| bitbucket.org/tertegfj/fnbvdf/downloads/dpfapdo.txt |  185.166.143.49 | 302 Found | 0 B |
URL User Request GET HTTP/2bitbucket.org/tertegfj/fnbvdf/downloads/dpfapdo.txt IP185.166.143.49:443
CertificateIssuerDigiCert Inc Subjectbitbucket.org Fingerprint2A:B7:65:D0:F2:15:5D:A9:32:63:6F:1B:9D:6A:14:0B:B8:63:A1:17 ValidityTue, 30 Jul 2024 00:00:00 GMT - Sat, 30 Aug 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tertegfj/fnbvdf/downloads/dpfapdo.txt HTTP/1.1
Host: bitbucket.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 16 Jan 2025 22:03:51 GMT
content-type: text/html; charset=utf-8
content-length: 0
server: AtlassianEdge
location: https://bbuseruploads.s3.amazonaws.com/65a5b72c-b681-4bc3-bd3c-3c0f0800ae4d/downloads/6a3ee2e7-6eee-414d-b456-99584a2d2de2/dpfapdo.txt?response-content-disposition=attachment%3B%20filename%3D%22dpfapdo.txt%22&AWSAccessKeyId=ASIA6KOSE3BNGMT7BDH4&Signature=CcjA09DkCtGN0mhe%2BUlRpgegwPw%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFYaCXVzLWVhc3QtMSJGMEQCIBgmfXRixWOrAALEx6GQPrG16yQ7eKLbosdyfIjeQ9dLAiBQEk%2BYPI65H0d%2FaJFePvDlHSVizYk%2FdUM4a%2B6ojlNdhSqnAghPEAAaDDk4NDUyNTEwMTE0NiIMHu1T4P3dJqAIFhrRKoQC21rhwGm5gN5IqrLCIvYtagFQXAx2%2FusARlr7LVRq9gqGvjbV%2BH4yznoVTj8PkaBvwuEf4wwTrn3oxVtMrGKDrNd0gdddksbGvK4aZAvE1hTh5dZFG9x7Fv5QyG5lWx3tjGkQd7b09oPxtz4mtHMO0X6%2BTgBD%2B8TrflRwybVA4SHio%2BXGhY%2FHZwu%2BFXVdNLuKMGAWG1gIVslFZwnKN0WtsqSy9cNvUUVcJa1JNPyWOLccoAylv44PEaoYq6%2BU4aXm0vx5GkWhIu0LOjb%2BjF6vYYAeYRzCGht7qB7CmSPx4QrlDy%2FQe7LxiUPez9eqDI61cyAPWgMSjuK7NcEMSqR8dElir7ww%2Ff%2BlvAY6ngHy5KpQxQ%2F%2FoEEA9UnPqI6towHvdU31vg1Vbql5xfrvXPhUe5lb39NqKB3pKB1GabL8LMEhBEqKlPHuEM6wRfeAFlZqXKQ%2F5NGtb7z4xBR%2BTbgNhE96gs82JegfMox38gT3SzCoTZXenURYN8giM4Tw5nPX1oDe0PoFbTzh48nhlLu2Ao1GzRhU9TumUuxkkGBCqAKUFztFRJfxAysp2g%3D%3D&Expires=1737066245
expires: Thu, 16 Jan 2025 22:03:51 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
x-used-mesh: False
vary: Accept-Language, Origin
content-language: en
x-view-name: bitbucket.apps.downloads.views.download_file
x-dc-location: Micros-3
x-served-by: d31b688325eb
x-version: 713c71fd9954
x-static-version: 713c71fd9954
x-request-count: 1976
x-render-time: 0.055255889892578125
x-b3-traceid: 288713595ee14b92b25af379949ffb8a
x-b3-spanid: f3e1262c4c0a7890
x-frame-options: SAMEORIGIN
content-security-policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; base-uri 'self'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
x-usage-quota-remaining: 998191.379
x-usage-request-cost: 952.63
x-usage-user-time: 0.027609
x-usage-system-time: 0.000970
x-usage-input-ops: 0
x-usage-output-ops: 0
age: 0
x-cache: MISS
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
atl-traceid: 288713595ee14b92b25af379949ffb8a
atl-request-id: 28871359-5ee1-4b92-b25a-f379949ffb8a
strict-transport-security: max-age=63072000; includeSubDomains; preload
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
server-timing: atl-edge;dur=163,atl-edge-internal;dur=3,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-eu-central-1"
X-Firefox-Spdy: h2
|
| bbuseruploads.s3.amazonaws.com/65a5b72c-b681-4bc3-bd3c-3c0f0800ae4d/downloads/6a3ee2e7-6eee-414d-b456-99584a2d2de2/dpfapdo.txt?response-content-disposition=attachment%3B%20filename%3D%22dpfapdo.txt%22&AWSAccessKeyId=ASIA6KOSE3BNGMT7BDH4&Signature=CcjA09DkCtGN0mhe%2BUlRpgegwPw%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFYaCXVzLWVhc3QtMSJGMEQCIBgmfXRixWOrAALEx6GQPrG16yQ7eKLbosdyfIjeQ9dLAiBQEk%2BYPI65H0d%2FaJFePvDlHSVizYk%2FdUM4a%2B6ojlNdhSqnAghPEAAaDDk4NDUyNTEwMTE0NiIMHu1T4P3dJqAIFhrRKoQC21rhwGm5gN5IqrLCIvYtagFQXAx2%2FusARlr7LVRq9gqGvjbV%2BH4yznoVTj8PkaBvwuEf4wwTrn3oxVtMrGKDrNd0gdddksbGvK4aZAvE1hTh5dZFG9x7Fv5QyG5lWx3tjGkQd7b09oPxtz4mtHMO0X6%2BTgBD%2B8TrflRwybVA4SHio%2BXGhY%2FHZwu%2BFXVdNLuKMGAWG1gIVslFZwnKN0WtsqSy9cNvUUVcJa1JNPyWOLccoAylv44PEaoYq6%2BU4aXm0vx5GkWhIu0LOjb%2BjF6vYYAeYRzCGht7qB7CmSPx4QrlDy%2FQe7LxiUPez9eqDI61cyAPWgMSjuK7NcEMSqR8dElir7ww%2Ff%2BlvAY6ngHy5KpQxQ%2F%2FoEEA9UnPqI6towHvdU31vg1Vbql5xfrvXPhUe5lb39NqKB3pKB1GabL8LMEhBEqKlPHuEM6wRfeAFlZqXKQ%2F5NGtb7z4xBR%2BTbgNhE96gs82JegfMox38gT3SzCoTZXenURYN8giM4Tw5nPX1oDe0PoFbTzh48nhlLu2Ao1GzRhU9TumUuxkkGBCqAKUFztFRJfxAysp2g%3D%3D&Expires=1737066245 |  52.217.229.9 | 200 OK | 430 kB |
URL User Request GET HTTP/1.1bbuseruploads.s3.amazonaws.com/65a5b72c-b681-4bc3-bd3c-3c0f0800ae4d/downloads/6a3ee2e7-6eee-414d-b456-99584a2d2de2/dpfapdo.txt?response-content-disposition=attachment%3B%20filename%3D%22dpfapdo.txt%22&AWSAccessKeyId=ASIA6KOSE3BNGMT7BDH4&Signature=CcjA09DkCtGN0mhe%2BUlRpgegwPw%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFYaCXVzLWVhc3QtMSJGMEQCIBgmfXRixWOrAALEx6GQPrG16yQ7eKLbosdyfIjeQ9dLAiBQEk%2BYPI65H0d%2FaJFePvDlHSVizYk%2FdUM4a%2B6ojlNdhSqnAghPEAAaDDk4NDUyNTEwMTE0NiIMHu1T4P3dJqAIFhrRKoQC21rhwGm5gN5IqrLCIvYtagFQXAx2%2FusARlr7LVRq9gqGvjbV%2BH4yznoVTj8PkaBvwuEf4wwTrn3oxVtMrGKDrNd0gdddksbGvK4aZAvE1hTh5dZFG9x7Fv5QyG5lWx3tjGkQd7b09oPxtz4mtHMO0X6%2BTgBD%2B8TrflRwybVA4SHio%2BXGhY%2FHZwu%2BFXVdNLuKMGAWG1gIVslFZwnKN0WtsqSy9cNvUUVcJa1JNPyWOLccoAylv44PEaoYq6%2BU4aXm0vx5GkWhIu0LOjb%2BjF6vYYAeYRzCGht7qB7CmSPx4QrlDy%2FQe7LxiUPez9eqDI61cyAPWgMSjuK7NcEMSqR8dElir7ww%2Ff%2BlvAY6ngHy5KpQxQ%2F%2FoEEA9UnPqI6towHvdU31vg1Vbql5xfrvXPhUe5lb39NqKB3pKB1GabL8LMEhBEqKlPHuEM6wRfeAFlZqXKQ%2F5NGtb7z4xBR%2BTbgNhE96gs82JegfMox38gT3SzCoTZXenURYN8giM4Tw5nPX1oDe0PoFbTzh48nhlLu2Ao1GzRhU9TumUuxkkGBCqAKUFztFRJfxAysp2g%3D%3D&Expires=1737066245 IP52.217.229.9:443
CertificateIssuerAmazon Subject*.s3.amazonaws.com Fingerprint57:FE:C9:73:13:31:CA:2C:91:7F:05:C3:3B:16:FF:3F:1B:D8:7D:E2 ValidityMon, 22 Apr 2024 00:00:00 GMT - Mon, 07 Apr 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size430 kB (429676 bytes) Hash68906a14d8dd9f9963d90eaa444543db a7c2177520752146374788af0bbdb8171e6a00cc 371a50bb0db16e949acb4c3af87392a95fb7ecf9fb132043ee481016955a921b
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Base64 encoded file | | Public Nextron YARA rules | malware | Detects an base64 encoded executable with reversed characters |
GET /65a5b72c-b681-4bc3-bd3c-3c0f0800ae4d/downloads/6a3ee2e7-6eee-414d-b456-99584a2d2de2/dpfapdo.txt?response-content-disposition=attachment%3B%20filename%3D%22dpfapdo.txt%22&AWSAccessKeyId=ASIA6KOSE3BNGMT7BDH4&Signature=CcjA09DkCtGN0mhe%2BUlRpgegwPw%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFYaCXVzLWVhc3QtMSJGMEQCIBgmfXRixWOrAALEx6GQPrG16yQ7eKLbosdyfIjeQ9dLAiBQEk%2BYPI65H0d%2FaJFePvDlHSVizYk%2FdUM4a%2B6ojlNdhSqnAghPEAAaDDk4NDUyNTEwMTE0NiIMHu1T4P3dJqAIFhrRKoQC21rhwGm5gN5IqrLCIvYtagFQXAx2%2FusARlr7LVRq9gqGvjbV%2BH4yznoVTj8PkaBvwuEf4wwTrn3oxVtMrGKDrNd0gdddksbGvK4aZAvE1hTh5dZFG9x7Fv5QyG5lWx3tjGkQd7b09oPxtz4mtHMO0X6%2BTgBD%2B8TrflRwybVA4SHio%2BXGhY%2FHZwu%2BFXVdNLuKMGAWG1gIVslFZwnKN0WtsqSy9cNvUUVcJa1JNPyWOLccoAylv44PEaoYq6%2BU4aXm0vx5GkWhIu0LOjb%2BjF6vYYAeYRzCGht7qB7CmSPx4QrlDy%2FQe7LxiUPez9eqDI61cyAPWgMSjuK7NcEMSqR8dElir7ww%2Ff%2BlvAY6ngHy5KpQxQ%2F%2FoEEA9UnPqI6towHvdU31vg1Vbql5xfrvXPhUe5lb39NqKB3pKB1GabL8LMEhBEqKlPHuEM6wRfeAFlZqXKQ%2F5NGtb7z4xBR%2BTbgNhE96gs82JegfMox38gT3SzCoTZXenURYN8giM4Tw5nPX1oDe0PoFbTzh48nhlLu2Ao1GzRhU9TumUuxkkGBCqAKUFztFRJfxAysp2g%3D%3D&Expires=1737066245 HTTP/1.1
Host: bbuseruploads.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: c8AbmzNITO5UqmfHWdz7gru/8ZKMQ2OlehfVr85KvE15C95Cz9oo4E+uAoo/Isy7j1tG2qXFupw=
x-amz-request-id: JZ2BH6F100VG2SX4
Date: Thu, 16 Jan 2025 22:03:52 GMT
Last-Modified: Thu, 16 Jan 2025 20:45:55 GMT
ETag: "68906a14d8dd9f9963d90eaa444543db"
x-amz-server-side-encryption: AES256
x-amz-version-id: rCk3HqYreT7eDyt4jJZdM0_laURET6ci
Content-Disposition: attachment; filename="dpfapdo.txt"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 429676
Server: AmazonS3
|