Report - gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip

Report Overview

Submitted URL
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip
IP
172.65.251.78
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-20 01:29:24
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gitlab.com	17719	2004-01-15	2014-06-06	2024-04-19	536 B	18 kB	172.65.251.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip
IP
172.65.251.78
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 kB (15033 bytes)
Hash
8e62a5b5240171c8239c54622ea7a3e4
3a008ebb8b357a5e4d4017923be93fce51e235a2
8c7232b4714a3e921e33be7e6e59e034db587a7c08371e6e6e4c8e796a8c52c7

Archive (12)

Filename

Md5

File type

ELBO.config

4a5585ca075cbabb7045fe5f08415125

ASCII text, with very long lines (506), with CRLF line terminators

._ELBO.config

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

eligiblebombshell_1.2.0.1.py

4192f86dfea75943ca34b3fab937422c

Python script, ASCII text executable

._eligiblebombshell_1.2.0.1.py

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

shellcode.py

698373955a56edaa70c4b3f7001ee3f4

ASCII text, with very long lines (2206)

._shellcode.py

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

shellcode.pyc

31fce6fa52a9db01adf2ec18fa30b313

python 2.3 byte-compiled

._shellcode.pyc

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

._ELBO

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

notes.txt

89f841b3508e960966170a119888152d

ASCII text

._notes.txt

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

._40274

3e0a6dac0c81bd5a795085d3423f7b51

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files eligiblebombshell_1.2.0.1.py, eligiblebombshell_1.2.0.1.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file shellcode.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file shellcode.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Unique strings
VirusTotal	malicious	VirusTotal - Scan result 20/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip

172.65.251.78

200 OK

15 kB

URL User Request GET HTTP/2
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip
IP
172.65.251.78:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerSectigo Limited
Subjectgitlab.com
FingerprintFB:07:E4:E6:21:FA:07:5C:96:1B:66:1A:E2:99:AD:E7:68:1D:F5:D5
ValidityThu, 14 Dec 2023 00:00:00 GMT - Sat, 11 May 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 kB (15033 bytes)
Hash
8e62a5b5240171c8239c54622ea7a3e4
3a008ebb8b357a5e4d4017923be93fce51e235a2
8c7232b4714a3e921e33be7e6e59e034db587a7c08371e6e6e4c8e796a8c52c7

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 20/61

HTTP Headers

GET /exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40274.zip HTTP/1.1
Host: gitlab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 01:28:59 GMT
content-type: application/octet-stream
content-length: 15033
cache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
content-disposition: attachment
content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/ 'self' https://gitlab.com/assets/ blob: data:; connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com https://collector.prd-278964.gl-product-analytics.com snowplow.trx.gitlab.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/; img-src 'self' data: blob: http: https:; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; report-uri https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_environment=gprd; script-src 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://apis.google.com https://*.zuora.com/apps/PublicHostedPageLite.do 'nonce-mqk4inUOaI/kVmpobRi6Ow=='; style-src 'self' 'unsafe-inline'; worker-src 'self' https://gitlab.com/assets/ blob: data:
etag: "0ffe52e07e43a6858d1bf8401b449755"
permissions-policy: interest-cohort=()
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-gitlab-meta: {"correlation_id":"01HVWHXD7J6JMCZ0PNP8W956E3","version":"1"}
x-permitted-cross-domain-policies: none
x-request-id: 01HVWHXD7J6JMCZ0PNP8W956E3
x-runtime: 0.102145
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
gitlab-lb: haproxy-main-23-lb-gprd
gitlab-sv: web-gke-us-east1-d
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wz%2BPOkIe1oZEkaUDPkoExcuvcaLQTqti2AjPcLGryG3PxWV%2Bf9LqYTmsz7QafJ5y%2BqBrUF%2BAUa809IwUn%2BFwGYR4BtrGMUB6IJbWOa6Wk23k2mFWBDLr9Lse3vg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000
set-cookie: _cfuvid=hsB1MJ5W84J_iM3PPtx6yq.gF3q6AfSxVLpGjSVOzWM-1713576539204-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87715c58ddf0b4f7-OSL
X-Firefox-Spdy: h2