Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
bitbucket.org | 185.166.140.7 | |
bbuseruploads.s3.amazonaws.com |
CNAME
s3-1-w.amazonaws.com
|
54.231.231.113 |
GET
302
https://bitbucket.org/cloudappsoftware/vsc/downloads/GlitchClipper.exe
REQUEST
RESPONSE
BODY
GET /cloudappsoftware/vsc/downloads/GlitchClipper.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Sun, 11 Aug 2024 05:57:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Server: AtlassianEdge
Location: https://bbuseruploads.s3.amazonaws.com/0046344b-dbc7-4633-ba53-858e97e1e5e3/downloads/e035ed78-1bf0-4b5e-b1b5-5452a9c00962/GlitchClipper.exe?response-content-disposition=attachment%3B%20filename%3D%22GlitchClipper.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNACKCQR3&Signature=0WJdjhH0SzZbZrg4qmi8SZhFZ1c%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEHYaCXVzLWVhc3QtMSJGMEQCIEk%2BARBMnCUmBc%2B4pE%2FLa%2FXufm9B9egBuQycdCg0PqkwAiB%2FJLKBV7ZCeo6kUBQVydv1ivbUl3CHG7AFwB5Ve1dCDCqnAghvEAAaDDk4NDUyNTEwMTE0NiIMOVl5UzuIlAe9MITSKoQCVVtkn%2FpUoHlSF02oe4h2lTomBpfefAEuKnNpHAuBWN7prPQgMTqVZWNuxiUYi1unMhcX2MkjGlQ4VbMWl7v0XjUEneW8uXb3jjfbwjBpUu9%2FehfDZcef8pKMqekxlnv7uYSkEUIqP7%2FxJKYRxxNYkQgfMBtOIMlNk2D0XzSI0jaeRzup4oYiGftG6Y62slfk4MfdNZ4Fr0fmaicEs%2FVc6X2UkwpF%2FYlfORUKcjK1Oc%2BzjmQDyjw4IVi7N6%2FfR0UKtOnQ58AOpnyt1jeZe3V3I1ajPYwFppy2QHHWYbuI49pGZGqy1%2BNIIgPHME5oVe4FJPKixo3xpnPL3OXsaW31abikMj0wkqDhtQY6ngEuq0NPpIJ4eoRobfM450Na17ef9eAvuAhiGVozXMuLABm9hdgvUUFB2x6r2%2BVsNi7xP9DvAXE5f1tArFGJjVEs8wwsJVM%2BtqfacjbOLG8Dh1EyJfGJjgom65rQfHPRPyDA6UamyxSfg9WC9zkEq4nZwz2Wm3mc3k6cLzQfk8Mr6HumakVxDKW4UAqaYDtFt%2BzVIEkRzKYcxiogT%2FvSMA%3D%3D&Expires=1723356954
Expires: Sun, 11 Aug 2024 05:57:45 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
X-Used-Mesh: False
Vary: Accept-Language, Origin
Content-Language: en
X-View-Name: bitbucket.apps.downloads.views.download_file
X-Dc-Location: Micros-3
X-Served-By: 07e2497f71cc
X-Version: e919bc9cc4d0
X-Static-Version: e919bc9cc4d0
X-Request-Count: 1005
X-Render-Time: 0.036920785903930664
X-B3-Traceid: 68b01fd92a434ff5ac7ef417a97a8bb3
X-B3-Spanid: 2c529598b7dfb5f8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: base-uri 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; object-src 'none'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev-west--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
X-Usage-Quota-Remaining: 999339.052
X-Usage-Request-Cost: 672.07
X-Usage-User-Time: 0.020162
X-Usage-System-Time: 0.000000
X-Usage-Input-Ops: 0
X-Usage-Output-Ops: 0
Age: 0
X-Cache: MISS
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Atl-Traceid: 68b01fd92a434ff5ac7ef417a97a8bb3
Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
GET
200
