Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
bitbucket.org | 104.192.141.1 | |
bbuseruploads.s3.amazonaws.com |
CNAME
s3-1-w.amazonaws.com
A
3.5.0.3
|
52.217.138.65 |
GET
302
https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe
REQUEST
RESPONSE
BODY
GET /tanosx/clockbrix/downloads/Chrome_Password_Remover.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
server: envoy
x-usage-quota-remaining: 999146.812
vary: Accept-Language, Origin
x-usage-request-cost: 868.70
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
Content-Type: text/html; charset=utf-8
x-b3-traceid: 432ba447ce8dbdd2
x-usage-output-ops: 0
x-used-mesh: False
x-dc-location: Micros-3
content-security-policy: base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--ddev-west--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 08 Jul 2024 08:09:29 GMT
x-usage-user-time: 0.025601
x-usage-system-time: 0.000460
location: https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207
expires: Mon, 08 Jul 2024 08:09:29 GMT
x-served-by: 8b658f7d5c54
x-envoy-upstream-service-time: 65
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-b3-spanid: 432ba447ce8dbdd2
x-static-version: 54a8ccfaf741
x-render-time: 0.05120730400085449
Connection: keep-alive
x-usage-input-ops: 0
x-version: 54a8ccfaf741
x-request-count: 1681
x-frame-options: SAMEORIGIN
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207
REQUEST
RESPONSE
BODY
GET /443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: paLk0VQcPHrd42PLhlSqsCNW7wNExJ8+7lC4BmHl5Km2G+RAPReflFlS6cuyv25GfMtCRQEzB0nBumxd97TAxdmlDa2at7xf
x-amz-request-id: FPSMZS4NAYYJMVAA
Date: Mon, 08 Jul 2024 08:09:31 GMT
Last-Modified: Sat, 06 Jul 2024 19:30:31 GMT
ETag: "f308be1162c86c3d72ad06c4c85a67d4"
x-amz-server-side-encryption: AES256
x-amz-version-id: zgzdnwGQr1j8.sD0q2Dqp3Nq4XzvVcpm
Content-Disposition: attachment; filename="Chrome_Password_Remover.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdos-program
Server: AmazonS3
Content-Length: 7386624
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49165 3.5.29.53:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.s3.amazonaws.com | 57:fe:c9:73:13:31:ca:2c:91:7f:05:c3:3b:16:ff:3f:1b:d8:7d:e2 |
TLS 1.2 192.168.56.101:49164 104.192.141.1:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian US, Inc., CN=bitbucket.org | bf:7c:47:a3:25:75:32:6e:c5:f8:ea:29:e6:bd:ba:2d:a7:99:28:78 |
Snort Alerts
No Snort Alerts