Report - redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip

Report Overview

Visited public
2024-07-17 14:25:23
Tags
URL
redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip
Finishing URL
about:privatebrowsing
IP / ASN
142.250.74.110
#15169 GOOGLE
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-16 18:12:11	2.3 kB	6.2 kB	23.33.119.57
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-16 18:31:26	1.3 kB	2.8 kB	142.250.74.131
redirector.gvt1.com	2070	2008-03-03	2014-04-02 15:10:51	2024-07-16 19:28:45	517 B	1.0 kB	142.250.74.110
r2---sn-capm-vnae.gvt1.com	unknown	2008-03-03	2015-07-23 07:32:03	2024-06-17 16:48:26	639 B	14 MB	91.90.45.173

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
r2---sn-capm-vnae.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip?cms_redirect=yes&mh=jM&mip=91.90.42.154&mm=28&mn=sn-capm-vnae&ms=nvh&mt=1721225817&mv=u&mvi=2&pl=23&shardbypass=sd
IP
91.90.45.173
ASN
#50304 Blix Solutions AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
14 MB (14250607 bytes)
Hash
4290a1abe603786662d2f713972173c6
32d9d4177368b865647d368cd35e88f79df47e19
890114bf2672326c4924ac18afdbbe245bf0b72a434052fed52e79743c7aebaf

Archive (5)

Filename

Md5

File type

widevinecdm.dll

4bf760b972b1d1d70344bf489e5e75c5

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 9 sections

widevinecdm.dll.sig

4046ca380d1ae117506296170d3a7f77

data

manifest.json

c539f451380bf75180768d67cda2bfa2

JSON text data

LICENSE.txt

49ddb419d96dceb9069018535fb2e2fc

ASCII text

widevinecdm.dll.lib

0ec02e9616d1e2cd6982b270b4f7524a

current ar archive

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (13)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 9fc6673328a72199efee32208e052486 e3cd507761b95ae04da178d9b0da347fcaa5fce6 133266844822ea13f6d0ffc2eda97a79e99cea9ec4defec2812cf4a86751283a HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "133266844822EA13F6D0FFC2EDA97A79E99CEA9EC4DEFEC2812CF4A86751283A" Last-Modified: Mon, 15 Jul 2024 20:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8496 Expires: Wed, 17 Jul 2024 16:46:29 GMT Date: Wed, 17 Jul 2024 14:24:53 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0ba28ae3ca920c46edf9c7a1f79db3ca b96f7bd71a6b1f9e08b5a0179c66553bf42875d2 e4acaf4113d4cda75edbbae5d28e17dffb959489cd6912b854c9e87a3ab50fd2 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E4ACAF4113D4CDA75EDBBAE5D28E17DFFB959489CD6912B854C9E87A3AB50FD2" Last-Modified: Mon, 15 Jul 2024 20:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15383 Expires: Wed, 17 Jul 2024 18:41:16 GMT Date: Wed, 17 Jul 2024 14:24:53 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c827d32609521c1e56829aac4640ab87 f6721b2c6abc469be2b70d165a58c75d5637408d a951edc9fce6d26583509aba1a0d759172986da854406dc2041f25dca4eb6798 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "A951EDC9FCE6D26583509ABA1A0D759172986DA854406DC2041F25DCA4EB6798" Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21356 Expires: Wed, 17 Jul 2024 20:20:50 GMT Date: Wed, 17 Jul 2024 14:24:54 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash d6a8982e5c8cce4f958455f8ea1e5814 d88c9d262e8282645ee77a1a3f29199b0422166a c18d568bc2c4d8544c593d76c943798ffd2de9596cb115879d51d403f080abea HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "C18D568BC2C4D8544C593D76C943798FFD2DE9596CB115879D51D403F080ABEA" Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2158 Expires: Wed, 17 Jul 2024 15:00:52 GMT Date: Wed, 17 Jul 2024 14:24:54 GMT Connection: keep-alive`

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 68cbeb97362cb1fd193bcaff349ec599 6e5ced18d57cda5f43a5122f211e7b474b918a26 086654872a2fb046f370443097a824463ff74d51cc27f5e6ab740c7c50d3d03c HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 17 Jul 2024 14:24:54 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip	142.250.74.110	302 Found	430 B
URL User Request GET HTTP/2 redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip IP 142.250.74.110:443 ASN #15169 GOOGLE Certificate IssuerGoogle Trust Services Subject.google.com Fingerprint0B:28:0E:1B:FF:FC:C8:1B:AF:D7:4E:50:F3:EE:75:59:BB:D5:46:24 ValidityMon, 24 Jun 2024 06:35:44 GMT - Mon, 16 Sep 2024 06:35:43 GMT File type HTML document, ASCII text, with CRLF, LF line terminators Size 430 B (430 bytes) Hash 053e2b7a5cfc2fc8ca4d409193382890 e1fa92e46098f7fe5ffb82ada317bc54ca8de346 c904b4a44ca71c7982d443e87e3b7b743dbe0f749a9e9887e3b150190e81b1dd HTTP Headers GET /edgedl/widevine-cdm/4.10.2710.0-win-x86.zip HTTP/1.1 Host: redirector.gvt1.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Wed, 17 Jul 2024 14:24:54 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate x-content-type-options: nosniff location: https://r2---sn-capm-vnae.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip?cms_redirect=yes&mh=jM&mip=91.90.42.154&mm=28&mn=sn-capm-vnae&ms=nvh&mt=1721225817&mv=u&mvi=2&pl=23&shardbypass=sd content-type: text/html; charset=UTF-8 server: ClientMapServer content-length: 430 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	o.pki.goog/wr2	142.250.74.131		471 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash b5bd30cdfca275639fb1571e38fe19e9 7255ef2988ff8203eac4e4b6c4832a97dcea2e71 057538342b89f35b90bf99c6c640cf05fbaff9a0fccfbb361b4bacaa29eebd91 HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 17 Jul 2024 14:24:54 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	o.pki.goog/wr2	142.250.74.131		472 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 68cbeb97362cb1fd193bcaff349ec599 6e5ced18d57cda5f43a5122f211e7b474b918a26 086654872a2fb046f370443097a824463ff74d51cc27f5e6ab740c7c50d3d03c HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 17 Jul 2024 14:24:54 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	o.pki.goog/wr2	142.250.74.131		471 B
URL o.pki.goog/wr2 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash b5bd30cdfca275639fb1571e38fe19e9 7255ef2988ff8203eac4e4b6c4832a97dcea2e71 057538342b89f35b90bf99c6c640cf05fbaff9a0fccfbb361b4bacaa29eebd91 HTTP Headers `POST /wr2 HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 17 Jul 2024 14:24:55 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	r2---sn-capm-vnae.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip?cms_redirect=yes&mh=jM&mip=91.90.42.154&mm=28&mn=sn-capm-vnae&ms=nvh&mt=1721225817&mv=u&mvi=2&pl=23&shardbypass=sd	91.90.45.173	200 OK	14 MB
URL User Request GET HTTP/1.1 r2---sn-capm-vnae.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x86.zip?cms_redirect=yes&mh=jM&mip=91.90.42.154&mm=28&mn=sn-capm-vnae&ms=nvh&mt=1721225817&mv=u&mvi=2&pl=23&shardbypass=sd IP 91.90.45.173:443 ASN #50304 Blix Solutions AS Certificate IssuerGoogle Trust Services Subject.googlevideo.com Fingerprint71:D9:A9:2C:C3:9E:82:AB:7E:03:AE:47:02:E4:E0:AD:18:B8:08:9E ValidityTue, 09 Jul 2024 14:34:20 GMT - Tue, 17 Sep 2024 14:34:19 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 14 MB (14250607 bytes) Hash 4290a1abe603786662d2f713972173c6 32d9d4177368b865647d368cd35e88f79df47e19 890114bf2672326c4924ac18afdbbe245bf0b72a434052fed52e79743c7aebaf HTTP Headers GET /edgedl/widevine-cdm/4.10.2710.0-win-x86.zip?cms_redirect=yes&mh=jM&mip=91.90.42.154&mm=28&mn=sn-capm-vnae&ms=nvh&mt=1721225817&mv=u&mvi=2&pl=23&shardbypass=sd HTTP/1.1 Host: r2---sn-capm-vnae.gvt1.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: public,max-age=86400 Content-Disposition: attachment Content-Length: 14250607 Content-Security-Policy: default-src 'none' Content-Type: application/zip Etag: "1d3918a" Server: downloads X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 Date: Wed, 17 Jul 2024 08:17:16 GMT Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT Connection: keep-alive Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46" Vary: Origin

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c5fe3e5860e9afb843ae32b8f349f4c7 78e8faf3194e82bcb4fed0d89bd1989501dd8d2a 806921e95846539e7849756068c5afcd2fb93d1ccbb7604b5d8d18805538faf5 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "806921E95846539E7849756068C5AFCD2FB93D1CCBB7604B5D8D18805538FAF5" Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14160 Expires: Wed, 17 Jul 2024 18:20:58 GMT Date: Wed, 17 Jul 2024 14:24:58 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c5fe3e5860e9afb843ae32b8f349f4c7 78e8faf3194e82bcb4fed0d89bd1989501dd8d2a 806921e95846539e7849756068c5afcd2fb93d1ccbb7604b5d8d18805538faf5 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "806921E95846539E7849756068C5AFCD2FB93D1CCBB7604B5D8D18805538FAF5" Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14160 Expires: Wed, 17 Jul 2024 18:20:58 GMT Date: Wed, 17 Jul 2024 14:24:58 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c5fe3e5860e9afb843ae32b8f349f4c7 78e8faf3194e82bcb4fed0d89bd1989501dd8d2a 806921e95846539e7849756068c5afcd2fb93d1ccbb7604b5d8d18805538faf5 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "806921E95846539E7849756068C5AFCD2FB93D1CCBB7604B5D8D18805538FAF5" Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14160 Expires: Wed, 17 Jul 2024 18:20:58 GMT Date: Wed, 17 Jul 2024 14:24:58 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (5)

Detections

JavaScript (0)

HTTP Transactions (13)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers