 15:20:54 CEST 1  193.90.147.77 Client IP ET POLICY PE EXE or DLL Windows file download HTTP
2019-05-21 15:20:54 CEST 3  193.90.147.77 Client IP ET INFO Packed Executable Download


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 172.217.21.174

Date UQ / IDS / BL URL IP
2019-06-20 10:09:26 +0200
0 - 0 - 0 google.com 172.217.21.174
2019-06-20 01:24:25 +0200
0 - 0 - 0 https://sites.google.com/view/seriehulu/ 172.217.21.174
2019-06-19 08:50:58 +0200
0 - 0 - 0 https://www.youtube.com/channel/UCbfpcckSO1pe (...) 172.217.21.174
2019-06-18 23:51:52 +0200
0 - 0 - 0 https://drive.google.com/file/d/14roM31m_KMpe (...) 172.217.21.174
2019-06-17 18:37:13 +0200
0 - 0 - 0 https://drive.google.com/file/d/1eVDE5eBPwAaT (...) 172.217.21.174
2019-06-17 17:53:49 +0200
0 - 0 - 0 https://drive.google.com/file/d/1V9QzC6GBU0Gi (...) 172.217.21.174
2019-06-17 10:21:26 +0200
0 - 0 - 0 https://youtu.be/hTu3yjPE_sI 172.217.21.174
2019-06-17 10:04:55 +0200
0 - 0 - 0 https://youtu.be/8d-4L7SlN6A 172.217.21.174
2019-06-15 11:30:00 +0200
0 - 0 - 0 https://youtu.be/He9T1OT8Z7o 172.217.21.174
2019-06-15 11:24:31 +0200
0 - 0 - 0 https://youtu.be/0p2M8ac6E2c 172.217.21.174

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2019-06-20 18:01:19 +0200
0 - 0 - 0 jacitco.com 23.236.62.147
2019-06-20 17:57:33 +0200
0 - 2 - 0 https://qrgo.page.link/adqw5 172.217.21.142
2019-06-20 17:40:29 +0200
0 - 0 - 0 awok.com 104.155.42.186
2019-06-20 17:34:23 +0200
0 - 0 - 0 https://youtu.be/FQ-vG0SiLs4 216.58.211.14
2019-06-20 17:10:43 +0200
0 - 0 - 0 https://sites.google.com/view/promoshd/beranda 216.58.207.206
2019-06-20 16:52:20 +0200
0 - 0 - 0 https://sites.google.com/view/srie-tlvise-de- (...) 216.58.207.206
2019-06-20 16:30:03 +0200
0 - 0 - 2 urisailing.org/Rechnung/FHV2J03P/ 104.197.69.102
2019-06-20 16:28:02 +0200
0 - 1 - 0 site9552191.92.webydo.com/ 130.211.204.68
2019-06-20 16:19:01 +0200
0 - 0 - 0 https://kledeungsari.com 104.197.104.56
2019-06-20 16:09:08 +0200
0 - 0 - 0 https://sites.google.com/view/serie-tv-comple (...) 172.217.20.46

No other reports on domain: gvt1.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (2)


Request Response
                                        
                                            GET /edgedl/release2/chrome/AMrRQuNQHFRt_76.0.3801.0/76.0.3801.0_76.0.3800.2_chrome_updater.exe HTTP/1.1 
Host: redirector.gvt1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         172.217.21.174
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 21 May 2019 13:20:54 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://r2---sn-8xouxav-vnal.gvt1.com/edgedl/release2/chrome/AMrRQuNQHFRt_76.0.3801.0/76.0.3801.0_76.0.3800.2_chrome_updater.exe?cms_redirect=yes&mip=77.40.129.123&mm=28&mn=sn-8xouxav-vnal&ms=nvh&mt=1558444767&mv=m&pl=17&shardbypass=yes
Server: ClientMapServer
Content-Length: 464
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  HTML document text
Size:   464
Md5:    c74246398edc06b634b43b066b0a11ce
Sha1:   01f37a42926e53ddd6724dac4c28e30e36a2059b
Sha256: 8164e1e1db8ef470867d1c8924769c4b96a350d38e04afb07529028252adf250
                                        
                                            GET /edgedl/release2/chrome/AMrRQuNQHFRt_76.0.3801.0/76.0.3801.0_76.0.3800.2_chrome_updater.exe?cms_redirect=yes&mip=77.40.129.123&mm=28&mn=sn-8xouxav-vnal&ms=nvh&mt=1558444767&mv=m&pl=17&shardbypass=yes HTTP/1.1 
Host: r2---sn-8xouxav-vnal.gvt1.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         193.90.147.77
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Accept-Ranges: bytes
Content-Length: 1495808
Etag: "3ad51d"
Server: downloads
Vary: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Tue, 21 May 2019 10:50:08 GMT
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Last-Modified: Tue, 21 May 2019 09:06:19 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1495808
Md5:    a290e179c8307a33c35d880778c2575d
Sha1:   6024cd6c1ce3816e21ddd0b9da5dfa69b2f4f717
Sha256: e6adb63ed84c444f34beb784e24a4989481de5611b25b0fcf32e726a7048aa9f

Alerts:
  IDS:
    - ET POLICY PE EXE or DLL Windows file download HTTP
    - ET INFO Packed Executable Download