Report - gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip

Report Overview

Submitted URL
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip
IP
172.65.251.78
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-08 22:20:54
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gitlab.com	17719	2004-01-15	2014-06-06	2024-05-07	536 B	76 kB	172.65.251.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip
IP
172.65.251.78
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
73 kB (73444 bytes)
Hash
c5bbdb599617e407636e5276a6c10775
e0fbbf5f78502c4d69363dc7d66f61d7e466c296
bc821144f1bd4898202a856ce0ef5cf7b00f23b9250b592efcdb53cdf344efff

Archive (89)

Filename

Md5

File type

ELCA.cfg

dd5960849d0e9ae4708014d31e41e2dd

JSON text data

._ELCA.cfg

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

eligiblecandidate.py

8233b379f68d8a67b617a61a2f72afdd

Python script, ASCII text executable

._eligiblecandidate.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

719209667fbdba2ddea59d04a1349864

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

4c2948003e7026ea54423cf004928760

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

api.py

f57aaa0a9c739dcdbe84009bc4ecbc89

Python script, ASCII text executable

._api.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

async.py

9f8e9b0bb751d7bde109ebfd4b2a2979

Python script, ASCII text executable

._async.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

auth.py

d98157d73d0b65c981b4ee6d612226b6

Python script, ASCII text executable

._auth.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

compat.py

c7550e517563be60c3028081c6285e2c

ASCII text

._compat.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

defaults.py

1f4a060cabe4b84ae315a38cf8f50035

Python script, ASCII text executable

._defaults.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

exceptions.py

50062861da3c2fdda0ae5b06fc929b2f

Python script, ASCII text executable

._exceptions.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

hooks.py

048dbafcca73e74e81e76fa63750dba1

Python script, ASCII text executable

._hooks.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

models.py

5029baeabe8eadd279a085fad03c053d

Python script, ASCII text executable

._models.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

e3a61528df2720827a83ae17b37074ae

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

7de68ab89f555c1a767f87b3aa9c3193

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

core.py

67507688595d15ad5c3ba76dd8b21f84

Python script, ASCII text executable

._core.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

monkeys.py

c1ef57ab758c326771c23c8f413814f5

Python script, ASCII text executable

._monkeys.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

structures.py

b453098639211ee3991dba174867fc92

Python script, ASCII text executable

._structures.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._oreos

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

9674ef0622f4e0737cb79277d46f72e8

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

_collections.py

ca7fa90625c1241a06723b4da84887c2

Python script, ASCII text executable

.__collections.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

connectionpool.py

492e9f119ec51bcc1ff85651b31f2bc3

Python script, ASCII text executable

._connectionpool.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

exceptions.py

69fdbc18451e87b732430a549fb9907a

Python script, ASCII text executable

._exceptions.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

filepost.py

d352d472c48685f6beb0fce8cce474d7

Python script, ASCII text executable

._filepost.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

9ff999f275483e0669aa22417e3a374f

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

8fb189128ba89f9668b9a544b9bd7671

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._mimetools_choose_boundary

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

six.py

19b5579cd4a5e777b9b7b728c1612bfe

Python script, ASCII text executable

._six.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

__init__.py

f40101734fd68497d4d231128e29b8a1

Python script, ASCII text executable

.___init__.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._ssl_match_hostname

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._packages

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

poolmanager.py

76fc209eac16983a2f59b24f71e9d333

Python script, ASCII text executable

._poolmanager.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

request.py

487141150de52d117a8c351b82dce748

Python script, ASCII text executable

._request.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

response.py

7bb15c9fa1a8269f7256bfa55c4d96a1

Python script, ASCII text executable

._response.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

util.py

6865e2c15dd2a1bb17fb95ead709d09c

Python script, ASCII text executable

._util.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._urllib3

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._packages

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

sessions.py

2264e384b9ee4f993fc8086f45885d7f

Python script, ASCII text executable

._sessions.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

status_codes.py

b8918f5cd4e6e9dfd287179694f1a53d

Python script, ASCII text executable

._status_codes.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

structures.py

2424c8aed729f6f301df86901ef13adc

Python script, ASCII text executable

._structures.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

utils.py

8abfb557490139dddb73776bf9a9e1cc

Python script, ASCII text executable

._utils.py

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._requests

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._fosho

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

setlog

2f17458f7ba54429bacfe622ad1b0837

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

._setlog

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._setlog

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

stager.sh

c00a49f821a264523fbf632301b75c34

POSIX shell script, ASCII text executable

._stager.sh

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

tiny-exec

49eed555717ffff5cc882ce753fc4ed6

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

._tiny-exec

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._tiny-exec

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._stage

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._ELCA

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

notes.txt

6e66b8d364e201c73fd2665938703488

ASCII text

._notes.txt

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

._40273

358835e24cd237ebadeb24bf70c48a52

AppleDouble encoded Macintosh file

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - file eligiblecandidate.py
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - Unique strings
YARAhub by abuse.ch	malware	meth_get_eip
Public Nextron YARA rules	malware	EQGRP Toolset Firewall - from files tinyexec
VirusTotal	malicious	VirusTotal - Scan result 23/60

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip

172.65.251.78

200 OK

73 kB

URL User Request GET HTTP/2
gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip
IP
172.65.251.78:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerSectigo Limited
Subjectgitlab.com
FingerprintF7:4E:F9:4C:4E:B4:FF:39:A2:19:F7:5D:40:CF:10:26:D7:E7:F2:99
ValidityFri, 12 Apr 2024 00:00:00 GMT - Sun, 11 May 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
73 kB (73444 bytes)
Hash
c5bbdb599617e407636e5276a6c10775
e0fbbf5f78502c4d69363dc7d66f61d7e466c296
bc821144f1bd4898202a856ce0ef5cf7b00f23b9250b592efcdb53cdf344efff

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/60

HTTP Headers

GET /exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40273.zip HTTP/1.1
Host: gitlab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 22:20:28 GMT
content-type: application/octet-stream
content-length: 73444
cache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
content-disposition: attachment
content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/ 'self' https://gitlab.com/assets/ blob: data:; connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com https://collector.prd-278964.gl-product-analytics.com snowplow.trx.gitlab.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/; img-src 'self' data: blob: http: https:; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; report-uri https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_environment=gprd; script-src 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://apis.google.com https://*.zuora.com/apps/PublicHostedPageLite.do 'nonce-Uf87H7E5YSWOmFvRl+sZuQ=='; style-src 'self' 'unsafe-inline'; worker-src 'self' https://gitlab.com/assets/ blob: data:
etag: "b5dc8bd5c5355fe7b2e2d1bd3e201b9f"
permissions-policy: interest-cohort=()
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-gitlab-meta: {"correlation_id":"01HXD4P35MP375XN2XHQWCXYSK","version":"1"}
x-permitted-cross-domain-policies: none
x-request-id: 01HXD4P35MP375XN2XHQWCXYSK
x-runtime: 0.094501
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
gitlab-lb: haproxy-main-09-lb-gprd
gitlab-sv: web-gke-us-east1-b
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4IhF8EBD4JVHNB0%2B1WNzDQpWEj2gnEm0F9iOPYEGXTguLdBRj%2FnBuKuFesoP672qMF4UZkj0DV3tvzcczImH2U%2BiUjfqk4SSUSgPqk%2BPWYNrXmG4b40fifS40Ho%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000
set-cookie: _cfuvid=GLi3PPSfWX2hFko9xozK.lpw2A3fEGjcIoEvSJ93f0E-1715206828492-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 880cd654682a5689-OSL
X-Firefox-Spdy: h2