Report - cdn.discordapp.com/attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 04:33:36
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-17	641 B	55 kB	162.159.129.233
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-18	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
53 kB (53340 bytes)
Hash
08e829ba4f8d6fb048821404b34d2d5e
667390107bf4b4f077945e16aa8e93628d76838d
6f3751dfe352c5df16e64b80fa57018cdf011cb93c2c8eb617aca41b7200581b

Archive (16)

Filename

Md5

File type

bug_report.md

19dcdd1cd8633266aa38efdac488f7c3

ASCII text

feature_request.md

cc5c8c854a08d96e7dc387ae16b00b0b

ASCII text

.gitignore

cc578a6e40916306a71af789f6fc8616

ASCII text

README.md

21a41e7ffc16e67ca2eb82f6458c0551

Unicode text, UTF-8 text

builder.pyw

933734f9bbbc35f704856a7d4f38d267

Python script, ASCII text executable, with very long lines (2908)

clipboard.png

5928442bf2b7571ff23692278c7d3419

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

help.png

7a13e9fb75eb16d860d32808eb64ff36

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

home.png

0f46864fc6bef1e7fa7d23e9c3644d9c

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

luna.ico

d732d47fbcdd1d247a7460e87063f05b

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel

luna.png

81a4f936f4453da3d8613f26e49d2d64

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

luna.py

5558dc3ab4335b84f927379def297cc7

Python script, Unicode text, UTF-8 text executable, with very long lines (968), with CRLF line terminators

requirements.txt

997a3d961d4d27348c3433de154e5192

ASCII text, with CRLF line terminators

setup.bat

7e94a0c9f948f80fa7bd043b0641a35f

DOS batch file, ASCII text, with CRLF line terminators

obfuscation.py

ee17063bd2e29ac3d56641df002a132e

Python script, ASCII text executable, with very long lines (351), with CRLF line terminators

update.py

9b7414af3a32d4a12b8cea51a069bf30

Python script, Unicode text, UTF-8 text executable

upx.py

6cd4cb1bb1167132fab0354cf0ebe35e

Python script, ASCII text executable

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	suspicious	VirusTotal - Scan result 9/61

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

cdn.discordapp.com/attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29&

162.159.129.233

200 OK

53 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
53 kB (53340 bytes)
Hash
08e829ba4f8d6fb048821404b34d2d5e
667390107bf4b4f077945e16aa8e93628d76838d
6f3751dfe352c5df16e64b80fa57018cdf011cb93c2c8eb617aca41b7200581b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 9/61

HTTP Headers

GET /attachments/1230372049328013403/1230374568175079424/Luna-Grabber-main_1.zip?ex=6633169c&is=6620a19c&hm=425cca476005ed6a2037e8bdaad4b4147856ae54b468ca42da5a7d0881d82d29& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:33:11 GMT
content-type: application/zip
content-length: 53340
cf-ray: 8761ef6d1d5c56bf-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Luna-Grabber-main_1.zip"
etag: "08e829ba4f8d6fb048821404b34d2d5e"
expires: Fri, 18 Apr 2025 04:33:11 GMT
last-modified: Thu, 18 Apr 2024 04:29:16 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1713414556366969
x-goog-hash: crc32c=nz9X+g==, md5=COgpuk+Nb7BIghQEs00tXg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 53340
x-guploader-uploadid: ABPtcPoswoiEdfRps41MAfG8H35WfK4awhXADxzzJrWcw2ThG3iAmhoyF1BxftAns3DvsT4yCMxOz14HyQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hR353oZcxPh0hG%2B7VKNhWHec0%2Fl1dncuwjE8Lrc1MtvDzM24wfd37RFnQrS%2BQ60pfS2nOtL0rH6Gdj44mjIUqa82POutkhhvYvhBej4mbvdv0m22i4xUTGN6nZaL59GfMNy1rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=N1dtcRa0tSEj1s3dk3J_3y.fImsUYJTRqfZjz7OkDQ0-1713414791-1.0.1.1-aYDWU6b5BI2EVcuQlwrSBbqabb2rOeuOxSoK1kOuXeF_dfR_Illu1naYUlKIjcKcFDh97xDp_AVNPtumICbUtQ; path=/; expires=Thu, 18-Apr-24 05:03:11 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=fDop0Z_b9TXg1_5zueW6mQ_brApPnhM.hCLjIGCqOcQ-1713414791581-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=q_wxPx16OmOsQcHhgJV_YCfoJnNYKxk9G0ZxJJ3AbybQKu5JAWMTOUrQpaEG9AhbUKLRi_4W-Ski3euOu8IH_qBpzIIb3oaqSXdvW4cODH_acVdwXB_GaNJ7qlM-DZT5
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Thu, 18 Apr 2024 04:33:29 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 1
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (16)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers