Report - edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq

Report Overview

Visitedpublic

2024-09-10 20:06:56

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-09 18:12:09	1.3 kB	3.6 kB	23.36.77.32
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-09 18:24:06	662 B	1.4 kB	216.58.211.3
edgedl.me.gvt1.com	129	2008-03-03	2021-04-03 00:39:57	2024-09-09 19:06:03	555 B	8.9 MB	34.104.35.123
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-09 18:12:09	327 B	887 B	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-09-10	medium	edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe	meth_get_eip

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe

IP / ASN

34.104.35.123

#396982 GOOGLE-CLOUD-PLATFORM

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

Size8.9 MB (8917384 bytes)

MD5c83c1682023df84e4b5ff73464e933ba

SHA1397327ba74e9c6791543a08bbb6c6a445a8f3498

SHA25678f0e961eb8bc27f33ead2214157d1f97136ef357c254d91fd0859266ade90f8

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-08

Last Seen2024-09-19

Times Seen25465

Size504 B (504 bytes)

MD585b35ef8e54cfd751670f6a6d56541bd

SHA1162e94ccf2a785ea99c41f45c3a76815a2f8ae5f

SHA2563f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D"
Last-Modified: Sun, 08 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17684
Expires: Wed, 11 Sep 2024 01:01:13 GMT
Date: Tue, 10 Sep 2024 20:06:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen23843

Size504 B (504 bytes)

MD56bd7ab339c70a2fbeee4c8c0acd11d01

SHA1d73d3395447b2a06e32c1e3efb673107259de9d2

SHA256fdfd7bc2cf6ecc38fb1098f0fdb33cc28a034bb850556c8be63823f4c4718be2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FDFD7BC2CF6ECC38FB1098F0FDB33CC28A034BB850556C8BE63823F4C4718BE2"
Last-Modified: Tue, 10 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3085
Expires: Tue, 10 Sep 2024 20:57:54 GMT
Date: Tue, 10 Sep 2024 20:06:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen8473

Size504 B (504 bytes)

MD5c02cbc5c5d1b0406dcc246d4bd1a6d2b

SHA14926c8ef9661a0a06ddca8476543ba0016f6db23

SHA2566d53e4415d0c45468d4481cf09e5ea095019a86af85ccd64064eb060ab802455

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6D53E4415D0C45468D4481CF09E5EA095019A86AF85CCD64064EB060AB802455"
Last-Modified: Tue, 10 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12402
Expires: Tue, 10 Sep 2024 23:33:12 GMT
Date: Tue, 10 Sep 2024 20:06:30 GMT
Connection: keep-alive

o.pki.goog/s/wr3/CPQ

216.58.211.3

471 B

URL HTTP

o.pki.goog/s/wr3/CPQ

IP / ASN

216.58.211.3

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen3

Size471 B (471 bytes)

MD52f144cdc043d1e8f915fcac2a7f66b8b

SHA19e031fd0cfed14d49a0aaf6ded4b374219db3a5a

SHA256da87c13b00a820ca790efdfaa73d8f8e1ae9e52fe0c34ff0e9ecd22577a69802

HTTP Headers

POST /s/wr3/CPQ HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Sep 2024 20:06:30 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen14499

Size504 B (504 bytes)

MD549e3d04c2eb4d704e7e7c90e2dc519c0

SHA133f04bc1c596585870c7b00e24bf9bef4d01dc8e

SHA2561a381b926d3ed1420dc33ec68eb8ff332a94ff175191a0564c07552b80c7a3d7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A381B926D3ED1420DC33EC68EB8FF332A94FF175191A0564C07552B80C7A3D7"
Last-Modified: Tue, 10 Sep 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7904
Expires: Tue, 10 Sep 2024 22:18:14 GMT
Date: Tue, 10 Sep 2024 20:06:30 GMT
Connection: keep-alive

o.pki.goog/s/wr3/CPQ

216.58.211.3

471 B

URL HTTP

o.pki.goog/s/wr3/CPQ

IP / ASN

216.58.211.3

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen3

Size471 B (471 bytes)

MD52f144cdc043d1e8f915fcac2a7f66b8b

SHA19e031fd0cfed14d49a0aaf6ded4b374219db3a5a

SHA256da87c13b00a820ca790efdfaa73d8f8e1ae9e52fe0c34ff0e9ecd22577a69802

HTTP Headers

POST /s/wr3/CPQ HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 10 Sep 2024 20:06:30 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe

34.104.35.123

200 OK

8.9 MB

URL User Request GET HTTPS

edgedl.me.gvt1.com/edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe

IP / ASN

34.104.35.123

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 6 sections

First Seen2024-08-31

Last Seen2024-10-15

Times Seen40

Size8.9 MB (8917384 bytes)

MD5c83c1682023df84e4b5ff73464e933ba

SHA1397327ba74e9c6791543a08bbb6c6a445a8f3498

SHA25678f0e961eb8bc27f33ead2214157d1f97136ef357c254d91fd0859266ade90f8

Certificate Info

IssuerGoogle Trust Services

Subjectedgedl.me.gvt1.com

Fingerprint45:D1:46:B7:F7:8E:0D:F0:30:17:12:80:A5:29:86:E5:E5:75:A8:C8

ValidityWed, 04 Sep 2024 13:32:32 GMT - Fri, 04 Oct 2024 14:28:28 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

HTTP Headers

GET /edgedl/release2/update2/ad3h35sdfjpqd7p3hbjtlw6nsftq_130.0.6679.0/UpdaterSetup.exe HTTP/1.1
Host: edgedl.me.gvt1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: bc087561-d316-43cf-85d4-097fe41ea8f7
content-length: 8917384
date: Mon, 09 Sep 2024 23:04:10 GMT
age: 75740
last-modified: Mon, 26 Aug 2024 10:25:05 GMT
etag: "3085318"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-10

Last Seen2024-09-19

Times Seen11566

Size504 B (504 bytes)

MD59166ec047d1a1a5f81e7d3837eabbc9a

SHA17ed1e5b331a854776d5c422d2ded1329b74c7044

SHA25663274b199d0425d6b2283c6a23df2ab604b62be6614d18b74decff86727eb1ca

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "63274B199D0425D6B2283C6A23DF2AB604B62BE6614D18B74DECFF86727EB1CA"
Last-Modified: Tue, 10 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7995
Expires: Tue, 10 Sep 2024 22:19:47 GMT
Date: Tue, 10 Sep 2024 20:06:32 GMT
Connection: keep-alive