{"report_id":"77641290-f7ab-4d32-ba1e-5c20e73abe64","version":6,"status":"done","tags":[],"date":"2025-05-09T02:06:29Z","url":{"schema":"http","addr":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","fqdn":"gitlab.com","domain":"gitlab.com","tld":"com"},"ip":{"addr":"172.65.251.78","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-18T02:06:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"gitlab.com","ip":{"addr":"172.65.251.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2004-01-15","domain_rank":17719,"first_seen":"2014-06-06T20:31:24Z","last_seen":"2025-05-02T18:16:19.347363Z","alert_count":1,"request_count":1,"received_data":41276450,"sent_data":539,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"d16871590f97878d1501cac8c2c5ca67","sha1":"bfb68816cdd79e76c0b4beb7516859c39a2c92d8","sha256":"1acadf954c444e54837eb3a27a794c037b873ac8185a1cc709683bf30b5d118d","sha512":"75ac98b78c02d5b6979974792eada54fd0a8504d52acb78f7e71557a5306eabd8475c9e157068c348fecff47f6ec6388110d4915dc5fab1942e3c85a30f7f92a","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":41273648,"url":{"schema":"https","addr":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","fqdn":"gitlab.com","domain":"gitlab.com","tld":"com"},"ip":{"addr":"172.65.251.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-09","alert":"Detect pe file that no import table","trigger":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d16871590f97878d1501cac8c2c5ca67","sha1":"bfb68816cdd79e76c0b4beb7516859c39a2c92d8","sha256":"1acadf954c444e54837eb3a27a794c037b873ac8185a1cc709683bf30b5d118d","sha512":"75ac98b78c02d5b6979974792eada54fd0a8504d52acb78f7e71557a5306eabd8475c9e157068c348fecff47f6ec6388110d4915dc5fab1942e3c85a30f7f92a","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":41273648,"url":{"schema":"https","addr":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","fqdn":"gitlab.com","domain":"gitlab.com","tld":"com"},"ip":{"addr":"172.65.251.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-09","alert":"Detect pe file that no import table","trigger":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-09","alert":"Detect pe file that no import table","trigger":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","fqdn":"gitlab.com","domain":"gitlab.com","tld":"com"},"ip":{"addr":"172.65.251.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-09T02:05:57.189Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe HTTP/1.1\r\nHost: gitlab.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 09 May 2025 02:05:57 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 41273648\r\ncf-ray: 93cda2807e850b02-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\ncache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60\r\ncontent-disposition: attachment\r\netag: \"88a5083d5345b543668d22c935099c64\"\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/ 'self' https://gitlab.com/assets/ blob: data:; connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com https://collector.prd-278964.gl-product-analytics.com snowplowprd.trx.gitlab.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/; img-src 'self' data: blob: http: https:; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; report-uri https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e\u0026sentry_environment=gprd; script-src 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://apis.google.com https://*.zuora.com/apps/PublicHostedPageLite.do 'nonce-0NRQU28KZG9mNdmW1e2FFg=='; style-src 'self' 'unsafe-inline'; worker-src 'self' https://gitlab.com/assets/ blob: data:\r\ngitlab-lb: haproxy-main-41-lb-gprd\r\ngitlab-sv: web-gke-us-east1-c\r\nnel: {\"max_age\": 0}\r\npermissions-policy: interest-cohort=()\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-gitlab-meta: {\"correlation_id\":\"01JTRKW9JNR93F7EP074RD5MJJ\",\"version\":\"1\"}\r\nx-permitted-cross-domain-policies: none\r\nx-request-id: 01JTRKW9JNR93F7EP074RD5MJJ\r\nx-runtime: 0.122401\r\nx-ua-compatible: IE=edge\r\nx-xss-protection: 1; mode=block\r\nset-cookie: _cfuvid=SduynWL8pEJpXw4OKe4Z5CghrPY5lYOAqW9Gqd5cpKE-1746756357615-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":41273648,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","md5":"d16871590f97878d1501cac8c2c5ca67","sha1":"bfb68816cdd79e76c0b4beb7516859c39a2c92d8","sha256":"1acadf954c444e54837eb3a27a794c037b873ac8185a1cc709683bf30b5d118d","sha512":"75ac98b78c02d5b6979974792eada54fd0a8504d52acb78f7e71557a5306eabd8475c9e157068c348fecff47f6ec6388110d4915dc5fab1942e3c85a30f7f92a","ssdeep":"","tlshash":"2001687fa36ccef1e94d04f404038902196910b827c04941def1503d2c70ae83c5af05","first_seen":"2025-05-09T02:06:30.141634Z","last_seen":"2025-05-09T02:06:30.141634Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-09","alert":"Detect pe file that no import table","trigger":"gitlab.com/softwarecloud/filestorage/-/raw/main/InstallerFull_1.4.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}],"urlquery":null}}]}