Report - r3---sn-vgqsknze.gvt1.com/edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com

Report Overview

Submitted URL
r3---sn-vgqsknze.gvt1.com/edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com
IP
74.125.161.104
ASN
#15169 GOOGLE
Submitted
2024-04-23 10:28:03
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r3---sn-vgqsknze.gvt1.com	305098	2008-03-03	2022-06-05	2024-03-28	801 B	3.5 MB	74.125.161.104
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-22	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
r3---sn-vgqsknze.gvt1.com/edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com
IP
74.125.161.104
ASN
#15169 GOOGLE

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.5 MB (3540154 bytes)
Hash
fc6cf66cdff7c57d367b317505f086d1
01209f5f8f4d104917b6439f6107efbb38ccabd2
768ffe64a8efca991fce37d4cf35eb15b1cf2fdb2fa4773278a1bfce1e620046

Archive (3)

Filename

Md5

File type

libwidevinecdm.so

995a6544b32b7d06ac6159aad878a8a0

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

manifest.json

6d2ec667fecb9a64f987287cf34f31ff

JSON text data

LICENSE.txt

49ddb419d96dceb9069018535fb2e2fc

ASCII text

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	r3---sn-vgqsknze.gvt1.com/edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com	74.125.161.104	200 OK	3.5 MB
URL User Request GET HTTP/1.1 r3---sn-vgqsknze.gvt1.com/edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com IP 74.125.161.104:443 ASN #15169 GOOGLE Certificate IssuerGoogle Trust Services LLC Subject.c.docs.google.com Fingerprint6D:7D:79:1B:2A:53:90:00:60:42:78:46:75:80:C3:2A:F8:BF:1E:BB ValidityTue, 09 Apr 2024 14:31:07 GMT - Tue, 18 Jun 2024 14:31:06 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.5 MB (3540154 bytes) Hash fc6cf66cdff7c57d367b317505f086d1 01209f5f8f4d104917b6439f6107efbb38ccabd2 768ffe64a8efca991fce37d4cf35eb15b1cf2fdb2fa4773278a1bfce1e620046 HTTP Headers GET /edgedl/widevine-cdm/4.10.1440.18-linux-x64.zip?mh=_R&pl=27&shardbypass=sd&cm2rm=sn-qxosk76&req_id=64b9fbb43ef51251&cmsv=e&redirect_counter=2&rm=sn-vgqee67z&cms_redirect=yes&ipbypass=yes&mip=34.98.143.35&mm=34&mn=sn-vgqsknze&ms=ltu&mt=1713866853&mv=u&mvi=3&rmhost=r4---sn-vgqsknze.gvt1.com&smhost=r3---sn-vgqsknzl.gvt1.com HTTP/1.1 Host: r3---sn-vgqsknze.gvt1.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: public,max-age=86400 Content-Disposition: attachment Content-Length: 3540154 Content-Security-Policy: default-src 'none' Content-Type: application/zip Etag: "3ef8a4" Server: downloads X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Date: Tue, 23 Apr 2024 10:26:48 GMT Last-Modified: Wed, 19 Jun 2019 00:10:21 GMT Connection: keep-alive Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46" Vary: Origin

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=hGyQ-_h6S2-Ol0CrxMfjqKQNI_kPCXH6r_MRhtZFUrTgnyHv0vRGSmX1qQGc3bCtcMeuibWpYjDTuEFzOqw5PcNzEbsNKQsnKrI2j2FtAmCYzZHKXlJrRfW3PamJjgsF strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Tue, 23 Apr 2024 10:26:43 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 73 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers