www.cybereason.com Open in urlscan Pro
2606:4700::6811:88b4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Submission: On February 09 via manual (February 9th 2020, 2:00:45 pm UTC) from CA

Summary HTTP 122 Redirects Links 43 Behaviour Indicators

Summary

This website contacted 39 IPs in 8 countries across 32 domains to perform 122 HTTP transactions. The main IP is 2606:4700::6811:88b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cybereason.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 17th 2019. Valid for: a year.

This is the only time www.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
56	2606:4700::68... 2606:4700::6811:88b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	23.38.53.224 23.38.53.224	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE)
1	2606:2800:133... 2606:2800:133:7403:4a68:7eff:710b:1ddf	15133 (EDGECAST) (EDGECAST)
1	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2)
3	2606:4700::68... 2606:4700::6811:4104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:f905	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:10:... 2606:4700:10::6814:6e27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.210.250.44 23.210.250.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.112.65 151.101.112.65	54113 (FASTLY) (FASTLY)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	54.173.179.199 54.173.179.199	14618 (AMAZON-AES) (AMAZON-AES)
1	147.75.33.131 147.75.33.131	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:f3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:64:... 2a02:26f0:64:186::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	64.202.112.63 64.202.112.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 2	2a00:1450:400... 2a00:1450:4001:816::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE)
1	147.75.102.13 147.75.102.13	54825 (PACKET) (PACKET)
6 9	34.252.172.232 34.252.172.232	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:74b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e7cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	52.44.183.235 52.44.183.235	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	185.33.223.100 185.33.223.100	29990 (ASN-APPNEX) (ASN-APPNEX)
1	147.75.102.231 147.75.102.231	54825 (PACKET) (PACKET)
1 2	52.21.56.60 52.21.56.60	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
122	39

56 2606:4700::6811:88b4 (United States)

ASN13335 (CLOUDFLARENET, US)

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.38.53.224 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-53-224.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:7403:4a68:7eff:710b:1ddf (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2, US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:f905 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6814:6e27 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-44.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.65 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.179.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-179-199.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.131 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress7

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:64:186::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.63 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
amplifypixel.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.102.13 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress1

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.252.172.232 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:74b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e7cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.44.183.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-183-235.compute-1.amazonaws.com

pixel.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.100 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.102.231 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress10

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.21.56.60 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-56-60.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	cybereason.com www.cybereason.com	4 MB
11	typekit.net use.typekit.net p.typekit.net	178 KB
10	prfct.co 6 redirects pixel-geo.prfct.co pixel.prfct.co	4 KB
7	hubspot.com no-cache.hubspot.com track.hubspot.com forms.hubspot.com	4 KB
4	facebook.net connect.facebook.net	200 KB
4	linkedin.com 2 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com	58 KB
3	twitter.com platform.twitter.com analytics.twitter.com	29 KB
3	doubleclick.net 2 redirects googleads.g.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net	2 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	73 KB
3	outbrain.com amplify.outbrain.com tr.outbrain.com amplifypixel.outbrain.com	4 KB
3	addtoany.com static.addtoany.com	59 KB
3	cloudflare.com cdnjs.cloudflare.com	97 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	leadlander.com 1 redirects tracking.leadlander.com	644 B
2	adnxs.com 1 redirects secure.adnxs.com	2 KB
2	openx.net 1 redirects us-u.openx.net	492 B
2	facebook.com www.facebook.com	396 B
2	google.de www.google.de	219 B
2	google.com 1 redirects www.google.com	310 B
2	gstatic.com fonts.gstatic.com	36 KB
1	licdn.com snap.licdn.com	2 KB
1	hubapi.com api.hubapi.com	595 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	yahoo.com 1 redirects ads.yahoo.com	635 B
1	hsleadflows.net js.hsleadflows.net	61 KB
1	hs-analytics.net js.hs-analytics.net	26 KB
1	hsadspixel.net js.hsadspixel.net	2 KB
1	hubspot.net cdn2.hubspot.net	51 KB
1	sf14g.com t.sf14g.com	37 KB
1	marinsm.com tag.marinsm.com	10 KB
1	rawgit.com cdn.rawgit.com	2 KB
1	googleadservices.com www.googleadservices.com	10 KB
122	32

	Domain	Requested by
56	www.cybereason.com	www.cybereason.com
10	use.typekit.net	www.cybereason.com use.typekit.net
9	pixel-geo.prfct.co	6 redirects www.cybereason.com
5	track.hubspot.com
4	connect.facebook.net	www.cybereason.com connect.facebook.net
3	static.addtoany.com	www.cybereason.com static.addtoany.com
3	cdnjs.cloudflare.com	www.cybereason.com
2	px.ads.linkedin.com	1 redirects
2	www.google-analytics.com	1 redirects www.cybereason.com
2	tracking.leadlander.com	1 redirects www.cybereason.com
2	secure.adnxs.com	1 redirects www.cybereason.com
2	us-u.openx.net	1 redirects www.cybereason.com
2	platform.twitter.com	www.cybereason.com platform.twitter.com
2	www.facebook.com	www.cybereason.com
2	www.google.de	www.cybereason.com
2	www.google.com	1 redirects www.cybereason.com
2	fonts.gstatic.com	www.cybereason.com
1	stats.g.doubleclick.net	1 redirects
1	www.linkedin.com	1 redirects
1	snap.licdn.com	js.hsadspixel.net
1	forms.hubspot.com	js.hsleadflows.net
1	api.hubapi.com	js.hsadspixel.net
1	vars.hotjar.com	static.hotjar.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	www.cybereason.com
1	pixel.prfct.co	www.cybereason.com
1	ads.yahoo.com	1 redirects
1	analytics.twitter.com	www.cybereason.com
1	js.hsleadflows.net	www.cybereason.com
1	js.hs-analytics.net	www.cybereason.com
1	js.hsadspixel.net	www.cybereason.com
1	script.hotjar.com	static.hotjar.com
1	amplifypixel.outbrain.com	www.cybereason.com
1	tr.outbrain.com	www.cybereason.com
1	p.typekit.net	www.cybereason.com
1	cdn2.hubspot.net	www.cybereason.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	static.hotjar.com	www.cybereason.com
1	t.sf14g.com	www.cybereason.com
1	tag.marinsm.com	www.cybereason.com
1	amplify.outbrain.com	www.cybereason.com
1	no-cache.hubspot.com	www.cybereason.com
1	cdn.rawgit.com	www.cybereason.com
1	platform.linkedin.com	www.cybereason.com
1	www.googleadservices.com	www.cybereason.com
122	45

This site contains links to these domains. Also see Links.

Domain
bitbucket.org
www.oreans.com
www.autoitscript.com
www.fortinet.com
blog.malwarebytes.com
attack.mitre.org
blogs.quickheal.com
cyware.com
github.com
www.acronis.com
www.addtoany.com
twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
www.cybereason.com CloudFlare Inc ECC CA-2	`2019-09-17` - `2020-09-16`	a year	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
rawgit.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-01-12`	2 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
hubspot.com CloudFlare Inc ECC CA-2	`2019-12-04` - `2020-10-09`	10 months	crt.sh
ssl472428.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-10` - `2020-06-17`	6 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-03-14`	a year	crt.sh
g.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2019-09-23` - `2020-09-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
hubspot.net CloudFlare Inc ECC CA-2	`2019-04-16` - `2020-04-16`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh
*.prfct.co DigiCert SHA2 Secure Server CA	`2019-09-03` - `2021-10-27`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
ssl803643.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-06` - `2020-05-14`	6 months	crt.sh
ssl803670.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-06` - `2020-05-14`	6 months	crt.sh
ssl817706.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-01-21` - `2020-07-29`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
hubapi.com CloudFlare Inc ECC CA-2	`2020-01-21` - `2020-10-09`	9 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Frame ID: 2E3FE347C101F9238DD1E6FC99FA35D7
Requests: 120 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: C6571ED49A654D722541AA93AC7ED243
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html?origin=https%3A%2F%2Fwww.cybereason.com
Frame ID: 6984AA2F1F430A776369A4C52FBA94A5
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 933361AB6505F31C4175F45C89B428D6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

122
Requests

100 %
HTTPS

59 %
IPv6

32
Domains

45
Subdomains

39
IPs

8
Countries

5371 kB
Transfer

7942 kB
Size

13
Cookies

43 Outgoing links

These are links going to different origins than the main page.

URL: https://bitbucket.org/product/
Title: Bitbucket

Search URL Search Domain Scan URL

URL: https://www.oreans.com/themida.php
Title: Themida

Search URL Search Domain Scan URL

URL: https://www.autoitscript.com/site/
Title: CypherIT Autoit

Search URL Search Domain Scan URL

URL: https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
Title: Predator the Thief

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2019/05/exploit-kits-spring-2019-review/
Title: RIG Exploit Kit

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0344/
Title: Azorult

Search URL Search Domain Scan URL

URL: https://blogs.quickheal.com/stop-djvu-ransomware-ransom-shady-habits/
Title: STOP Ransomware

Search URL Search Domain Scan URL

URL: https://cyware.com/news/stop-ransomware-installs-azorult-trojan-onto-victims-systems-to-steal-credentials-c48f76dc
Title: deliver Azorult

Search URL Search Domain Scan URL

URL: https://github.com/xmrig/xmrig
Title: infamous, open source XMRig miner

Search URL Search Domain Scan URL

URL: https://www.acronis.com/en-us/blog/posts/acronis-discovers-new-autoit-cryptominer-campaign-injecting-windows-process
Title: not discovered until December 2019

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1189
Title: Drive-by Compromise

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059
Title: Command-Line Interface

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1053
Title: Scheduled Task

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1088
Title: Bypass User Account Control

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1503
Title: Credentials from Web Browsers

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1123
Title: Audio Capture

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1043
Title: Commonly Used Port

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1192
Title: Spearphishing Link

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1060
Title: Registry Run Keys / Startup Folder

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1165
Title: Startup Items

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140
Title: Deobfuscate/Decode Files or Information

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1081
Title: Credentials in Files

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1213
Title: Data from Information Repositories

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1132
Title: Data Encoding

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1064
Title: Scripting

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1023
Title: Shortcut Modification

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1089
Title: Disabling Security Tools

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1214
Title: Credentials in Registry

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1113
Title: Screen Capture

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1188
Title: Multi-hop Proxy

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204
Title: User Execution

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1107
Title: File Deletion

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1125
Title: Video Capture

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055
Title: Process Injection

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1045
Title: Software Packing

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1036
Title: Masquerading

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&title=The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware

Search URL Search Domain Scan URL

URL: https://twitter.com/cybereason
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybereason
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOm7AaB0HiNH4Phe66sK0Ew
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cybereason/
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cybereason/?hl=en
Title:

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://pixel-geo.prfct.co/tagjs?a_id=71641&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag

Request Chain 96

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_Ja4GTiI59D7zC8hz4

Request Chain 97

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_Ja4GTiI59D7zC8hz4&sigv=1&esig=2~62185779f740f1c2ebea7e9bc16463a6a0f8acde HTTP 302
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_Ja4GTiI59D7zC8hz4

Request Chain 98

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_Ja4GTiI59D7zC8hz4 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_Ja4GTiI59D7zC8hz4

Request Chain 99

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_Ja4GTiI59D7zC8hz4

Request Chain 100

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSmE0R1RpSTU5RDd6QzhoejQ HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 102

https://secure.adnxs.com/seg?t=2&add=8257847 HTTP 302
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D8257847

Request Chain 106

https://tracking.leadlander.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&referer=&fp=d2fff768385a51f6e295620ea70f0269 HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 117

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=1581256828955 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D994281%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware%26time%3D1581256828955%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=1581256828955&liSync=true

Request Chain 118

https://www.google-analytics.com/r/collect?v=1&_v=j80&a=659378432&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&ul=en-us&de=UTF-8&dt=The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=867220756&gjid=903010626&cid=967538408.1581256829&tid=UA-56367941-1&_gid=514242977.1581256829&_r=1&z=1949431427 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_gid=514242977.1581256829&gjid=903010626&_v=j80&z=1949431427 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427&slf_rd=1&random=3807851703

122 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware Show response
www.cybereason.com/blog/ 109 KB
22 KB 113ms
50ms Document
text/html 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

a5622206f247ec362f36a9c149d145f7f787fa071ad0d4d5bd6efbe91525450e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: www.cybereason.com
:scheme: https
:path: /blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
date: Sun, 09 Feb 2020 14:00:27 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d70ab002c7828c490d6b58352ea1ead051581256827; expires=Tue, 10-Mar-20 14:00:27 GMT; path=/; domain=.www.cybereason.com; HttpOnly; SameSite=Lax __cfruid=0a92de62b4433b218b68553e8ace1edfcef785e5-1581256827; path=/; domain=.www.cybereason.com; HttpOnly; Secure; SameSite=None
cf-ray: 56265ea31f6997c0-FRA
age: 56
cache-control: s-maxage=120,max-age=5
link: </hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css>; rel=preload; as=style
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-25183383277,P-3354902,L-14460236224,L-17583002703,L-5467046824,CW-14462747638,CW-17578879074,CW-6216123918,E-5348736541,E-5350539849,E-5350675680,PGS-ALL,SW-0,SD-2,B-5272851739
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config: BrowserCache-5s-EdgeCache-120s
x-hs-content-id: 25183383277
x-hs-hub-id: 3354902
x-powered-by: HubSpot
x-trace: 2B5890922C14B52CF5F06B2A7ACDED82B7C6FDCF45000000000000000000
server: cloudflare
content-encoding: br
cf-h2-pushed: </hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css>

GET
H2 200 combined-css-53d21895eccc93b9a88f9857ee7affca.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/ 352 KB
45 KB 23ms
0ms Stylesheet
text/css 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acf14d7a25665f70b32443d17bb91513f1b9fda78e249bc581a7212bcaaad9bd

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 178
status: 200
content-type: text/css
x-amz-request-id: 6E8B3C65B79297F8
x-amz-id-2: fOgQWYd4d1d+/IyA5Lwf24odp/2WJ6Yea98GUeT89eD4ozTN4M8Raum6K532ND3/wmeQPmXmRcI=
last-modified: Fri, 07 Feb 2020 20:10:46 GMT
server: cloudflare
etag: W/"53d21895eccc93b9a88f9857ee7affca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: CwMpzSZ_PlXkSl6TkDRKZnl2Jn9XX1cg
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 56265ea35fc897c0-FRA

GET
H2 200 jquery-1.11.2.js Show response
www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
32 KB 41ms
39ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 27eb501c8caff149895f88cac34554af.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 192018
x-cache: Hit from cloudfront
status: 200
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
cf-ray: 56265ea36fdf97c0-FRA
x-amz-cf-id: smWoIpZoOcIg9a9aUkpWdUz5Q3jcHFhMyd1DSPpQfsLerYdrugMAFw==

GET
H2 200 vyv2ljd.js Show response
use.typekit.net/ 20 KB
8 KB 150ms
136ms Script
text/javascript 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vyv2ljd.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-38-53-224.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

cd7908a80313043ae934d5f599a062460c50f94370cee5dc092e0cb9b8d123ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
access-control-allow-origin: *
date: Sun, 09 Feb 2020 14:00:27 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 7640

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 25 KB
10 KB 20ms
18ms Script
text/javascript 172.217.21.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f2.1e100.net

Software

cafe /

Resource Hash

b1e43308ad37fba80d03dac9a497a96febac77a457711dab836dcf12efb80cef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9855
x-xss-protection: 0
server: cafe
etag: 7067135177091508594
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 09 Feb 2020 14:00:27 GMT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 27ms
6ms Script
text/javascript 2606:2800:133:7403:4a68:7eff:710b:1ddf
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:7403:4a68:7eff:710b:1ddf , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: 16fa4e769ed159857fa8091ad5394560ed34bf07e33ee9b79ac0904b1680ae8f

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
X-cdn: ECST
Age: 1677
X-Cache: HIT
X-CDN-Proto: HTTP1
X-Li-Pop: prod-edc2
Content-Length: 55596
X-LI-UUID: raMMhi6/8RUwb5bChisAAA==
Last-Modified: Sun, 09 Feb 2020 13:32:30 GMT
Server: ECAcc (frc/8F0A)
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
X-LI-Proto: http/1.1
X-Li-Fabric: prod-lva1
Expires: Sun, 9 Feb 2020 14:32:30 GMT

GET
H2 200 cybereason-custom.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/5350539849/1569776480490/Custom/page/web_page_basic/ 5 KB
2 KB 33ms
31ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/5350539849/1569776480490/Custom/page/web_page_basic/cybereason-custom.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: caa333db2175837df41125b50f0c0169c55f919427ee2c6992e2566948e9e518

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 2255
status: 200
content-type: application/javascript; charset=utf-8
x-amz-request-id: F2C3858ED0C4821B
x-amz-id-2: uFANtJt21qLbKxYPnLI6kb3sG8jXcXTKDVWlf3zc70cgCWUu4iMK0qJEX6qIWICZfJv68z2G5YU=
last-modified: Sun, 29 Sep 2019 17:01:21 GMT
server: cloudflare
etag: W/"5ef74fad1c1382e5acb9ca424910aae0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: QSLj7gaEL7IC2nt4kS1_hdFjsekt2ki6
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 56265ea36fe097c0-FRA

GET
H2 200 readingTime.js Show response
cdn.rawgit.com/michael-lynch/reading-time/4255f585/src/ 7 KB
2 KB 109ms
8ms Script
application/javascript 151.139.237.11
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/michael-lynch/reading-time/4255f585/src/readingTime.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

6872a6c9c2a917ceeb92fefd3ef73cee7402a56689e1dbddf743b0aaa9e654c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"56c9e3f737fa6f093a52c954565840d65fba231a"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 slick.js Show response
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/ 87 KB
15 KB 18ms
17ms Script
application/javascript 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9baa573e4378873b7ac81ccb1d954ce9bb2b1a933947ad3012263ddc604d8505

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 193340
cf-ray: 56265ea36c61dfef-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:25:37 GMT
server: cloudflare
etag: W/"5afd4a91-15b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 29 Jan 2021 14:00:27 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.002

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
7 KB 15ms
14ms Stylesheet
text/css 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 196438
cf-ray: 56265ea36c5edfef-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:19:12 GMT
server: cloudflare
etag: W/"5afd4910-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Fri, 29 Jan 2021 14:00:27 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 LOGO-Web-Owl-Mono-Copy.png
www.cybereason.com/hs-fs/hubfs/ 4 KB
4 KB 40ms
39ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/LOGO-Web-Owl-Mono-Copy.png?width=306&name=LOGO-Web-Owl-Mono-Copy.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6561b2dd1e1b0f9b2f678dfd01a29e1174ec8ac628405a546e42b717a2d3388b

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f9.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 466998
cf-polished: origFmt=png, origSize=8547
edge-cache-tag: F-6694579067,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="LOGO-Web-Owl-Mono-Copy.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 4120
x-cache: Miss from cloudfront
last-modified: Mon, 03 Dec 2018 23:05:56 GMT
server: cloudflare
etag: "272c915f8898375baf0a61f20d6a437c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea36fe297c0-FRA
x-amz-cf-id: 1n9KlGhBEuSqhrP74taNl05C8ARXAdDFLH2Nrx534FceSMsIPQG3RA==
cf-bgj: imgq:85

GET
H2 200 CR%20Logo%20copy.png
www.cybereason.com/hs-fs/hubfs/Cybereason%20Logos/ 2 KB
2 KB 44ms
43ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Cybereason%20Logos/CR%20Logo%20copy.png?width=228&name=CR%20Logo%20copy.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4aeba3c62a91ed236d5acdc5ea52f5e051801379d306817ad8f4c850e550d2a

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a1157b69a14bebe8162237750a074faf.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 235012
cf-polished: origFmt=png, origSize=3695
edge-cache-tag: F-6696434934,FD-5166594488,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="CR%20Logo%20copy.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 1838
x-cache: Miss from cloudfront
last-modified: Tue, 04 Dec 2018 06:42:08 GMT
server: cloudflare
etag: "23310787edb9779a8e7eaeb7b306639b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea36fe397c0-FRA
x-amz-cf-id: FOuFJBs0Stc0v3YggETKhFbwU_gU7sgX_f0tJwqDjDfYplsiA9V03g==
cf-bgj: imgq:85

GET
H2 200 cr-owl-logomobile.png
www.cybereason.com/hs-fs/hubfs/Cybereason%20Files/images/ 5 KB
6 KB 128ms
120ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Cybereason%20Files/images/cr-owl-logomobile.png?width=220&name=cr-owl-logomobile.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a6e3510af52bd4c550e719eef6ae49cfd1ff4be530c8240b4c8233a2860747d

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 d4b41c13595dcfd327649d8cdea72ce8.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 438
cf-polished: origFmt=png, origSize=9128
edge-cache-tag: F-6598017767,FD-5348774744,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="cr-owl-logomobile.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-length: 5558
x-cache: Miss from cloudfront
last-modified: Fri, 23 Nov 2018 19:10:03 GMT
server: cloudflare
etag: "766b51e70e55d99809346026aba1e8ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4997a97c0-FRA
x-amz-cf-id: U0WIHBGncZ_SxdGhXvnhbaICDFZOTvqePh0U7_KcOl8jboR_BDeuwg==
cf-bgj: imgq:85

GET
H2 200 cr-nav-platform-cta-sm.png
www.cybereason.com/hubfs/Award%20Logos/ 45 KB
45 KB 153ms
144ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Award%20Logos/cr-nav-platform-cta-sm.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d111c83d2520fd8d1ec059493162072af6e97b725aa4b56eb846f09a01f8e9c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-19074217591,FD-5876486557,P-3354902,FLS-ALL
age: 5014
cf-polished: origFmt=png, origSize=49423
edge-cache-tag: F-19074217591,FD-5876486557,P-3354902,FLS-ALL
status: 200
content-length: 45704
content-disposition: inline; filename="cr-nav-platform-cta-sm.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
x-amz-request-id: 99CF5EB5330C54D4
x-amz-id-2: pxgujia/zvXePEhCCPbGT5wLYdQTRTn3LTSNYRfwtHtdODob/eOC5JET+DQYNmSsF30PyGC7UYw=
x-cache: Miss from cloudfront
last-modified: Wed, 23 Oct 2019 18:39:48 GMT
server: cloudflare
etag: "954ec251009f855ca41c27fb77257c50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: mzDN6bdznDFNk4FUdOIJrHxzn9JFsv4o
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 56265ea4997b97c0-FRA
x-amz-cf-id: vTHw_7MYBmC9sXhNCGfTMzeFaOXX_jmgr1zOrQEwJFiwjmhXORSBXg==
cf-bgj: imgq:85

GET
H2 200 Bitbucket-flow-payload.png
www.cybereason.com/hs-fs/hubfs/ 24 KB
25 KB 84ms
76ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Bitbucket-flow-payload.png?width=699&name=Bitbucket-flow-payload.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11882d7326b8b31c96c2a65a169077d5a422e51acfa38f6539dde06ade8a0a3a

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 443f1433224715dbc774145b9ac2efe4.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 21043
cf-polished: origFmt=png, origSize=58009
edge-cache-tag: F-25255994209,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="Bitbucket-flow-payload.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 24996
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:09 GMT
server: cloudflare
etag: "631a7662efe75e2a7c3cd8925e4275f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4997f97c0-FRA
x-amz-cf-id: d6trHZJPY2UM54Aqly5lBSTF0CNiXafQXAkSxlyn4VhyHGYtpmvUfw==
cf-bgj: imgq:85

GET
H2 200 image11-8.png
www.cybereason.com/hs-fs/hubfs/ 35 KB
35 KB 68ms
60ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image11-8.png?width=686&name=image11-8.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c29c6e99c7b2b3d033b8c91ded014e33a8f33c4b1a94ce5be443634a1b33626

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a075746ea1824aa1c02a5e26a9e968e5.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 86330
cf-polished: origFmt=png, origSize=66437
edge-cache-tag: F-25184878962,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image11-8.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 35464
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:11:08 GMT
server: cloudflare
etag: "d3e4cd6f8b3668c8283c4e530a5d1ec8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4998097c0-FRA
x-amz-cf-id: -33kDuYqXeca4WpQ6B3H-0b534wBdRazOu5NLWsxZTwbfLoDXRYABg==
cf-bgj: imgq:85

GET
H2 200 323.png
www.cybereason.com/hs-fs/hubfs/ 77 KB
78 KB 76ms
67ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/323.png?width=720&name=323.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fd3aeafe163a627d2a85d05fde0914cd6691d3a38c1c96b9759269748ac4e3f

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 e3e94284a800d30d02bd662be67e1bf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 192109
cf-polished: origFmt=png, origSize=124308
edge-cache-tag: F-25255990600,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="323.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 79320
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:09 GMT
server: cloudflare
etag: "ad16f0f47c8673b0689b400652c9b3ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4998197c0-FRA
x-amz-cf-id: 9NxWEgNo7M73RmMVI_TQ54BzuhZP27uxCLnvEVe7nacZ3LW0_Olk2w==
cf-bgj: imgq:85

GET
H2 200 image13-10.png
www.cybereason.com/hs-fs/hubfs/ 24 KB
24 KB 113ms
104ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image13-10.png?width=646&name=image13-10.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10c8e837e303c051521b9b37f9554dd6240ab7114e72b433a608c63190981a82

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 c5bb940b2890383b4ca2d8b74b68699a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453046
cf-polished: origFmt=png, origSize=41656
edge-cache-tag: F-25186982182,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image13-10.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 24176
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:11:12 GMT
server: cloudflare
etag: "35dd66fba7dfe96d1362cfe5a6da23e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a98797c0-FRA
x-amz-cf-id: NKVx7WrIbOuQuwkF7FYh_77I0hBAi6lbu9sNuWXWDtlzCeoiOWyyUg==
cf-bgj: imgq:85

GET
H2 200 image18-6.png
www.cybereason.com/hs-fs/hubfs/ 23 KB
23 KB 162ms
153ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image18-6.png?width=393&name=image18-6.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4ffb78b7dd5cb0c6945cacb50613c2d337467a948e4bbc6c52b5f6eddc6fcdb

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 157ebd6865840045fc8b5ed1cce7e466.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 201211
cf-polished: origFmt=png, origSize=39392
edge-cache-tag: F-25189439261,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image18-6.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 23264
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:56:21 GMT
server: cloudflare
etag: "0b7cdea554f47adb7baeee009d4680d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a98a97c0-FRA
x-amz-cf-id: Vab1FjtwkvruBaQd7As1HmR5HvhsGGxPEo_7G4Vhdou1dd2Vh7hWBQ==
cf-bgj: imgq:85

GET
H2 200 image3-15.png
www.cybereason.com/hs-fs/hubfs/ 24 KB
24 KB 117ms
109ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image3-15.png?width=392&name=image3-15.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401c9b70e5d307754e9e827467d605055d628e4750b4c5517ce01ae345a4e438

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 d9057c384f4ac5ba2672d2ff44de7e09.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453047
cf-polished: origFmt=png, origSize=41311
edge-cache-tag: F-25186982220,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image3-15.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 24536
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:56:20 GMT
server: cloudflare
etag: "78081763afa571a50f87827e3512d1b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a98c97c0-FRA
x-amz-cf-id: juuLWrL2RCKtZ-OwwXUsAUdWyGZlAuqVL62J-bSIvpvT5y4ntvjLqw==
cf-bgj: imgq:85

GET
H2 200 image7-10.png
www.cybereason.com/hs-fs/hubfs/ 117 KB
117 KB 72ms
64ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image7-10.png?width=408&name=image7-10.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0fd51224b1d13f188aea6ed2d1302715113a30ec1c3fa86832fd794da8bfbdc

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 e06a155936c216d176543a7a25710ed0.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453047
cf-polished: origFmt=png, origSize=184798
edge-cache-tag: F-25187046746,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image7-10.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 119426
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:11:09 GMT
server: cloudflare
etag: "c1441d23f867aa2bf4f4ed1029513282"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a98d97c0-FRA
x-amz-cf-id: fvmpm1gy5baJnnHWAbLoF1btc_OvjH40q_PsBNgxWFdd61NRcHQVJg==
cf-bgj: imgq:85

GET
H2 200 image10-9.png
www.cybereason.com/hs-fs/hubfs/ 64 KB
65 KB 52ms
44ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image10-9.png?width=651&name=image10-9.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45c64ea3d734248bebbacb96a948c048e179faf157b5c1f954e2cf026e8abed6

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453047
cf-polished: origFmt=png, origSize=109332
edge-cache-tag: F-25189538768,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image10-9.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 65816
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:07:50 GMT
server: cloudflare
etag: "4eaf023e47e2b1b065f791cf7aa5fc34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea4a98f97c0-FRA
x-amz-cf-id: k7A-QY-boCMKB2XNp6Quj3LT4_uI6JoXUV9E14TYf59sDKCt0ghRfg==
cf-bgj: imgq:85

GET
H2 200 Untitled78.png
www.cybereason.com/hs-fs/hubfs/ 27 KB
28 KB 62ms
53ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Untitled78.png?width=705&name=Untitled78.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27ef2c61be6a75e15b748baa2034da2c60d69251340fa1c1e154c11dcdd15e4c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 8d6071bd169bbf5fd46638140132b1d1.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 370397
cf-polished: origFmt=png, origSize=49925
edge-cache-tag: F-25255994313,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="Untitled78.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 28072
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:05 GMT
server: cloudflare
etag: "0119c7860cb7d59aeded7207effef1f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a99097c0-FRA
x-amz-cf-id: 4ZVlzPkztQj5bofmfMz7TbR0spTwoGN6rr0d_C5oVRnhOQTHz2JZdA==
cf-bgj: imgq:85

GET
H2 200 image4-11.png
www.cybereason.com/hs-fs/hubfs/ 29 KB
30 KB 89ms
80ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image4-11.png?width=689&name=image4-11.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cddff6676ae0ed51fc0cd14bbd8746040e60b2d8a8fb1767524326783bf1c91

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 08f45c153a856ff7955174d0e6f60745.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 285586
cf-polished: origFmt=png, origSize=56489
edge-cache-tag: F-25189439840,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image4-11.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 30068
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:11:09 GMT
server: cloudflare
etag: "9191343d77ade0b20e3d54882481d3a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a99197c0-FRA
x-amz-cf-id: SsbHLhO9tJVN1qy0meMSTTqM4nRDYC6y8VYKtNcutAzZzgSaUCQ_UQ==
cf-bgj: imgq:85

GET
H2 200 Untitled554.png
www.cybereason.com/hs-fs/hubfs/ 36 KB
36 KB 65ms
57ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Untitled554.png?width=725&name=Untitled554.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6be9cc23d07c94f2fe6495028447f45df69fd585404cbdefb0881db8871e5d1c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a20436c6d109fe9002d093f519ad4399.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 370397
cf-polished: origFmt=png, origSize=65465
edge-cache-tag: F-25255994342,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="Untitled554.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 36754
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:09 GMT
server: cloudflare
etag: "42e0b2f18b9c304a93fa167a17508746"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a99297c0-FRA
x-amz-cf-id: uvTN9JdBMTlt1aimmBfs2MVdsVJ1MObv9-hAlF9GNiZK36vay7NTEg==
cf-bgj: imgq:85

GET
H2 200 image5-12.png
www.cybereason.com/hs-fs/hubfs/ 19 KB
19 KB 84ms
76ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image5-12.png?width=696&name=image5-12.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ae9490acc86edb5534f6574794b70677821ff374ac7abaf312c0252c2c7dd3e

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 86330
cf-polished: origFmt=png, origSize=28949
edge-cache-tag: F-25189691883,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image5-12.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 18970
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:11:11 GMT
server: cloudflare
etag: "fb5e6b15a97d7554401a968139904fee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea4a99397c0-FRA
x-amz-cf-id: 6oWX3mp2A4pGQp0wG0j0dMcXKClU_1ctBTpmFK74r-QgRbSx5zbakw==
cf-bgj: imgq:85

GET
H2 200 Untitled7778.png
www.cybereason.com/hs-fs/hubfs/ 46 KB
47 KB 70ms
62ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Untitled7778.png?width=717&name=Untitled7778.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b41ef8407123b60dcd84982449456dee1cf935813e2c90bf623aec01c7959fc

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 09e7a54b3c0e42cf23f1deb97f4f6b95.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 370396
cf-polished: origFmt=png, origSize=78514
edge-cache-tag: F-25251432728,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="Untitled7778.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 47442
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:06 GMT
server: cloudflare
etag: "0f79576513a69754a68757571dcb50a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a99497c0-FRA
x-amz-cf-id: 67W7vGFtKzZkbQvK05-tnDOwf1tLrB1jNpcggZJKsCQyIctmJoev3Q==
cf-bgj: imgq:85

GET
H2 200 image9-9.png
www.cybereason.com/hs-fs/hubfs/ 103 KB
103 KB 141ms
133ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image9-9.png?width=600&name=image9-9.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cf885b6572807f0a6a456b0e7ce4cb803b93ba20953f9b33bb4c244f69015dc

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 38ecebcaa39c8742da2b6336935bb446.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453046
cf-polished: origFmt=png, origSize=178616
edge-cache-tag: F-25189439938,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image9-9.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 105206
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:56:20 GMT
server: cloudflare
etag: "dba8296e62409928e44161f6896c6f27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a99597c0-FRA
x-amz-cf-id: 3FCn1NE6fA1bS4HCcFuONPNM96kcNqXL0OkjmBE6e-30skwCldC6pQ==
cf-bgj: imgq:85

GET
H2 200 image2-16.png
www.cybereason.com/hs-fs/hubfs/ 77 KB
77 KB 158ms
150ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image2-16.png?width=600&name=image2-16.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64eb738e8ef295e5e6fb7b914f5b2dc8aa8f7863e1702ce66522a2ee8857fa41

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 530b01c2c88db2b27d295e2504b501cb.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 370396
cf-polished: origFmt=png, origSize=135547
edge-cache-tag: F-25189691962,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image2-16.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 78736
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:56:21 GMT
server: cloudflare
etag: "a6321755ef8fdca8662482f1c1f6fea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea4a99797c0-FRA
x-amz-cf-id: ZMPOZVBXQO-JCXyJDvYfN8fU6hru3bqzXyQzak3CmWooLRxaKZI1uw==
cf-bgj: imgq:85

GET
H2 200 image15-9.png
www.cybereason.com/hs-fs/hubfs/ 6 KB
6 KB 86ms
79ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image15-9.png?width=553&name=image15-9.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbd3e98a862addf8a21349bbd7d28115d2090256db7cf3f784ef106df2b6bfdb

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 6d4ee90b03b8194eed74421e603ee2a8.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453047
cf-polished: origFmt=png, origSize=11620
edge-cache-tag: F-25189539022,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image15-9.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 6126
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:45:41 GMT
server: cloudflare
etag: "eab8634c14f471db716f98f9c22d480b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a99a97c0-FRA
x-amz-cf-id: 2k-jeP2zPIZ6rIrxky63CJHlzgHOcWzLL0MdtKFn8MqnFaqTT-_AQQ==
cf-bgj: imgq:85

GET
H2 200 image6-10.png
www.cybereason.com/hs-fs/hubfs/ 63 KB
63 KB 69ms
61ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image6-10.png?width=600&name=image6-10.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f415da092fa95de3d2ba03e42ec5cb3f614c37781348cd56d27fd7c556fd33e8

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a075746ea1824aa1c02a5e26a9e968e5.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 304472
cf-polished: origFmt=png, origSize=105171
edge-cache-tag: F-25187047032,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image6-10.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 64278
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:56:21 GMT
server: cloudflare
etag: "dcac2505b55e060125a37f2821bfc0e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a99c97c0-FRA
x-amz-cf-id: xapph-XafRscUpensgIU8MJwDZAIrcL7beUXk439tXMoth_P-_2KvA==
cf-bgj: imgq:85

GET
H2 200 Untitledtrtr.png
www.cybereason.com/hs-fs/hubfs/ 14 KB
15 KB 86ms
79ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Untitledtrtr.png?width=729&name=Untitledtrtr.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 469c4e8e4f9d84a2faa61cf547c774955bb92b4972cc5b2b21bc79516397b072

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-25256445917,P-3354902,FLS-ALL
age: 372542
cf-polished: origFmt=png, origSize=38313
edge-cache-tag: F-25256445917,P-3354902,FLS-ALL
status: 200
content-length: 14170
content-disposition: inline; filename="Untitledtrtr.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
x-amz-request-id: 744739E5D7819A23
x-amz-id-2: 1SUe5hwQvqZ1QtcJquhdsbVGem0H+h9TmyVd5dVY4k5t2ydM0W1zmxjxFog8NvuTPEiX646Yx+0=
x-cache: Miss from cloudfront
last-modified: Tue, 04 Feb 2020 20:08:10 GMT
server: cloudflare
etag: "0ea734be092dda0764f1dea6b2a5581e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 6eTnbSt.qmda89HYvvLzZ3_zqvk7EupR
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 56265ea4a99f97c0-FRA
x-amz-cf-id: YOeqEEpfDB8ELbKs0vTM6C763eeocCzemudkaqCCpHBKxoMXlwH77g==
cf-bgj: imgq:85

GET
H2 200 image17-7.png
www.cybereason.com/hs-fs/hubfs/ 13 KB
13 KB 119ms
112ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image17-7.png?width=622&name=image17-7.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53765d81366cd20414de889dacc29e3d339bbf94e02586c096ace57994a4c8b4

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 041a4887d523cabe8177e269cc358163.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 304472
cf-polished: origFmt=png, origSize=21816
edge-cache-tag: F-25189692107,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image17-7.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 13468
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 19:07:48 GMT
server: cloudflare
etag: "f2300b0249f3fb7381fbc71aed49ebad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea4a9a197c0-FRA
x-amz-cf-id: -m8y6VPdlHV9sSCxsIeUgudMLnB-X4K7GhDng9yxNTAWKdTaafBHKw==
cf-bgj: imgq:85

GET
H2 200 image14-10.png
www.cybereason.com/hs-fs/hubfs/ 20 KB
20 KB 100ms
93ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image14-10.png?width=456&name=image14-10.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b10c867d1f3bc824b3d4189100552533c8e014fb2ca69b9133bac03e5c134b74

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 453047
cf-polished: origFmt=png, origSize=25446
edge-cache-tag: F-25189440142,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image14-10.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 20494
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 16:48:03 GMT
server: cloudflare
etag: "07cb172395323ba4aad492889fa45636"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 56265ea4a9a297c0-FRA
x-amz-cf-id: _0hnm-jrQIqSzeVCzEU9gJqMPFFWuttoM6WPSuSHcxt11GwYL9_oLQ==
cf-bgj: imgq:85

GET
H2 200 image20-6.png
www.cybereason.com/hs-fs/hubfs/ 124 KB
125 KB 63ms
55ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image20-6.png?width=610&name=image20-6.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4330b32438dd11b16c5beb395d7ee66119c0ef8671fe6e199c00ac02c91dd4c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 03c6bb07a0ba5f6bce71fe21ae4e3d78.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 201211
cf-polished: origFmt=png, origSize=187909
edge-cache-tag: F-25353006247,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="image20-6.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 127198
x-cache: Miss from cloudfront
last-modified: Thu, 06 Feb 2020 15:56:28 GMT
server: cloudflare
etag: "0d54370a8abc16161068479be7895856"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
accept-ranges: bytes
cf-ray: 56265ea4a9a497c0-FRA
x-amz-cf-id: UzINP4hyTU3yT-nFvGF6UMdtJfxHeRRYycmFqWvqvveAG8kKXgpY6Q==
cf-bgj: imgq:85

GET
H2 200 Untitledgfff5.png
www.cybereason.com/hs-fs/hubfs/ 14 KB
15 KB 66ms
58ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Untitledgfff5.png?width=736&name=Untitledgfff5.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 756fc0225c492547a1c36c83212b8240cd69ef52b3e77d2c66e448f168facbde

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 ac28147bf6a75debb0811f62b6224e6f.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 370396
cf-polished: origFmt=png, origSize=22007
edge-cache-tag: F-25256019430,P-3354902,FLS-ALL
status: 200
content-disposition: inline; filename="Untitledgfff5.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-length: 14796
x-cache: Miss from cloudfront
last-modified: Wed, 05 Feb 2020 06:00:08 GMT
server: cloudflare
etag: "0575d6ffbc06192601fc74dce2f4fd80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
accept-ranges: bytes
cf-ray: 56265ea4a9a597c0-FRA
x-amz-cf-id: rdFX0-kcNfB_X7g5ldUY9FilMt_F1Klu6VozWvJzAT463E7Nx7WHQQ==
cf-bgj: imgq:85

GET
H2 200 8f9b94bf-4e42-4183-8c05-5a9a79e85648.png
no-cache.hubspot.com/cta/default/3354902/ 2 KB
2 KB 192ms
162ms Image
image/png 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3354902/8f9b94bf-4e42-4183-8c05-5a9a79e85648.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c7ce4f588c0eaec970b9a89ff30fd5d82e194e6c7c6ca4fb251adcc660b900d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 03 Feb 2020 16:51:15 GMT
server: cloudflare
x-amz-request-id: F73DCCFE6585C78F
etag: "23d1d7e378b1e3f46b2f5d042cf3aef6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 56265ea4c999d6e1-FRA
content-length: 1605
x-amz-id-2: YcHifI/XwT6rfz0bcEyDQ77/bGGTf5hPvYV57+igmJwKf/ZeUE0ly/9pywj/23MX1P5mQZkcmeQ=

GET
H2 200 current.js Show response
www.cybereason.com/hs/cta/cta/ 9 KB
3 KB 136ms
135ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/cta/current.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fc3aa288e418b441ffa070d06efcda33580278d8c6bc7356521298fd79cd0f4

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 48c70f7a0c91fc5e8cb64d6c71ad9827.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 438
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Jan 2020 09:48:03 GMT
server: cloudflare
etag: W/"3ccef5e4c3ecb15acff69c7888ac7b1a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: hHRl.ObjM_NTV10ljVf0yWYOCYhOsOxp
cache-control: max-age=600
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
cf-ray: 56265ea3b84897c0-FRA
x-amz-cf-id: KKHtb2aMh-Ruyrm3ifsM5jgC6M6iZqMMgt_YaIRVKNMh_htMyk2LoQ==

GET
H2 200 soc-blue-fb.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
1 KB 216ms
209ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-fb.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b71a982dad86829660cef46a0467ecf81c34576eece4b297126a552902ef543c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665926,FD-5168280605,P-3354902,FLS-ALL
age: 192018
edge-cache-tag: F-5470665926,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-encoding: br
x-amz-request-id: 7966869494E46387
x-amz-id-2: wRHePJzp6X7tNs58lh4v3wT/v88PtIcREMuV3bE5CoDv5y9KwfRFRLlCG6xcgzUlsFQtowO805A=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"6a18b1cc988c1076e049cda4cbcd4153"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: kKljKdFH3buDh02hr4JKseZqGd9UNmJC
x-amz-cf-pop: FRA53-C1
cf-ray: 56265ea4a9a797c0-FRA
x-amz-cf-id: nES2Q6zcb-DHbj5HwRTlC0XYR8N9h98H8Bt2oPoM6zHlpeibkC06kw==

GET
H2 200 soc-blue-tw.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 4 KB
3 KB 93ms
87ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-tw.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 496f753f7e96c1427cf6e11d9c5f822a5f1f46b3c54b7429df9a195fa8362884

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 2f194b62c8c43859cbf5af8e53a8d2a7.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665934,FD-5168280605,P-3354902,FLS-ALL
age: 908239
edge-cache-tag: F-5470665934,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-encoding: br
x-amz-request-id: 2AFB962B2F9807AD
x-amz-id-2: PbR1SBO5B0mK76RPqhGH45kWG2Ck1IMkv79ZfgzxdqTlU4eT0x1jVUX6ZRDjN0tlbSa4p62xRx4=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"0b57c6649a05d662ec7f30d40940f833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: D3IpbdW8RRnzDTspH4xTHYjY3Gw9XB_2
x-amz-cf-pop: FRA2-C2
cf-ray: 56265ea4a9a997c0-FRA
x-amz-cf-id: _mY6NmglJvWH8z9E83ztNntWrGB9EqULV3Feng1-pKB9WGlInRBKgg==

GET
H2 200 soc-blue-li.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 6 KB
3 KB 89ms
82ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-li.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d52338fe73e62ffcfa568e9ea399ef0c88783883327b794eace9faa78febf8

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665927,FD-5168280605,P-3354902,FLS-ALL
age: 2099
edge-cache-tag: F-5470665927,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: 139E2075DA5C2293
x-amz-id-2: u9oG8qk7U5poea8FkeHKwbY1TGo0sRbXM+ESAG68PBtXUHQAEy94W7FWSuXo4NkNDp2SsbE1O7w=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"5e6c5282d1c524efcf53ed15f3d5bfcf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 4hkpKyRa8xBg1y3U4IHwCZVBen9AnWpx
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9aa97c0-FRA
x-amz-cf-id: 8gXUFrhiVZq0Hu6YC9bEeyI_EJPZkoCD2zXBgusmqHkafshxou8yiQ==

GET
H2 200 soc-blue-all.svg
www.cybereason.com/hubfs/Cybereason%20Images/ 2 KB
2 KB 84ms
78ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Cybereason%20Images/soc-blue-all.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebbf16975e8957d1e3b765a49226e95711b30af5852c253906c2f171325949b

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe27.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470665923,FD-5168280605,P-3354902,FLS-ALL
age: 2099
edge-cache-tag: F-5470665923,FD-5168280605,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: 79626A5FDBB05DC0
x-amz-id-2: ob/GXonAdvHc7pxjoJQBLcnN9Inr/R2EO1NUnOiS2Jel2SdquoleHPeUAqZDKzshHZjpxTlYfKM=
last-modified: Fri, 08 Dec 2017 19:35:35 GMT
server: cloudflare
etag: W/"9243f0c4bf7f108e60528f8e0d1c316a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: 9BhyX.B86mcN2azKUAqRU6M3GLg60M66
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9ab97c0-FRA
x-amz-cf-id: imQwHyVWqQ1fGs4RLdtQA6r6bitCZ7kArA--h9VYeozosm3cRD33FA==

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 80 KB
26 KB 51ms
23ms Script
application/javascript 2606:4700:10::6814:6e27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fdc62b86bb13c8c4776c372bf18e06356fed78dc785c2bb7f361be072453056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: e5s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 17817
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
last-modified: Sat, 01 Feb 2020 08:08:40 GMT
server: cloudflare
etag: W/"13f93-59d7f32b0419d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=172800
cf-ray: 56265ea4bf906461-FRA
cf-bgj: minify

GET
H2 200 back-to-blog.svg
www.cybereason.com/hubfs/ 1 KB
990 B 72ms
66ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/back-to-blog.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2432844517e2dd99a05c54b57aac9aac78553489b6111ace7c3d97b826af19ec

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 5f0256b858eb482d76fb1e14a1b7a667.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5470517914,P-3354902,FLS-ALL
age: 202145
edge-cache-tag: F-5470517914,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-encoding: br
x-amz-request-id: 3F36581207C6E178
x-amz-id-2: JM+16Humx8/VDRbJQ1WEktqy7qO/ZhIUeaONmuI1iV7tWEYEU5vPp/o2ZHVptSiOzq31euae/Bw=
last-modified: Fri, 08 Dec 2017 21:03:59 GMT
server: cloudflare
etag: W/"f8eec92543191f23fee7ab47394dc947"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: AQqdyWUpAjHHjtN7KvPODBFXJFuM5V8s
x-amz-cf-pop: WAW50-C1
cf-ray: 56265ea4a9ac97c0-FRA
x-amz-cf-id: zfNj6mlewJU1QHb5dE-4F4dDlMj0HcGvSrjECwVxcfvs1Kr9dZlbbw==

GET
H2 200 cr-logo.svg
www.cybereason.com/hubfs/ 7 KB
3 KB 93ms
87ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/cr-logo.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 173db45379b49d9271f8638f9f80936b5e74671a2bbb8376e394090ae9db931e

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c5.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21223925924,P-3354902,FLS-ALL
age: 5012
edge-cache-tag: F-21223925924,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: B9852A802F6921C4
x-amz-id-2: EbokLt1NT3eTvxkzzkQwhqmxN1+kzAL8/KV3dMsaPvFzivOazWOTqYuoAt6zGKJeI2NEV2Qe+tY=
last-modified: Thu, 14 Nov 2019 17:13:14 GMT
server: cloudflare
etag: W/"adecc79934699dcf241e9b6f8f8b280b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: B.7LxTlHESzhX6SLvf9EJR3NJ0vLM7Ei
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9ad97c0-FRA
x-amz-cf-id: Bscfc2k87AxwZrK-vVOH29kGZQdzTpxfaSqmQZbHtXqX4tx9tuYoew==

GET
H2 200 twitter.svg
www.cybereason.com/hubfs/social-icons/ 792 B
966 B 71ms
65ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/twitter.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0005cf2627e9e54179f90c78bbf355fccafb3907c4ae9e699bc09c4a57d75bf6

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232815295,FD-5415380040,P-3354902,FLS-ALL
age: 2254
edge-cache-tag: F-21232815295,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: 271E2E60DCB62DE6
x-amz-id-2: gHiiZWkF4X8/4VBempeeXpVgES5yfOhIE5K4WjhOR2gxs2qZsHsOaTRmpXJebNjK87SAihWFncc=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"14debb189e620cc0a3c4ea84a614b8d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: IMkvHwxtEDDIUOZjgxuxmMpUX.nX82Sy
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9ae97c0-FRA
x-amz-cf-id: jrMjODu3AZZXk_lOdW82rsAdmZr8hRjbKLKwApWIHqoCo8MbdSBF2g==

GET
H2 200 linkedin.svg
www.cybereason.com/hubfs/social-icons/ 529 B
875 B 66ms
60ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/linkedin.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fc1bd4c0666cad8d8af42cf8f26c59bc5535b3d907b4db560c7db627e1e5253

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232480017,FD-5415380040,P-3354902,FLS-ALL
age: 2254
edge-cache-tag: F-21232480017,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: B25590D16E6D57E7
x-amz-id-2: Yysjy9jm0eZZwnFTeXb3/l5ZUs1NDVxO52Hcow855pkOxSekf+07wyOFBBXhH/rZW3QvUC9Zbbc=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"847da66019040cba5b0aed254309f083"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: b893YG7fG7.uXMP.wuBYwG7bD7IigLB0
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9af97c0-FRA
x-amz-cf-id: 47qGqXorWti_uQI06S-uPshXvuK6jWr4QeNQKZ9QFUv5JyopfdkIdg==

GET
H2 200 youtube.svg
www.cybereason.com/hubfs/social-icons/ 729 B
849 B 60ms
54ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/youtube.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 312c7a4e3e547301e162c0bf3a7788cf8d52caf2668fbafc01351c9185b97ce4

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21232480018,FD-5415380040,P-3354902,FLS-ALL
age: 192018
edge-cache-tag: F-21232480018,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-encoding: br
x-amz-request-id: 580BDD54F4BF2849
x-amz-id-2: Er4lUkNjnm1RQDwHWeMPg2BkksQ7JiEosq/6WY9PjZaljTzzzj4H42tJ8obJlsoJ7MldRHkFzso=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"8c8a5ac2ddb60a58a59c7236297f35e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: FRY7VN7QoyOabw.AAGUdC1vw3qSDmi_m
x-amz-cf-pop: FRA53-C1
cf-ray: 56265ea4a9b097c0-FRA
x-amz-cf-id: FAkvGbje4sgyRTWVw3OSLP757t5x1nzwDlXwm_ZRU2NtkzqR7QJmLg==

GET
H2 200 facebook.svg
www.cybereason.com/hubfs/social-icons/ 433 B
698 B 85ms
80ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/facebook.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b329852f8f537591d001152e26a1b598ef4e4466fa10d859135843c307d5344e

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21224264479,FD-5415380040,P-3354902,FLS-ALL
age: 2254
edge-cache-tag: F-21224264479,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: B2257372163CBA21
x-amz-id-2: qVA4DACvAXq0Sj4JyR7qfB1xGeq4b9lQcnRUecHOfVFjaxLLhFQACIvy7j7pZwH2sxaCzr+o1pw=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"e97d7b693699cf2ee748031bf4de38f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: C89llISjlQVo62IUPVtqXB4yDzHnmHiT
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9b297c0-FRA
x-amz-cf-id: d7H1FxRzrJJ4EbD5VNAOgzul6InqOPuBb2g0ilKOB3LejadurzdIQQ==

GET
H2 200 instagram.svg
www.cybereason.com/hubfs/social-icons/ 2 KB
1 KB 61ms
55ms Image
image/svg+xml 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/social-icons/instagram.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 008a6b447b38fe87dac9127b3e47c83f89df61e8ac7285a7e86051ee89e99af9

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-21223960139,FD-5415380040,P-3354902,FLS-ALL
age: 2254
edge-cache-tag: F-21223960139,FD-5415380040,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
content-encoding: br
x-amz-request-id: C2175FD47740E975
x-amz-id-2: uOgfL/9Nrnki/jz1GoExwSa1+I0npDSTRp0EzYlo4DsTBRVi3qWurFhsX71g6CaxFfH7nElHF+A=
last-modified: Thu, 14 Nov 2019 17:24:01 GMT
server: cloudflare
etag: W/"a1012cd27290947d9af72c0ea4236beb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: q2McvAidvV50PdQS5eg2kQ60XsPr41Is
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4a9b497c0-FRA
x-amz-cf-id: TQdogitqvhJFXp0eKmHJumwPl81qQ2L8cBWY0MggzjLldnzKU-__ZQ==

GET
H2 200 index.js Show response
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.58/js/ 9 KB
3 KB 189ms
189ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.58/js/index.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cedae155229da805bc3f9b63a2123e5dce5fa27749e4f1fecbb99dcc7214331d

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 443f1433224715dbc774145b9ac2efe4.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 492920
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Mon, 03 Feb 2020 20:58:15 GMT
server: cloudflare
etag: W/"a5078af0466b0d0cade577c336e332c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: yIwJZSIABtpsv4d3cGf7VK3JzBO5akhT
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C2
cf-ray: 56265ea3c85897c0-FRA
x-amz-cf-id: sKuh9AhUz_4ZeFhaDn7vld0HUSwdUrCkp6Kj9xHZJLrcytcf9nWQ6A==

GET
H2 200 project.js Show response
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.10/bundles/ 1 KB
860 B 130ms
121ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/cos-i18n/static-1.10/bundles/project.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 b3e6aa6408d9b27acff39fa80612846a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 7665350
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Wed, 13 Sep 2017 02:51:30 GMT
server: cloudflare
etag: W/"0011aaf4067b097bcbfd9dc99a4b94c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: p6iak7Gl9Xyg7crK_8XyTwctOBvKD1DL
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD79-C2
cf-ray: 56265ea4997097c0-FRA
x-amz-cf-id: lLi1CcBmx-Xi6FkLEYHd3WlIecrpOBbSH03-q6iXq3O7SpgZHkNKEw==

GET
H2 200 v2.js Show response
www.cybereason.com/_hcms/forms/ 420 KB
106 KB 205ms
196ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_hcms/forms/v2.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca83bf6c4611e07ea8b93893694e16957cd66082de76afb1ee564fba6f055750

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 c242c974a465288488c7876cabca7752.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C2
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Thu, 30 Jan 2020 03:26:26 GMT
server: cloudflare
etag: W/"01f4b8448e5b99e492b97afdd1268a74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: gCHbnfLfRD6TgIiY4HAm19.GmuNmLHpw
cache-control: no-cache
access-control-allow-credentials: false
cf-ray: 56265ea4997697c0-FRA
x-amz-cf-id: lrGMascy3uMBc2f_IZnbmYN1GDcqFWPpnxiZa7IclXdQ5YfXQW6wTw==

GET
H2 200 module_6216123918_Related_Posts_-_Blog_Post.min.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/6216123918/1579617220947/ 611 B
552 B 58ms
49ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/6216123918/1579617220947/module_6216123918_Related_Posts_-_Blog_Post.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2832d2ff340e31dfb8300ecaf6967737af72f2c8981c895443abc7c6eaeb6993

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
age: 173
status: 200
content-type: application/javascript; charset=utf-8
x-amz-request-id: ABB000F4501A5E03
x-amz-id-2: 3NDxRLMieR/mgmkTt2Wehct0/B5k1lqJDi3ti6t5IbM4OOwzSYswQMDiTi0e2Qa3v/WgaSzmNQY=
last-modified: Tue, 21 Jan 2020 14:33:41 GMT
server: cloudflare
etag: W/"ca4367b687b17634cfcc1f04939ca9ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: kIGMZJ40wT8KiikGb4IC.HOF4sniO7JK
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 56265ea4997997c0-FRA

GET
H2 200 3354902.js Show response
www.cybereason.com/hs/scriptloader/ 1 KB
590 B 100ms
95ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 071595acbd7460eb2758df99bef4193a3037d2f2b48994853273dbbc12316e9f

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 437
x-trace: 2BD9EF815E89C1F66E7CCC44EDC697C0E126AB2B09000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=60
access-control-allow-credentials: false
cf-ray: 56265ea4a9b597c0-FRA
expires: Sun, 09 Feb 2020 13:54:10 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 6 KB
3 KB 12ms
7ms Script
application/x-javascript 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8bd397636ecd49c36d687ad591807ea5ee621b1e11888657827902a5003fc4bb

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Jan 2020 07:28:40 GMT
Server: AkamaiNetStorage
ETag: "522e4451790939ca385c10f4b474de63:1578382119.826889"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2617
Expires: Sun, 09 Feb 2020 14:20:27 GMT

GET
H/1.1 200
OK 58e26bc626b13471520000d9.js Show response
tag.marinsm.com/serve/ 38 KB
10 KB 29ms
7ms Script
text/javascript 151.101.112.65
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/58e26bc626b13471520000d9.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.65 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cowboy /

Resource Hash

154991194443aaeb774be577ea462c94fb6375d3926af0e00b6896581000a593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Age: 1301
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9671
X-Served-By: cache-hhn4022-HHN
Server: Cowboy
X-Timer: S1581256828.631530,VS0,VE0
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 11ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: KAozcYckAGhUNQtfx2I7e5QWWAeJFXdwwCc70jyYFFWO7izjJun1M+bAxve731kAK45qnN9bEHFQ6a320EsIHQ==
x-fb-trip-id: 1850256238
date: Sun, 09 Feb 2020 14:00:27 GMT, Sun, 09 Feb 2020 14:00:27 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 438ms
198ms Script
application/javascript 54.173.179.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.173.179.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-173-179-199.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 37787

GET
H2 200 hotjar-704918.js Show response
static.hotjar.com/c/ 8 KB
3 KB 26ms
21ms Script
application/javascript 147.75.33.131
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-704918.js?sv=6

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.33.131 Amsterdam, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress7

Software

Resource Hash

9bf6b50b027f548bdbee7832c82e9eccf6f129f22306661934b7329f0c13f388

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 115
status: 200
access-control-max-age: 600
section-io-cache: Hit
content-length: 2421
x-cache-hit: 1
x-frame-options: SAMEORIGIN
etag: W/55f8819c4071d9087a6fd19c53fe69c4
vary: Accept-Encoding
section-io-origin-status: 304
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.074
accept-ranges: bytes
section-io-id: 573b1b72a9410ce36c51b7f48c7f9706
section-origin-responded: true

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/ 2 KB
1 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=1581256827587&cv=9&fst=1581256827587&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&tiba=The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

476edc3ceabe88503911ddb6b58cbc0d5d6ce3ed385d550db726550e9d52c5da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1069
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 l
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/ 16 KB
16 KB 21ms
7ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16112

GET
H2 200 l
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/ 16 KB
16 KB 37ms
23ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16252

GET
H2 200 l
use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/ 15 KB
15 KB 33ms
20ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "865da7d2ecc4da3cb6bd5574f01738cfc5c8bb11"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15448

GET
H2 200 l
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/ 16 KB
16 KB 28ms
15ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16652

GET
H2 200 l
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/ 17 KB
17 KB 31ms
18ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 17148

GET
H2 200 l
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/ 16 KB
16 KB 36ms
23ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 16456

GET
H2 200 l
use.typekit.net/af/cfbead/0000000000000000000146b3/27/ 23 KB
23 KB 36ms
24ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "122498e3424e674610da39fb441d661549879239"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 23248

GET
H2 200 l
use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/ 15 KB
15 KB 26ms
13ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/vyv2ljd.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "13c2813ff67959226aaa4eccfcdd1399bd756b8d"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15336

GET
H2 200 bitbucket-blog-image.png
www.cybereason.com/hubfs/ 187 KB
188 KB 58ms
57ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/bitbucket-blog-image.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8428fc44304ff2164bf98b92e6b567c3b0553463cb2b9733fcbf1580901fb0d7

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-25194305921,P-3354902,FLS-ALL
age: 460289
cf-polished: origFmt=png, origSize=319438
edge-cache-tag: F-25194305921,P-3354902,FLS-ALL
status: 200
content-length: 191352
content-disposition: inline; filename="bitbucket-blog-image.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
x-amz-request-id: 78669B29AD150EB6
x-amz-id-2: MuF/UQjMULZV+wdkL1uMA3cBZze6HBS1m4Xg/qjuLwyuYu6CnJNP4q1o/22mQxgnTrnflrlbqJY=
x-cache: Miss from cloudfront
last-modified: Mon, 03 Feb 2020 18:49:36 GMT
server: cloudflare
etag: "c016a4b5f3d7bd43229225d0ea458c81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: WW1NyU5d8L.zyzSl_b1s4j7tQAewb7yU
x-amz-cf-pop: FRA53
accept-ranges: bytes
cf-ray: 56265ea4b9b897c0-FRA
x-amz-cf-id: hrgo2uuRzOtSf77N4_5tmt5CHxkhGgD9jWU13_JBYgy_n49Tzzcb7A==
cf-bgj: imgq:85

GET
H2 200 CR_Owl_Web_Mono@3x.png
www.cybereason.com/hubfs/ 8 KB
8 KB 55ms
55ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/CR_Owl_Web_Mono@3x.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cbf6e27293c523afe11d21dad446397ed4ad9c7da2a537cdd986ff3b1b4cbef

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 fd4e0938b4c73969ed42c5d06bb1bd81.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-9105202110,P-3354902,FLS-ALL
age: 286262
cf-polished: origFmt=png, origSize=33164
edge-cache-tag: F-9105202110,P-3354902,FLS-ALL
status: 200
content-length: 7772
content-disposition: inline; filename="CR_Owl_Web_Mono@3x.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
x-amz-request-id: A18FB661F19A0E33
x-amz-id-2: dGDeTb4FpF3DsTa/eC49PgDbKf/hGM94piPJ2IHOryVCFFjRUNcrGSP2XhTpAwa1gZRrzinKg1E=
x-cache: Miss from cloudfront
last-modified: Wed, 24 Apr 2019 17:39:57 GMT
server: cloudflare
etag: "b659bda1fc8f2df36acf622c9d9331c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: iyRnBn_O0GUZbIH3l_mSf75s_.btUs_c
x-amz-cf-pop: CDG3-C1
accept-ranges: bytes
cf-ray: 56265ea4b9b997c0-FRA
x-amz-cf-id: d5GuuEm5PzEMZ2JT_RCD8yluL620ALMxfx-MiaRQwREWJDGQ-aFc9Q==
cf-bgj: imgq:85

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 33ms
20ms Font
application/octet-stream 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
cf-cache-status: HIT
age: 919002
cf-ray: 56265ea4ce1e0ea7-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 77160
last-modified: Thu, 17 May 2018 09:19:53 GMT
server: cloudflare
etag: "5afd4939-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
expires: Fri, 29 Jan 2021 14:00:27 GMT
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 DINNextLTPro-MediumCond.woff
cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/ 50 KB
51 KB 47ms
28ms Font
application/font-woff 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Files/fonts/DINNextLTPro-MediumCond.woff
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b293e4c10e7df359f78a8c4f0b5106f2bfa3d8b6de7e43441724849c3734d38

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-5348526345,P-3354902,FLS-ALL
age: 193060
edge-cache-tag: F-5348526345,P-3354902,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 53
content-encoding: gzip
content-type: application/font-woff
x-amz-request-id: 3F77C923BF538303
x-amz-id-2: Y3kovo0va6/7AteAjhWmrCL5/wxbGgftn3Ge/g+04CmfLcs7Ww/llUZNVlT/T7CdiujtKoVa914=
last-modified: Sun, 08 Oct 2017 14:12:38 GMT
server: cloudflare
etag: W/"169de8bbeb4aa5db5f87b95f2ab95714"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: sGlGR.53wqPoExj8Omwf.6WtxL86SIC7
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: FRA6-C1
cf-ray: 56265ea4dd591f19-FRA
x-amz-cf-id: 9YVw4vdWYhdheY5jgBmPqeymecqm40o1yzSLsgwJnns6G6iFRkjhsA==

GET
H2 200 -F63fjptAgt5VM-kVkqdyU8n1i8q0g.ttf
fonts.gstatic.com/s/ibmplexmono/v5/ 36 KB
18 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexmono/v5/-F63fjptAgt5VM-kVkqdyU8n1i8q0g.ttf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128cfa4458d1c804e935930664e96ff59b16139513d6492b6ee031916862246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Tue, 04 Feb 2020 16:31:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 422951
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18109
x-xss-protection: 0
last-modified: Tue, 16 Jul 2019 02:44:46 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Feb 2021 16:31:16 GMT

GET
H/1.1 200
OK p.gif
p.typekit.net/ 35 B
367 B 35ms
14ms Image
image/gif 2a02:26f0:64:186::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.19.2&app=typekit&e=js&_=1581256827700
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64:186::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Last-Modified: Thu, 10 Oct 2019 14:39:25 GMT
Server: nginx
ETag: "5d9f429d-23"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35
Expires: Mon, 21 Oct 2019 16:33:48 GMT

GET
H/1.1 200
OK pixel
tr.outbrain.com/ 43 B
333 B 364ms
91ms Image
image/gif 64.202.112.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.outbrain.com/pixel?marketerId=0027b8e5e3241bf8cc1be75fc37da5a0b4&obApiVersion=1.1&obtpVersion=1.1.8&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&optOut=false&bust=05089744440068038

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

64.202.112.63 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Type: image/gif;
Cache-Control: no-cache
Connection: close
X-TraceId: a6e0919564592b03bca427f473ed7358
Content-Length: 60

GET
H/1.1 200
OK pixel
amplifypixel.outbrain.com/ 43 B
314 B 381ms
95ms Image
image/gif 64.202.112.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://amplifypixel.outbrain.com/pixel?mid=0027b8e5e3241bf8cc1be75fc37da5a0b4&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&bust=06488447034392275

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

64.202.112.63 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:28 GMT
Cache-Control: no-cache
X-TraceId: 223ec25cd9a226dafbc460df1ff49af1
content-encoding: gzip
Content-Length: 60
Strict-Transport-Security: max-age=0; includeSubDomains;
Content-Type: image/gif;

GET
H2 200 116645602292181 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/116645602292181?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2d0b8b695591b12e644193cb057434de9bf6671ccaadd3626a2052dc967cb558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 114918
x-xss-protection: 0
pragma: public
x-fb-debug: 4CPrEpnTM92UpnVkqIlLSRYxzgjH5p75hI0u0W41IkGScG3xV3M8yqqU+Dc4flYg4PdfKUnAIsnSx6GvR9tSVA==
x-fb-trip-id: 1850256238
date: Sun, 09 Feb 2020 14:00:27 GMT, Sun, 09 Feb 2020 14:00:27 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/934771702/ 42 B
119 B 20ms
19ms Image
image/gif 2a00:1450:4001:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934771702/?random=1581256827587&cv=9&fst=1581256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&tiba=The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware&fmt=3&is_vtc=1&random=1873915170&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:27 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/934771702/ 42 B
110 B 23ms
23ms Image
image/gif 2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/934771702/?random=1581256827587&cv=9&fst=1581256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&tiba=The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware&fmt=3&is_vtc=1&random=1873915170&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:27 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.58256f2231d5f12d5589.js Show response
script.hotjar.com/ 401 KB
70 KB 23ms
23ms Script
application/javascript 147.75.102.13
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.58256f2231d5f12d5589.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.13 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress1
Software: /
Resource Hash: a7d99326f9ee65395de727ed07962283533e576f689973da3c48ddf475ee4403

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
content-encoding: br
content-type: application/javascript
age: 249268
status: 200
section-io-cache: Hit
content-length: 71324
last-modified: Thu, 06 Feb 2020 16:42:50 GMT
etag: "3d42eae93696941898dfb98bf07371e9"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.024
accept-ranges: bytes
section-io-id: 8052b164b99a9456cdcff161b4d312bf
section-origin-responded: true

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=71641&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag

107 B
436 B

30ms
30ms

Script
text/javascript

34.252.172.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 793fc397fef7e49522e43e020655cf3647b690848c0a2da1669912083a7f1680

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 107
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=71641&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 POS-Anchor-Recap-Blog-cropped.jpg
www.cybereason.com/hubfs/ 72 KB
72 KB 41ms
41ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/POS-Anchor-Recap-Blog-cropped.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3af1c1b1f77bfe63e967ccf3e6627770fbbd437e66146f72e64ddc469decfdc

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-23583453596,P-3354902,FLS-ALL
age: 5011
cf-polished: qual=85, origFmt=jpeg, origSize=117303
edge-cache-tag: F-23583453596,P-3354902,FLS-ALL
status: 200
content-length: 73428
content-disposition: inline; filename="POS-Anchor-Recap-Blog-cropped.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
x-amz-request-id: DFBE9455FA48C7EC
x-amz-id-2: +GNiiZ/7xffn1Zm2LVGdN5BrrTkz9ufw/dsqfHy1izq9VaKzT8oKoxks4j0psCPdnFicIVBm6mo=
x-cache: Miss from cloudfront
last-modified: Tue, 17 Dec 2019 14:24:01 GMT
server: cloudflare
etag: "374777f7de88274970eeb11ea5dad857"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: kBQWoKdUD7fpS.S220me6gPPyAYqYw_r
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 56265ea58ab797c0-FRA
x-amz-cf-id: hCVVd9Is4TDlqEkYkABjnIhhGzSEk-kiDwpFgC7cXTf93KiAQpwMSw==
cf-bgj: imgq:85

GET
H2 200 milan-degraeve-0ztvUdH5b-A-unsplash.jpg
www.cybereason.com/hubfs/ 3 MB
3 MB 64ms
64ms Image
image/webp 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/milan-degraeve-0ztvUdH5b-A-unsplash.jpg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7aaaef607fd666b5201c90c274524a44686d6e7f18f8b80937395decd4573509

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-23340752029,P-3354902,FLS-ALL
age: 156
cf-polished: qual=85, origFmt=jpeg, origSize=4089739
edge-cache-tag: F-23340752029,P-3354902,FLS-ALL
status: 200
content-length: 2918784
content-disposition: inline; filename="milan-degraeve-0ztvUdH5b-A-unsplash.webp"
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
x-amz-request-id: 20BE2A3752CAA100
x-amz-id-2: fbV9lxE17pjJbJW0JxKU3ySrt3P8lRmU2XgmpUG/39pRA1sEGZSlCGRFEWBthMYYzCHia5O5CL0=
x-cache: Miss from cloudfront
last-modified: Wed, 11 Dec 2019 10:29:01 GMT
server: cloudflare
etag: "8503c912009a9af5d7be5e956eaedcb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: G_tMfk17jG.cbKD2rxoT2bUZ.Yi3iaiI
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 56265ea58ab897c0-FRA
x-amz-cf-id: bImj45TB8m7qOtnpaJQjxeDeewGP9qdxLwX-tF2oiqTBSskk2lxJRQ==
cf-bgj: imgq:85

GET
H2 200 l
use.typekit.net/af/f2e356/00000000000000003b9b0ef5/27/ 35 KB
35 KB 8ms
7ms Font
application/font-woff2 23.38.53.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f2e356/00000000000000003b9b0ef5/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.53.224 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-53-224.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9af256cb88b39b1a3b6e36b50a7d7f3215db54331371bb53ed698450672ddcc8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
server: nginx
access-control-allow-origin: *
etag: "a0f0ee5943ccfb765480534c9add4201dba5a006"
content-type: application/font-woff2
status: 200
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 35932

GET
H2 200 cybereason-arrow.woff2
www.cybereason.com/hubfs/Fonts/ 2 KB
3 KB 38ms
38ms Font
application/font-woff2 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/Fonts/cybereason-arrow.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcaf54bc46707931d5bcfd93e5b1ac50a518dabb1748fb5155353b392f11c2f8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-20974772751,FD-5167100825,P-3354902,FLS-ALL
age: 5952
edge-cache-tag: F-20974772751,FD-5167100825,P-3354902,FLS-ALL
status: 200
content-length: 2200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 52
x-amz-request-id: 7AA65B772FFDB9FB
x-amz-id-2: oRrsvZtc+qntzAnupOeXWbSyaEJBo0wWMORVoXqoLNRceNlaTWSicQJISIA6hWpRZ1hMuniiTzI=
last-modified: Tue, 12 Nov 2019 18:05:03 GMT
server: cloudflare
etag: "28fb154fbabe25f37ef8bd98ec057a51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1209600, max-age=1209600
x-amz-version-id: nxxFbRZiJ0l5.6jBTiMaZGgmevb8x6Rg
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 56265ea59abb97c0-FRA
x-amz-cf-id: ejYCVDdKCsgWR6scMPzU5-_k31LolU8cLNc9YVoHTmy6D8w_UWILUg==

GET
H2 200 -F6qfjptAgt5VM-kVkqdyU8n3twJwlBFhw.ttf
fonts.gstatic.com/s/ibmplexmono/v5/ 37 KB
18 KB 6ms
6ms Font
font/ttf 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexmono/v5/-F6qfjptAgt5VM-kVkqdyU8n3twJwlBFhw.ttf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b66955d2f6a8fab43675c6a02f74f5d3914d07121b12396bc9308dbb00d78fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/1581106245018/combined-css-53d21895eccc93b9a88f9857ee7affca.css
Origin: https://www.cybereason.com

Response headers

date: Sat, 01 Feb 2020 09:57:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 705770
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18509
x-xss-protection: 0
last-modified: Tue, 16 Jul 2019 03:39:51 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 31 Jan 2021 09:57:37 GMT

GET
H2 200 sm.22.html
static.addtoany.com/menu/ Frame C657 0
0 28ms
28ms Document
text/html 2606:4700:10::6814:6e27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: static.addtoany.com
:scheme: https
:path: /menu/sm.22.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Response headers

status: 200
date: Sun, 09 Feb 2020 14:00:27 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dc0b4658566b2f2d7d1e3a1ba94b0e63e1581256827; expires=Tue, 10-Mar-20 14:00:27 GMT; path=/; domain=.addtoany.com; HttpOnly; SameSite=Lax; Secure
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Thu, 03 Oct 2019 06:59:00 GMT
etag: W/"70f-593fc1ec1791b"
cache-control: max-age=315360000, immutable
age: 190617
vary: Accept-Encoding
via: e5s
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 56265ea5d88d6461-FRA
content-encoding: br

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 38ms
38ms Script
application/javascript 2606:4700:10::6814:6e27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT
via: e5s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 190618
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000, immutable
cf-ray: 56265ea618df6461-FRA
cf-bgj: minify

GET
H2 200 /
www.facebook.com/tr/ 44 B
249 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=116645602292181&ev=PageView&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&rl=&if=false&ts=1581256827896&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1581256827895.819009752&it=1581256827733&coo=false&rqm=GET

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:27 GMT, Sun, 09 Feb 2020 14:00:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Sun, 09 Feb 2020 14:00:27 GMT

GET
H2 200 0caba5f8-036c-4fa7-83d6-166a0180e075 Show response
www.cybereason.com/_hcms/forms/embed/v3/form/3354902/ 18 KB
4 KB 177ms
177ms Script
application/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/_hcms/forms/embed/v3/form/3354902/0caba5f8-036c-4fa7-83d6-166a0180e075?callback=hs_reqwest_0&hutk=

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55d6848b24e12aee670106ec9ae429c980d5f55f971f22b9172d351bcf25cb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-trace: 2BF0B0686E78EEC70774EED3B9FD92E54348724B38000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
cf-ray: 56265ea69bfd97c0-FRA

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

33d3af3c99ff7d84b30764c9a5e44cec797f071771ac6a2d3b92615be6828d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 32rE/JX5fnyDcuTwKbLtWg==
status: 200
date: Sun, 09 Feb 2020 14:00:27 GMT, Sun, 09 Feb 2020 14:00:27 GMT
expires: Sun, 09 Feb 2020 14:20:25 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 1779
x-fb-debug: 5+ZDzpEPLEhqsFqi1fFLFXT17VV3n6zRwxtGKlDzSZHETlqmwvf+z8r9kB/eO7jLyfx8PWWkdCZhbiWYGMQErw==
x-fb-trip-id: 1850256238
x-fb-content-md5: 44639726bbb92d5de7be7c819fc2a6a3
etag: "012d2f44ba5aa2fa935311145fecd64e"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 9ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41A1) /
Resource Hash: 1a4dee2269258e980cfbc6965cca52520d51b0cf399cef6218e123c7620cafdc

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Feb 2020 23:55:53 GMT
Server: ECS (fcn/41A1)
Age: 473
Etag: "d6438f3ded1a231e0c47db28e12b2834+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 29101

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 4 KB
2 KB 58ms
19ms Script
application/javascript 2606:4700::6811:74b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:74b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbc6e6e201648a797a1a70459fb94149e8245fcac93a066963cbb08cb7f08ae3

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
via: 1.1 6c2e384f59feb64a0c739aee7f890066.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 239
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: gzip
x-amz-version-id: wLHxFQo4.UHGjY7LpiTI8YXD7oOxmPVx
last-modified: Tue, 28 Jan 2020 02:00:46 GMT
server: cloudflare
etag: W/"a3c820f15fc2d32ccf32bcded41dc23b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=600
x-amz-cf-pop: IAD89-C2
cf-ray: 56265ea70c79c286-FRA
x-amz-cf-id: 9nvnk-YsYyQTtfVZG1A5voAEc2k1IzKzfGRgcRCYQpoXdREvG-5peQ==

GET
H2 200 3354902.js Show response
js.hs-analytics.net/analytics/1581256200000/ 76 KB
26 KB 52ms
12ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1581256200000/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb89b9243e1a24adb734a4863b878f581594972d6e920261683844fb3fc8c12c

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 115
status: 200
x-amz-request-id: 850E2A2B42BD8BF8
x-amz-id-2: 8Z2eSRnac9I84GSmMRpfZLadI8VRZrbLk9Mn5AwkQ6rV8xokjbihCsN5SrMncrkNmk95bpD9sco=
last-modified: Tue, 21 Jan 2020 15:45:12 GMT
server: cloudflare
etag: W/"b2c0d0695f5b6b12170758de1bc10726"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-ray: 56265ea70a81d6e5-FRA
expires: Sun, 09 Feb 2020 14:03:33 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 377 KB
61 KB 147ms
127ms Script
application/javascript 2606:4700::6811:e7cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e7cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dfaff2f5d6e94657e0f881332caa67965b9cf78bd3b56767d48eaf23647633d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
via: 1.1 b051e9c33308597b659c33b8999b521d.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-C2
x-cache: Hit from cloudfront
status: 200
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
content-type: application/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2020 11:11:17 GMT
server: cloudflare
etag: W/"5a4b3524feb30251503c1dd69d357e81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 8UWSQh6JvjVvPe4AFvrC5AfctgtqAmWA
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 56265ea6eb17d6f1-FRA
x-amz-cf-id: IzTii_WhyzyOfFLJyinaGJTiJ4UAGbSCc5b9W27eAJdP7OQVoTgj2w==

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_Ja4GTiI59D7zC8hz4

43 B
556 B

209ms
144ms

Image
image/gif

104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_Ja4GTiI59D7zC8hz4

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Sun, 09 Feb 2020 14:00:28 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 28d85f948a73d16417aa90ad0f086691
x-transaction: 00a2e599002ad0db
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_Ja4GTiI59D7zC8hz4
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_Ja4GTiI59D7zC8hz4&sigv=1&esig=2~62185779f740f1c2ebea7e9bc16463a6a0f8acde
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_Ja4GTiI59D7zC8hz4

43 B
460 B

424ms
100ms

Image
image/gif

52.44.183.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_Ja4GTiI59D7zC8hz4
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.183.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-183-235.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

date: Sun, 09 Feb 2020 14:00:28 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
location: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_Ja4GTiI59D7zC8hz4
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status: 302
x-content-type-options: nosniff
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_Ja4GTiI59D7zC8hz4
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_Ja4GTiI59D7zC8hz4

43 B
183 B

19ms
19ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_Ja4GTiI59D7zC8hz4
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.174.3 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:28 GMT
via: 1.1 google
server: OXGW/16.174.3
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Sun, 09 Feb 2020 14:00:28 GMT
via: 1.1 google
server: OXGW/16.174.3
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_Ja4GTiI59D7zC8hz4
p3p: CP="CUR ADM OUR NOR STA NID"
status: 302
alt-svc: clear
content-length: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_Ja4GTiI59D7zC8hz4

0
239 B

99ms
19ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_Ja4GTiI59D7zC8hz4
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_Ja4GTiI59D7zC8hz4
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfSmE0R1RpSTU5RDd6QzhoejQ
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

32ms
31ms

Image
image/gif

34.252.172.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:28 GMT
server: HTTP server (unknown)
location: https://pixel-geo.prfct.co/cb?partnerId=goo
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 131ms
107ms Image
image/gif 34.252.172.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=8257847&source=js_tag&a_id=71641
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=8257847
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D8257847

43 B
1 KB

19ms
18ms

Image
image/gif

185.33.223.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D8257847

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.100 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

373.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 09 Feb 2020 14:00:30 GMT
AN-X-Request-Uuid: 916d4801-e308-4b8a-a7b5-f954641ee814
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 83.97.23.13; 83.97.23.13; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.183:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 09 Feb 2020 14:00:30 GMT
AN-X-Request-Uuid: 6d1e95ce-6b82-4992-9c59-46e924c4b883
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D8257847
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 83.97.23.13; 83.97.23.13; 373.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.85:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 187 KB
56 KB 49ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=45d860144e0ddb3a099ba501c2ea4718&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

11cd6af7d9b26a6b49560013e02297ffeaf51fd449645c89e62822d5f76f2520

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Origin: https://www.cybereason.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 0H6LmsToOTLyz14URurq1w==
status: 200
date: Sun, 09 Feb 2020 14:00:28 GMT, Sun, 09 Feb 2020 14:00:28 GMT
expires: Mon, 08 Feb 2021 13:53:50 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 56914
x-fb-debug: 8xA5WEffe2QMFdIERVXcsr28FbJ4EMNC7ks6jWIkOYIkYSxdHTzG08aHUMDYCqJWBHUzubVu5sd7Mr1uBfcpCg==
x-fb-trip-id: 1850256238
x-fb-content-md5: ea6cef6b6acd219d6f225c8dd4ae5983
etag: "106d26ef3080b728d78cc333ebd0e4a9"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html
platform.twitter.com/widgets/ Frame 6984 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html?origin=https%3A%2F%2Fwww.cybereason.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40D1) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 286041
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 09 Feb 2020 14:00:27 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Wed, 05 Feb 2020 23:46:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40D1)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 9333 0
0 23ms
22ms Document
text/html 147.75.102.231
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.231 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress10
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Response headers

status: 200
date: Sun, 09 Feb 2020 14:00:28 GMT
content-type: text/html
content-length: 851
last-modified: Wed, 29 Jan 2020 12:33:12 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.082
section-origin-responded: true
age: 955450
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 773b7231c0f0097e85f8a08c8a6db764

GET
H/1.1

200
OK

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=27717&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&referer...
https://tracking.leadlander.com/tracking.png

68 B
347 B

100ms
100ms

Image
image/png

52.21.56.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.21.56.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-21-56-60.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:27 GMT
Last-Modified: Wed, 26 Sep 2018 16:48:51 GMT
Server: Kestrel
ETag: "1d455b8cd761bc4"
Strict-Transport-Security: max-age=2592000
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Location: /tracking.png
Date: Sun, 09 Feb 2020 14:00:27 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=2592000

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 8ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=116645602292181&ev=Microdata&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&rl=&if=false&ts=1581256828405&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware%22%2C%22meta%3Adescription%22%3A%22Cybereason%20is%20following%20an%20active%20campaign%20to%20deliver%20multiple%20different%20types%20of%20malware%20to%20victims%20all%20over%20the%20world.%20This%20attack%20is%20able%20to%20steal%20data%2C%20mine%20for%20cryptocurrency%2C%20and%20in%20specific%20cases%20deliver%20ransomware.%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22Cybereason%20is%20following%20an%20active%20campaign%20to%20deliver%20multiple%20different%20types%20of%20malware%20to%20victims%20all%20over%20the%20world.%20This%20attack%20is%20able%20to%20steal%20data%2C%20mine%20for%20cryptocurrency%2C%20and%20in%20specific%20cases%20deliver%20ransomware.%22%2C%22og%3Atitle%22%3A%22The%20Hole%20in%20the%20Bucket%3A%20Attackers%20Abuse%20Bitbucket%20to%20Deliver%20an%20Arsenal%20of%20Malware%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cybereason.com%2Fhubfs%2Fbitbucket-blog-image.png%23keepProtocol%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1581256827895.819009752&it=1581256827733&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT, Sun, 09 Feb 2020 14:00:28 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Sun, 09 Feb 2020 14:00:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 24 Jan 2020 01:10:36 GMT
server: Golfe2
age: 5216
date: Sun, 09 Feb 2020 12:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17926
expires: Sun, 09 Feb 2020 14:33:32 GMT

GET
H2 200 loader-v2.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 7 KB
3 KB 172ms
172ms Script
text/javascript 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/loader-v2.js?cos=1&__hsfp=2430194794&__hssc=85683782.1.1581256828769&__hstc=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&canon=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&hsutk=54e9785f7c1cdcbba977ea5ea18a758e&pageId=25183383277&contentType=blog-post&pg=8f9b94bf-4e42-4183-8c05-5a9a79e85648&pid=3354902&sv=static-1.212&lag=1111&rdy=1&cos=1&df=a
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 262ddb02969bdba8cf7bf48936f317c6ea9e26bf64d32a659d34beb25f4c1dc7

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
x-trace: 2BA2A841069036B8D5E8382C37E2297BA61F9733F9000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 56265eabda5697c0-FRA
content-length: 2478
x-robots-tag: noindex, follow

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/ 23 B
595 B 151ms
129ms XHR
application/json 2606:4700::6811:c8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/json?portalId=3354902

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f621a831fe6b7b75cd96e10eb4c80311fff6a3948e4905d12a22032d5ec59b48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 23
server: cloudflare
x-trace: 2BE1B541AA624A443DE6CE495CA4E0387DA72028C4000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 56265eabfcc69ac8-FRA
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
354 B 27ms
25ms Image
image/gif 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=25183383277&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&cpi=25183383277&cgi=5272851739&lpi=25183383277&lvi=25183383277&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&t=The+Hole+in+the+Bucket%3A+Attackers+Abuse+Bitbucket+to+Deliver+an+Arsenal+of+Malware&cts=1581256828772&vi=54e9785f7c1cdcbba977ea5ea18a758e&nc=true&u=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&b=85683782.1.1581256828769&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56265eabdabed6e1-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
104 B 31ms
29ms Image
image/gif 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=0caba5f8-036c-4fa7-83d6-166a0180e075&fci=c5465707-a76a-4eb2-bbd3-73a883577320&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=25183383277&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&cpi=25183383277&cgi=5272851739&lpi=25183383277&lvi=25183383277&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&t=The+Hole+in+the+Bucket%3A+Attackers+Abuse+Bitbucket+to+Deliver+an+Arsenal+of+Malware&cts=1581256828774&vi=54e9785f7c1cdcbba977ea5ea18a758e&nc=true&u=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&b=85683782.1.1581256828769&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56265eabdac0d6e1-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
104 B 34ms
33ms Image
image/gif 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0caba5f8-036c-4fa7-83d6-166a0180e075&fci=c5465707-a76a-4eb2-bbd3-73a883577320&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=25183383277&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&cpi=25183383277&cgi=5272851739&lpi=25183383277&lvi=25183383277&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&t=The+Hole+in+the+Bucket%3A+Attackers+Abuse+Bitbucket+to+Deliver+an+Arsenal+of+Malware&cts=1581256828775&vi=54e9785f7c1cdcbba977ea5ea18a758e&nc=true&u=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&b=85683782.1.1581256828769&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56265eabdabfd6e1-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
1 KB 200ms
184ms XHR
application/json 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3354902&utk=54e9785f7c1cdcbba977ea5ea18a758e&__hstc=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&__hssc=85683782.1.1581256828769&contentId=25183383277&currentUrl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d167b96aaf665f044b36cd554d057ee6e747e5986787b83b411702805a9f20fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Origin: https://www.cybereason.com

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-ray: 56265eac0d161e47-FRA
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 09 Feb 2020 14:00:28 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40710
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
104 B 35ms
35ms Image
image/gif 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%228f9b94bf-4e42-4183-8c05-5a9a79e85648%22%2C%222ab975eb-6140-44fe-b8fd-3810c0126c73%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=25183383277&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&cpi=25183383277&cgi=5272851739&lpi=25183383277&lvi=25183383277&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&t=The+Hole+in+the+Bucket%3A+Attackers+Abuse+Bitbucket+to+Deliver+an+Arsenal+of+Malware&cts=1581256828954&vi=54e9785f7c1cdcbba977ea5ea18a758e&nc=true&u=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&b=85683782.1.1581256828769&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56265ead0f09d6e1-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=158125...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D994281%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthe-hole-in-th...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=158125...

0
58 B

165ms
165ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=1581256828955&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:29 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: HzK2XbXA8RXg7uoZRSsAAA==

Redirect headers

date: Sun, 09 Feb 2020 14:00:29 GMT
x-content-type-options: nosniff
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-li-uuid: DTjdUrXA8RVAfEkBqisAAA==
server: Play
pragma: no-cache
x-li-pop: prod-efr5
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=994281&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&time=1581256828955&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j80&a=659378432&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_gid=514242977.1581256829&gjid=903010626&_v=j80&z=1949431427
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427&slf_rd=1&random=3807851703

42 B
109 B

20ms
20ms

Image
image/gif

2a00:1450:4001:81a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427&slf_rd=1&random=3807851703

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:29 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 09 Feb 2020 14:00:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=967538408.1581256829&jid=867220756&_v=j80&z=1949431427&slf_rd=1&random=3807851703
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cta-loaded.js Show response
www.cybereason.com/hs/cta/ctas/v2/public/cs/ 0
147 B 207ms
207ms Script
text/plain 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3354902&pg=8f9b94bf-4e42-4183-8c05-5a9a79e85648&lt=1581256827660&dt=1581256828771&at=1581256828964&ae=1&sl=1&an=1
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/cta/cta/current.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:29 GMT
cf-cache-status: MISS
server: cloudflare
x-trace: 2B619ACB878068F4A60CB72CF508F423FC8131BDC8000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
status: 200
cache-control: no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials: false
cf-ray: 56265ead0bf097c0-FRA
x-robots-tag: noindex, follow

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
233 B 40ms
40ms Image
image/gif 2606:4700::6810:f905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=a325ca4c-77be-436f-b080-20ec8bd3654a&lfi=152417&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2430194794&v=1.1&a=3354902&pi=25183383277&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&cpi=25183383277&cgi=5272851739&lpi=25183383277&lvi=25183383277&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthe-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware&t=The+Hole+in+the+Bucket%3A+Attackers+Abuse+Bitbucket+to+Deliver+an+Arsenal+of+Malware&cts=1581256828996&vi=54e9785f7c1cdcbba977ea5ea18a758e&nc=true&u=85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1&b=85683782.1.1581256828769&pt=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 09 Feb 2020 14:00:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 56265ead3fe0d6e1-FRA
content-type: image/gif
content-length: 45
x-robots-tag: none

POST
H2 200 perf Show response
www.cybereason.com/_hcms/ 2 B
161 B 687ms
686ms XHR
text/plain 2606:4700::6811:88b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_hcms/perf
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:88b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Origin: https://www.cybereason.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 56265ebe8aaa97c0-FRA
date: Sun, 09 Feb 2020 14:00:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2BA1F12D174D214780C39604F73E989396BEAEF2DF000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.addtoany.com/	1970-01-19 07:15:43	Name: uvc Value: 1
.cybereason.com/	1970-01-19 16:35:52	Name: hubspotutk Value: 54e9785f7c1cdcbba977ea5ea18a758e
.cybereason.com/	1970-01-19 07:14:18	Name: __hssc Value: 85683782.1.1581256828769
.cybereason.com/	1970-01-19 15:46:55	Name: _hjid Value: 423c07dc-23ad-416e-874c-2e9d4468cb80
.cybereason.com/	1970-01-19 07:14:16	Name: _gat Value: 1
.twitter.com/	1970-01-20 00:45:28	Name: personalization_id Value: "v1_cQkFAZ0b3mFIFj4nh02fMw=="
.cybereason.com/	1970-01-19 16:35:52	Name: __hstc Value: 85683782.54e9785f7c1cdcbba977ea5ea18a758e.1581256828768.1581256828768.1581256828768.1
.cybereason.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cybereason.com/	1970-01-20 00:45:28	Name: _ga Value: GA1.2.967538408.1581256829
.cybereason.com/	1970-01-19 07:15:43	Name: _gid Value: GA1.2.514242977.1581256829
.cybereason.com/	1970-01-19 09:23:52	Name: _fbp Value: fb.1.1581256827895.819009752
.www.cybereason.com/	1969-12-31 23:59:59	Name: __cfruid Value: 0a92de62b4433b218b68553e8ace1edfcef785e5-1581256827
.www.cybereason.com/	1970-01-19 07:57:28	Name: __cfduid Value: d70ab002c7828c490d6b58352ea1ead051581256827

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware(Line 161) Message: Read time success

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
amplify.outbrain.com
amplifypixel.outbrain.com
analytics.twitter.com
api.hubapi.com
cdn.rawgit.com
cdn2.hubspot.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hsadspixel.net
js.hsleadflows.net
no-cache.hubspot.com
p.typekit.net
pixel-geo.prfct.co
pixel.prfct.co
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.hotjar.com
stats.g.doubleclick.net
t.sf14g.com
tag.marinsm.com
tr.outbrain.com
track.hubspot.com
tracking.leadlander.com
us-u.openx.net
use.typekit.net
vars.hotjar.com
www.cybereason.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
104.244.42.195
147.75.102.13
147.75.102.231
147.75.33.131
151.101.112.65
151.139.237.11
172.217.21.226
185.33.223.100
23.210.250.44
23.38.53.224
2606:2800:133:7403:4a68:7eff:710b:1ddf
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:6e27
2606:4700::6810:f905
2606:4700::6811:4104
2606:4700::6811:45b0
2606:4700::6811:74b0
2606:4700::6811:88b4
2606:4700::6811:c8cc
2606:4700::6811:e7cc
2606:4700::6811:f3cc
2a00:1288:f03d:1fa::4000
2a00:1450:4001:806::200e
2a00:1450:4001:808::2003
2a00:1450:4001:816::2004
2a00:1450:4001:81a::2003
2a00:1450:4001:820::2002
2a00:1450:400c:c00::9d
2a02:26f0:10c:382::25ea
2a02:26f0:64:186::19fd
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
34.252.172.232
34.95.120.147
52.21.56.60
52.44.183.235
54.173.179.199
64.202.112.63
69.173.144.138
0005cf2627e9e54179f90c78bbf355fccafb3907c4ae9e699bc09c4a57d75bf6
008a6b447b38fe87dac9127b3e47c83f89df61e8ac7285a7e86051ee89e99af9
071595acbd7460eb2758df99bef4193a3037d2f2b48994853273dbbc12316e9f
0ae9490acc86edb5534f6574794b70677821ff374ac7abaf312c0252c2c7dd3e
0c29c6e99c7b2b3d033b8c91ded014e33a8f33c4b1a94ce5be443634a1b33626
0d111c83d2520fd8d1ec059493162072af6e97b725aa4b56eb846f09a01f8e9c
10c8e837e303c051521b9b37f9554dd6240ab7114e72b433a608c63190981a82
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11882d7326b8b31c96c2a65a169077d5a422e51acfa38f6539dde06ade8a0a3a
11cd6af7d9b26a6b49560013e02297ffeaf51fd449645c89e62822d5f76f2520
128cfa4458d1c804e935930664e96ff59b16139513d6492b6ee031916862246e
154991194443aaeb774be577ea462c94fb6375d3926af0e00b6896581000a593
16fa4e769ed159857fa8091ad5394560ed34bf07e33ee9b79ac0904b1680ae8f
173db45379b49d9271f8638f9f80936b5e74671a2bbb8376e394090ae9db931e
1a4dee2269258e980cfbc6965cca52520d51b0cf399cef6218e123c7620cafdc
1a6e3510af52bd4c550e719eef6ae49cfd1ff4be530c8240b4c8233a2860747d
1cddff6676ae0ed51fc0cd14bbd8746040e60b2d8a8fb1767524326783bf1c91
1cf885b6572807f0a6a456b0e7ce4cb803b93ba20953f9b33bb4c244f69015dc
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2432844517e2dd99a05c54b57aac9aac78553489b6111ace7c3d97b826af19ec
262ddb02969bdba8cf7bf48936f317c6ea9e26bf64d32a659d34beb25f4c1dc7
27ef2c61be6a75e15b748baa2034da2c60d69251340fa1c1e154c11dcdd15e4c
2832d2ff340e31dfb8300ecaf6967737af72f2c8981c895443abc7c6eaeb6993
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cbf6e27293c523afe11d21dad446397ed4ad9c7da2a537cdd986ff3b1b4cbef
2d0b8b695591b12e644193cb057434de9bf6671ccaadd3626a2052dc967cb558
2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2fc3aa288e418b441ffa070d06efcda33580278d8c6bc7356521298fd79cd0f4
312c7a4e3e547301e162c0bf3a7788cf8d52caf2668fbafc01351c9185b97ce4
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
33d3af3c99ff7d84b30764c9a5e44cec797f071771ac6a2d3b92615be6828d61
359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50
365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc
3fc1bd4c0666cad8d8af42cf8f26c59bc5535b3d907b4db560c7db627e1e5253
3fd3aeafe163a627d2a85d05fde0914cd6691d3a38c1c96b9759269748ac4e3f
401c9b70e5d307754e9e827467d605055d628e4750b4c5517ce01ae345a4e438
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
45c64ea3d734248bebbacb96a948c048e179faf157b5c1f954e2cf026e8abed6
469c4e8e4f9d84a2faa61cf547c774955bb92b4972cc5b2b21bc79516397b072
476edc3ceabe88503911ddb6b58cbc0d5d6ce3ed385d550db726550e9d52c5da
496f753f7e96c1427cf6e11d9c5f822a5f1f46b3c54b7429df9a195fa8362884
4b293e4c10e7df359f78a8c4f0b5106f2bfa3d8b6de7e43441724849c3734d38
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c7ce4f588c0eaec970b9a89ff30fd5d82e194e6c7c6ca4fb251adcc660b900d
4dfaff2f5d6e94657e0f881332caa67965b9cf78bd3b56767d48eaf23647633d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
53765d81366cd20414de889dacc29e3d339bbf94e02586c096ace57994a4c8b4
55d6848b24e12aee670106ec9ae429c980d5f55f971f22b9172d351bcf25cb4f
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5ebbf16975e8957d1e3b765a49226e95711b30af5852c253906c2f171325949b
5fdc62b86bb13c8c4776c372bf18e06356fed78dc785c2bb7f361be072453056
64eb738e8ef295e5e6fb7b914f5b2dc8aa8f7863e1702ce66522a2ee8857fa41
6561b2dd1e1b0f9b2f678dfd01a29e1174ec8ac628405a546e42b717a2d3388b
66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a
6872a6c9c2a917ceeb92fefd3ef73cee7402a56689e1dbddf743b0aaa9e654c8
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6b41ef8407123b60dcd84982449456dee1cf935813e2c90bf623aec01c7959fc
6b66955d2f6a8fab43675c6a02f74f5d3914d07121b12396bc9308dbb00d78fe
6be9cc23d07c94f2fe6495028447f45df69fd585404cbdefb0881db8871e5d1c
70d52338fe73e62ffcfa568e9ea399ef0c88783883327b794eace9faa78febf8
7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384
756fc0225c492547a1c36c83212b8240cd69ef52b3e77d2c66e448f168facbde
765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985
793fc397fef7e49522e43e020655cf3647b690848c0a2da1669912083a7f1680
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7aaaef607fd666b5201c90c274524a44686d6e7f18f8b80937395decd4573509
8428fc44304ff2164bf98b92e6b567c3b0553463cb2b9733fcbf1580901fb0d7
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
8bd397636ecd49c36d687ad591807ea5ee621b1e11888657827902a5003fc4bb
9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b
97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c
9af256cb88b39b1a3b6e36b50a7d7f3215db54331371bb53ed698450672ddcc8
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9baa573e4378873b7ac81ccb1d954ce9bb2b1a933947ad3012263ddc604d8505
9bf6b50b027f548bdbee7832c82e9eccf6f129f22306661934b7329f0c13f388
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4aeba3c62a91ed236d5acdc5ea52f5e051801379d306817ad8f4c850e550d2a
a4ffb78b7dd5cb0c6945cacb50613c2d337467a948e4bbc6c52b5f6eddc6fcdb
a5622206f247ec362f36a9c149d145f7f787fa071ad0d4d5bd6efbe91525450e
a7d99326f9ee65395de727ed07962283533e576f689973da3c48ddf475ee4403
ab449241b50123673e76dbcd70f869ae11d26920f0ce1670fdfd266308058179
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acf14d7a25665f70b32443d17bb91513f1b9fda78e249bc581a7212bcaaad9bd
b10c867d1f3bc824b3d4189100552533c8e014fb2ca69b9133bac03e5c134b74
b1e43308ad37fba80d03dac9a497a96febac77a457711dab836dcf12efb80cef
b329852f8f537591d001152e26a1b598ef4e4466fa10d859135843c307d5344e
b71a982dad86829660cef46a0467ecf81c34576eece4b297126a552902ef543c
bb89b9243e1a24adb734a4863b878f581594972d6e920261683844fb3fc8c12c
bcaf54bc46707931d5bcfd93e5b1ac50a518dabb1748fb5155353b392f11c2f8
ca83bf6c4611e07ea8b93893694e16957cd66082de76afb1ee564fba6f055750
caa333db2175837df41125b50f0c0169c55f919427ee2c6992e2566948e9e518
cbc6e6e201648a797a1a70459fb94149e8245fcac93a066963cbb08cb7f08ae3
cbd3e98a862addf8a21349bbd7d28115d2090256db7cf3f784ef106df2b6bfdb
cd7908a80313043ae934d5f599a062460c50f94370cee5dc092e0cb9b8d123ef
cedae155229da805bc3f9b63a2123e5dce5fa27749e4f1fecbb99dcc7214331d
d0fd51224b1d13f188aea6ed2d1302715113a30ec1c3fa86832fd794da8bfbdc
d167b96aaf665f044b36cd554d057ee6e747e5986787b83b411702805a9f20fe
d3af1c1b1f77bfe63e967ccf3e6627770fbbd437e66146f72e64ddc469decfdc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f415da092fa95de3d2ba03e42ec5cb3f614c37781348cd56d27fd7c556fd33e8
f4330b32438dd11b16c5beb395d7ee66119c0ef8671fe6e199c00ac02c91dd4c
f621a831fe6b7b75cd96e10eb4c80311fff6a3948e4905d12a22032d5ec59b48

www.cybereason.com Open in urlscan Pro 2606:4700::6811:88b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

122 Requests

100 %HTTPS

59 %IPv6

32 Domains

45 Subdomains

39 IPs

8 Countries

5371 kBTransfer

7942 kBSize

13 Cookies

43 Outgoing links

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cybereason.com Open in urlscan Pro
2606:4700::6811:88b4 Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

100 %
HTTPS

59 %
IPv6

32
Domains

45
Subdomains

39
IPs

8
Countries

5371 kB
Transfer

7942 kB
Size

13
Cookies

122 HTTP transactions
1 data transactions