Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| bitbucket.org | 104.192.141.1 | |
| bbuseruploads.s3.amazonaws.com |
CNAME
s3-1-w.amazonaws.com
|
52.217.163.217 |
GET
302
https://bitbucket.org/malifesta/repository/downloads/CVE_Update_2021.jpeg
REQUEST
RESPONSE
BODY
GET /malifesta/repository/downloads/CVE_Update_2021.jpeg HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
Content-Security-Policy-Report-Only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
Server: nginx
X-Usage-Quota-Remaining: 999207.956
Vary: Accept-Language, Origin
X-Usage-Request-Cost: 805.13
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
X-B3-TraceId: 8a1f1fd934a4dc22
X-Usage-Output-Ops: 0
X-Dc-Location: Micros
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Fri, 19 Nov 2021 08:12:31 GMT
X-Usage-User-Time: 0.020128
X-Usage-System-Time: 0.004026
Location: https://bbuseruploads.s3.amazonaws.com/9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22
X-Served-By: ff5195d07fac
Expires: Fri, 19 Nov 2021 08:12:31 GMT
Content-Language: en
X-View-Name: bitbucket.apps.downloads.views.download_file
X-Static-Version: 0c85e1c84773
X-Render-Time: 0.0446639060974
Connection: keep-alive
X-Usage-Input-Ops: 0
X-Request-Count: 1910
X-Frame-Options: SAMEORIGIN
X-Version: 0c85e1c84773
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22
REQUEST
RESPONSE
BODY
GET /9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: /8MwpJ+i1ufJ+cGhWpAQ4AwBtii3izUVfkC2lbmIYMXbpafcfo2ADgKxttLWJMQFpcwAmLu8c60=
x-amz-request-id: GFAA541CDCM461QG
Date: Fri, 19 Nov 2021 08:12:32 GMT
Last-Modified: Thu, 18 Nov 2021 11:19:50 GMT
ETag: "c4413db58b65e2f2328b83b05dca6f59"
x-amz-version-id: QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp
Content-Disposition: attachment; filename="CVE_Update_2021.jpeg"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 395264
GET
302
https://bitbucket.org/malifesta/repository/downloads/CVE_Update_2021.jpeg
REQUEST
RESPONSE
BODY
GET /malifesta/repository/downloads/CVE_Update_2021.jpeg HTTP/1.1
Host: bitbucket.org
HTTP/1.1 302 Found
Content-Security-Policy-Report-Only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
Server: nginx
X-Usage-Quota-Remaining: 998951.342
Vary: Accept-Language, Origin
X-Usage-Request-Cost: 904.23
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
X-B3-TraceId: 3432cd8dedd685d3
X-Usage-Output-Ops: 0
X-Dc-Location: Micros
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Fri, 19 Nov 2021 08:12:33 GMT
X-Usage-User-Time: 0.025858
X-Usage-System-Time: 0.001269
Location: https://bbuseruploads.s3.amazonaws.com/9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22
X-Served-By: f33db339d57a
Expires: Fri, 19 Nov 2021 08:12:33 GMT
Content-Language: en
X-View-Name: bitbucket.apps.downloads.views.download_file
X-Static-Version: 0c85e1c84773
X-Render-Time: 0.0571081638336
Connection: keep-alive
X-Usage-Input-Ops: 0
X-Request-Count: 2370
X-Frame-Options: SAMEORIGIN
X-Version: 0c85e1c84773
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22
REQUEST
RESPONSE
BODY
GET /9a2c9a88-9c7d-4fbf-ad47-61608bd722a7/downloads/e4951140-889c-4816-ab10-8b242e25f9dd/CVE_Update_2021.jpeg?Signature=MhsFl0n3i3U35sNewiWsqeAAvNA%3D&Expires=1637311253&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp&response-content-disposition=attachment%3B%20filename%3D%22CVE_Update_2021.jpeg%22 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
HTTP/1.1 200 OK
x-amz-id-2: djoGyhHghqPwDhplF4xvH1qjstlKo+d3OwCAMrMVVIhC1d16ppNMLLGw9VbOqYhZfcJnQiLTuYs=
x-amz-request-id: 2NVZ5WCJ6RX9Q34Y
Date: Fri, 19 Nov 2021 08:12:34 GMT
Last-Modified: Thu, 18 Nov 2021 11:19:50 GMT
ETag: "c4413db58b65e2f2328b83b05dca6f59"
x-amz-version-id: QaQwwVgIdByirGNQDzHZ2X8Qea__Sdfp
Content-Disposition: attachment; filename="CVE_Update_2021.jpeg"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 395264
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49161 -> 104.192.141.1:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49163 -> 52.216.249.60:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49161 104.192.141.1:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=Private Organization, unknown=US, unknown=Delaware, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org | 4e:6a:4c:3b:82:15:ef:df:97:38:5e:50:ef:b9:86:42:84:3b:89:f0 |
|
TLS 1.2 192.168.56.101:49163 52.216.249.60:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.s3.amazonaws.com | 90:e0:af:dc:fa:f7:0b:ac:50:bb:fa:43:e1:ec:e2:3d:ce:91:90:47 |
Snort Alerts
No Snort Alerts