https://bbuseruploads.s3.amazonaws.com/0046344b-dbc7-4633-ba53-858e97e1e5e3/downloads/e035ed78-1bf0-4b5e-b1b5-5452a9c00962/GlitchClipper.exe?response-content-disposition=attachment%3B%20filename%3D%22GlitchClipper.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNACKCQR3&Signature=0WJdjhH0SzZbZrg4qmi8SZhFZ1c%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEHYaCXVzLWVhc3QtMSJGMEQCIEk%2BARBMnCUmBc%2B4pE%2FLa%2FXufm9B9egBuQycdCg0PqkwAiB%2FJLKBV7ZCeo6kUBQVydv1ivbUl3CHG7AFwB5Ve1dCDCqnAghvEAAaDDk4NDUyNTEwMTE0NiIMOVl5UzuIlAe9MITSKoQCVVtkn%2FpUoHlSF02oe4h2lTomBpfefAEuKnNpHAuBWN7prPQgMTqVZWNuxiUYi1unMhcX2MkjGlQ4VbMWl7v0XjUEneW8uXb3jjfbwjBpUu9%2FehfDZcef8pKMqekxlnv7uYSkEUIqP7%2FxJKYRxxNYkQgfMBtOIMlNk2D0XzSI0jaeRzup4oYiGftG6Y62slfk4MfdNZ4Fr0fmaicEs%2FVc6X2UkwpF%2FYlfORUKcjK1Oc%2BzjmQDyjw4IVi7N6%2FfR0UKtOnQ58AOpnyt1jeZe3V3I1ajPYwFppy2QHHWYbuI49pGZGqy1%2BNIIgPHME5oVe4FJPKixo3xpnPL3OXsaW31abikMj0wkqDhtQY6ngEuq0NPpIJ4eoRobfM450Na17ef9eAvuAhiGVozXMuLABm9hdgvUUFB2x6r2%2BVsNi7xP9DvAXE5f1tArFGJjVEs8wwsJVM%2BtqfacjbOLG8Dh1EyJfGJjgom65rQfHPRPyDA6UamyxSfg9WC9zkEq4nZwz2Wm3mc3k6cLzQfk8Mr6HumakVxDKW4UAqaYDtFt%2BzVIEkRzKYcxiogT%2FvSMA%3D%3D&Expires=1723356954
REQUEST
RESPONSE
BODY
GET /0046344b-dbc7-4633-ba53-858e97e1e5e3/downloads/e035ed78-1bf0-4b5e-b1b5-5452a9c00962/GlitchClipper.exe?response-content-disposition=attachment%3B%20filename%3D%22GlitchClipper.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNACKCQR3&Signature=0WJdjhH0SzZbZrg4qmi8SZhFZ1c%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEHYaCXVzLWVhc3QtMSJGMEQCIEk%2BARBMnCUmBc%2B4pE%2FLa%2FXufm9B9egBuQycdCg0PqkwAiB%2FJLKBV7ZCeo6kUBQVydv1ivbUl3CHG7AFwB5Ve1dCDCqnAghvEAAaDDk4NDUyNTEwMTE0NiIMOVl5UzuIlAe9MITSKoQCVVtkn%2FpUoHlSF02oe4h2lTomBpfefAEuKnNpHAuBWN7prPQgMTqVZWNuxiUYi1unMhcX2MkjGlQ4VbMWl7v0XjUEneW8uXb3jjfbwjBpUu9%2FehfDZcef8pKMqekxlnv7uYSkEUIqP7%2FxJKYRxxNYkQgfMBtOIMlNk2D0XzSI0jaeRzup4oYiGftG6Y62slfk4MfdNZ4Fr0fmaicEs%2FVc6X2UkwpF%2FYlfORUKcjK1Oc%2BzjmQDyjw4IVi7N6%2FfR0UKtOnQ58AOpnyt1jeZe3V3I1ajPYwFppy2QHHWYbuI49pGZGqy1%2BNIIgPHME5oVe4FJPKixo3xpnPL3OXsaW31abikMj0wkqDhtQY6ngEuq0NPpIJ4eoRobfM450Na17ef9eAvuAhiGVozXMuLABm9hdgvUUFB2x6r2%2BVsNi7xP9DvAXE5f1tArFGJjVEs8wwsJVM%2BtqfacjbOLG8Dh1EyJfGJjgom65rQfHPRPyDA6UamyxSfg9WC9zkEq4nZwz2Wm3mc3k6cLzQfk8Mr6HumakVxDKW4UAqaYDtFt%2BzVIEkRzKYcxiogT%2FvSMA%3D%3D&Expires=1723356954 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: QuLlC4mE/MNLwcgkwpT5Is5I08eGnEPP0ZL+N1ZEFT7pvOEwL/zCCiq3ngG/rhTRM1X1CFfkRHGuxTG9MIK2TEKUUykkvTX4BZS8ftyFIe4=
x-amz-request-id: SR8AMSCXJF1PY6GQ
Date: Sun, 11 Aug 2024 05:57:47 GMT
Last-Modified: Fri, 09 Aug 2024 08:45:20 GMT
ETag: "8ecad7a38a26ac1fc2c7804afd0599fa"
x-amz-server-side-encryption: AES256
x-amz-version-id: Z7sJ_CCE30EIFopkuhBdnKj2LE_oKFl3
Content-Disposition: attachment; filename="GlitchClipper.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Server: AmazonS3
Content-Length: 560640
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49165 185.166.140.9:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian US, Inc., CN=bitbucket.org | 2a:b7:65:d0:f2:15:5d:a9:32:63:6f:1b:9d:6a:14:0b:b8:63:a1:17 |
TLS 1.2 192.168.56.101:49166 3.5.29.22:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.s3.amazonaws.com | 57:fe:c9:73:13:31:ca:2c:91:7f:05:c3:3b:16:ff:3f:1b:d8:7d:e2 |
Snort Alerts
No Snort Alerts