Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cdn.discordapp.com | 162.159.129.233 |
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:05:23 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6d0afd7261c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:05:23 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycduEgPJ2S5H1y1E_kGzjVgaCWgEpjXYSvX2SMIEyiFcRKKyfCafmzNTw7_No8YW73OXwx5HcZWc2gd-4G-MF0mE
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bsi77hLi31hyCbxAl1BJMPCGUb9U9q8ZOOyt1UOKpzJ4JfDMPKKsQZZgceu3xgo%2FJD5NP8L8pPiYVni646BVAusV5qASX7JyvF1KpyUwGo7oxZ8zGWKdXdJEoe1iYt3g7Zjxfg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:05:33 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6d489c9761c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:05:33 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdsg0zsXugcvybfoB0E6cQSgn-qkr1iomIaF8OAmNTwuhBNH0xVbNt2JaTgtmiGvBOiaBCn68zBvN2vsONetsEo
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DZUNjgjxLoxx%2BG%2BWXvudcZo79USMe358Y%2F2rjLbGqIO11HkfVd8pTHStTHMVGl%2FRQNf3jIZRu8c%2FzhMru3S4WXH1in%2F51FsJ9DTIzXpkFpdRXP2XYQ6OkW9zyWaRdTY3U%2FFJRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:05:43 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6d87386061c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:05:43 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdvRpngwgdghBxzi7Bw9HW6g4FkUkl8aTjgdvoKMwZ62uXqBAR926Mf98Py1iiJWu-LPHIXhRcV6MkxOVNJX4cQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHAtF7ONtMRTPkHN7rBkn2mNeLaE1jgKov5%2FrBNnHvM%2FRUwe5RAThAqa%2BlUhCo2a9WMmFsZg8gIJh1HNM4A38XkBDhInDFfSWxCjXfULC0n9XzEEz4I4j8F4wD0OGYEbp3SIWg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:05:53 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6dc5cf6661c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:05:53 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdvpEZY1CwCxdebei5VrjSVQriSdNRbw0WCP_Y4zLRghlO2TlyUQgPTWIjhsa8RHTo_IhBvJxbuc6eAdeZSzGFUbVwIuPQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=juxqFaJ0jxLNbp6MlnsjLJLY78oP%2BIlVyXcU3gJmYfABSveanjZawnpkGl8RAl8VAN8qrTZaUxoSW21GPDSWiO1%2BdQNZsHjE7dTrBwbSs8c6BzL8dxIHdgaJAoYHaay%2FOhZuVw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:03 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6e04784961c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:03 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdtEodkjcroed99UHH5Rmg0K07lV58qqn2V0XvJmZXI33cuC330YKEl_lSD8PzztIY_mc-mxX2qfL20Me8uw01kSUEUEZQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RP9393e%2BWL54qi02nQ79WnH24d30G3lsIBrUDv8fBfN4NcrPq9lqq7B7TIsqWdMD%2FsGaa8JDdZA7lWtTzstjnWRYIlDqg99dk5FANWt5rqsDGs99F7v4PBQhAj6DYRfA%2FcnghQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:13 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6e43297761c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:13 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycds2JzkTJ9MOHFv5myhb8kLwwFPPGwlTnDPu2YU4WGbjMmB9wXqziC9gM_IoMZshDRNx2VsamC-bAl9VssXSK9CUQH5WUw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fBmKY7JQA8gcUdhWzCi3HTVowSKCZL7RPf5%2FvTqFH6XPiUD%2B9SB%2By%2FykfBKavmlOD%2Bf6VPMSU5OTSXODWyyrRCcbj2aI5k2GFdViMmVfSbME7eT0cC1bIfWOUiVMElzwNdp8A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:23 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6e81df8961c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:23 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycduynfKvuoucmCm7n8hezKvVFIdVJPjvNTVNWDv3oU3u3PdDFBgtuWH6qfdfyHce1MyFRquDwH-T0VYegwuHtfAalQKr-g
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvnYPHPB43NsCYs1PvRSvPfhBCSKz3AM9aG61kDzKWzUl%2BnhL1g48gqdvF0iI8hr%2FWf%2FE625q9OkODNMrEc25h1fLigoRUsbveMG7cZWmIl%2BFph5Xj1CiycHudH%2FOYyRIWt7Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:33 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6ec09d7a61c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:33 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdu3XL_ajysB_EcHORG-roeO1R0xp5jKJAtqcrbJ0MXJ9u6zVTtiRyJuO1IbiGrQLcgm5x3AS8dU_dWkPLi2w59OTi-Gkw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5o0MWjWf%2FmeXEKAsU5QvPGVHMLb81eJfCqW2yQZr1uHx9z209L9Y5L0T1NoQve1eqQgayHSrA%2BKXahdk5uvnZb0saBpqiGm2a7qEd6l1T%2BSnJFXwlV7e4DLzIZ0oepeZu%2F34w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:43 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6eff2cce61c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:43 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycduWVuL_ythL1Qb4-gGIKGE0eNe7iPXiwZMaXWhaYsV1E2KGNHnpbj-sS1qlAU2LO2e8-Nz3AE6cGX7b-3d8KyBFu_omQA
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXD9jKOHh2b5WtdJaZ%2F10kbX6C8npwYHJERSPesbOD5Ch6iXrh1hRiXBnLM8FXATNk8Ib%2FrtnYF723dwLoG2WDjI2giJ%2FhmW1sJ1c7a%2FUWCrXZH8XDZb6JPbMz9iEv3OVjYjEg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:06:53 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6f3dabce61c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:06:53 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdvamhFT2NMQ4gOG4Njaiau0vS-iLOnKWv0NsrYIArn_YmNsshCmr-5zUBH-YicRE44hXBebjuCcAKeuUjgcCOYheOXkQg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvXYQ4iZkV9%2Bi3xcxgzA5y%2BRFexSK3ZFIYIFxxmAVTDmo0qphySAqDoPF8MutYuTr%2Fw6OuN8ecV6W%2FX5ZCpeh%2FRNRONjUX20a5HgwISj8oa2A7QWjqmxH2Vk99snj8kjvACDJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
https://cdn.discordapp.com/attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt
REQUEST
RESPONSE
BODY
GET /attachments/856925952004063242/887741718500368394/Wqoqmxwsxttksdzrkzpmhvyndcocgqt HTTP/1.1
User-Agent: zipo
Host: cdn.discordapp.com
HTTP/1.1 403 Forbidden
Date: Fri, 17 Sep 2021 01:07:03 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 223
Connection: keep-alive
CF-Ray: 68fe6f7c6af061c4-ICN
Cache-Control: private, max-age=0
Expires: Fri, 17 Sep 2021 01:07:03 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-GUploader-UploadID: ADPycdsFUSg6vBAjeE-4FxuV0WV_iSFQD9gaMlmHFWCuFZolimwcKLBP7yTRwx5UCIojT9X9MK_47XADHURl0hIf5qt6T7oHlw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0zyydByskFTQEJfELCRdRqvS1BbwOtzxvw6DaNo4WtzKCLk8iZLfetaMixjMsUQNiyF1qnK%2BTFq0I20LfHg0Gbq32NFILlbswyWC1I%2BEI7x8uDfXp7trvpWrGmZEtUnrSOZWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49164 -> 162.159.133.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49164 162.159.133.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da |
Snort Alerts
No Snort Alerts