Report - edgedl.me.gvt1.com/edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci

Report Overview

Visitedpublic

2025-01-19 12:15:22

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
edgedl.me.gvt1.com	129	2008-03-03	2021-04-02	2025-01-11	556 B	1.4 MB	34.104.35.123

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-19	medium	edgedl.me.gvt1.com/edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci_1.3.36.372/GoogleUpdateSetup.exe	TTP_Impersonating_Google_Updates_March2024

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

edgedl.me.gvt1.com/edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci_1.3.36.372/GoogleUpdateSetup.exe

IP / ASN

34.104.35.123

#396982 GOOGLE-CLOUD-PLATFORM

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Size1.4 MB (1376816 bytes)

MD55ca8a6f65bee09bd462585244e5f26da

SHA1b129cbe64dd9b0935232903dd8a269e492fb5c83

SHA25604e1927b30c01d99e56b812b9a1f04257aa7689d9712d29f94ff8a3bf3fff89b

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	TTP_Impersonating_Google_Updates_March2024

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET edgedl.me.gvt1.com/edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci_1.3.36.372/GoogleUpdateSetup.exe

34.104.35.123

200 OK

1.4 MB

URL

edgedl.me.gvt1.com/edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci_1.3.36.372/GoogleUpdateSetup.exe

IP / ASN

34.104.35.123

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2024-08-20

Last Seen2025-05-26

Times Seen9

Size1.4 MB (1376816 bytes)

MD55ca8a6f65bee09bd462585244e5f26da

SHA1b129cbe64dd9b0935232903dd8a269e492fb5c83

SHA25604e1927b30c01d99e56b812b9a1f04257aa7689d9712d29f94ff8a3bf3fff89b

Certificate Info

IssuerGoogle Trust Services

Subjectedgedl.me.gvt1.com

Fingerprint3A:62:75:02:56:4A:5B:3E:7B:FA:C6:2A:F5:1A:BC:BA:E6:E4:ED:DB

ValidityWed, 01 Jan 2025 05:40:33 GMT - Fri, 31 Jan 2025 06:36:28 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	TTP_Impersonating_Google_Updates_March2024

HTTP Headers

GET /edgedl/release2/update2/iqmnfy5ub2wrt6itb67uu4wcci_1.3.36.372/GoogleUpdateSetup.exe HTTP/1.1
Host: edgedl.me.gvt1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 8922e28d-fac8-4dcf-8dbe-1f724dd2b462
content-length: 1376816
date: Sun, 19 Jan 2025 03:05:43 GMT
age: 32954
last-modified: Wed, 10 Jan 2024 05:39:21 GMT
etag: "21f86e8"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
X-Firefox-Spdy: h2