Report - r5---sn-qxo7rn7y.gvt1.com/edgedl/widevine-cdm/903-win-ia32.zip?mh=8q&pl=27&shardbypass=sd&redirect_counter=1&rm=sn-qxosd7z&req_id=c340b981130a3be2&cms_redirect=yes&ipbypass=yes&mip=107.178.194.69&mm=28&mn=sn-qxo7rn7y&ms=nvh&mt=1694976760&mv=u&mvi=5&rmhost=r3---sn-qxo7rn7y.gvt1.com&smhost=r4---sn-qxo7rn7k.gvt1.com

Report Overview

Visitedpublic

2023-09-17 19:13:23

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-16 18:12:02	666 B	1.4 kB	142.250.74.131
r5---sn-qxo7rn7y.gvt1.com	unknown	2008-03-03	2023-07-08 09:44:01	2023-09-17 05:37:53	770 B	2.9 MB	173.194.55.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

IP / ASN

173.194.55.74

#15169 GOOGLE

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate\012- data

Size2.9 MB (2884452 bytes)

MD5da2a77150c34d5bf176e065a46a540c0

SHA112c999696b2fa60318748802564bd7b303d8acdb

SHA256d4f23dffdbaafe4b2e60dc772ce70b42e7b5f420191da1dd71b385aa15e44d77

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.131

470 B

URL

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-09-16

Last Seen2023-09-17

Times Seen29

Size470 B (470 bytes)

MD5ee16614d44a2596badddefb16bd55764

SHA16d83bf812b327d6e26960292a8c8f144bc0c2fb9

SHA2566d725f5e4487b6c7bed5517ea0132591e5900c054b9cc624ada8b311425f7505

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 17 Sep 2023 19:13:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

470 B

URL

ocsp.pki.goog/gts1c3

IP / ASN

142.250.74.131

#15169 GOOGLE

Requested byN/A

Resource Info

File typedata

First Seen2023-09-16

Last Seen2023-09-17

Times Seen29

Size470 B (470 bytes)

MD5ee16614d44a2596badddefb16bd55764

SHA16d83bf812b327d6e26960292a8c8f144bc0c2fb9

SHA2566d725f5e4487b6c7bed5517ea0132591e5900c054b9cc624ada8b311425f7505

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 17 Sep 2023 19:13:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET r5---sn-qxo7rn7y.gvt1.com/edgedl/widevine-cdm/903-win-ia32.zip?mh=8q&pl=27&shardbypass=sd&redirect_counter=1&rm=sn-qxosd7z&req_id=c340b981130a3be2&cms_redirect=yes&ipbypass=yes&mip=107.178.194.69&mm=28&mn=sn-qxo7rn7y&ms=nvh&mt=1694976760&mv=u&mvi=5&rmhost=r3---sn-qxo7rn7y.gvt1.com&smhost=r4---sn-qxo7rn7k.gvt1.com

173.194.55.74

200 OK

2.9 MB

URL

IP / ASN

173.194.55.74

#15169 GOOGLE

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate\012- data

First Seen2023-07-06

Last Seen2025-04-05

Times Seen221

Size2.9 MB (2884452 bytes)

MD5da2a77150c34d5bf176e065a46a540c0

SHA112c999696b2fa60318748802564bd7b303d8acdb

SHA256d4f23dffdbaafe4b2e60dc772ce70b42e7b5f420191da1dd71b385aa15e44d77

Certificate Info

IssuerGoogle Trust Services LLC

Subject*.c.docs.google.com

FingerprintB4:56:6D:14:36:8F:25:E6:01:87:8E:FC:A3:3D:14:7D:2A:89:15:05

ValidityTue, 29 Aug 2023 11:05:44 GMT - Tue, 07 Nov 2023 11:05:43 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

HTTP Headers

GET /edgedl/widevine-cdm/903-win-ia32.zip?mh=8q&pl=27&shardbypass=sd&redirect_counter=1&rm=sn-qxosd7z&req_id=c340b981130a3be2&cms_redirect=yes&ipbypass=yes&mip=107.178.194.69&mm=28&mn=sn-qxo7rn7y&ms=nvh&mt=1694976760&mv=u&mvi=5&rmhost=r3---sn-qxo7rn7y.gvt1.com&smhost=r4---sn-qxo7rn7k.gvt1.com HTTP/1.1
Host: r5---sn-qxo7rn7y.gvt1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 2884452
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "111dab"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Sun, 17 Sep 2023 19:12:47 GMT
Last-Modified: Wed, 11 Jan 2017 18:19:45 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin