Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| whatismyipaddress.com | 104.16.154.36 | |
| cdn.discordapp.com | 162.159.133.233 | |
| mail.abagoodluck.com |
CNAME
abagoodluck.com
|
212.1.210.54 |
GET
200
https://cdn.discordapp.com/attachments/893177342426509335/898153339576021032/1C84D56B.jpg
REQUEST
RESPONSE
BODY
GET /attachments/893177342426509335/898153339576021032/1C84D56B.jpg HTTP/1.1
Host: cdn.discordapp.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 15 Oct 2021 01:01:47 GMT
Content-Type: image/jpeg
Content-Length: 1023400
Connection: keep-alive
CF-Ray: 69e51e42886a61be-ICN
Accept-Ranges: bytes
Age: 32831
Cache-Control: public, max-age=31536000
ETag: "43e8c0ab7694ce5ff32f01e1054745b2"
Expires: Sat, 15 Oct 2022 01:01:47 GMT
Last-Modified: Thu, 14 Oct 2021 10:20:43 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Cf-Bgj: h2pri
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1634206843095758
x-goog-hash: crc32c=UBspuw==
x-goog-hash: md5=Q+jAq3aUzl/zLwHhBUdFsg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1023400
X-GUploader-UploadID: ADPycdvvTIZyVnVULPZUS6UVmgyK1OBx4HPfSnkBY1nFE4hcQtVggh9ghrrxUCqbH8YOUn6tEZoK5pvsBip_XTHUJWBsyNJEBw
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SOrdUSZJrGATsx3%2BoO2lVz%2F2uotyip%2FYVivqpy0kk6UjmyLCCpgbObpN%2BF7i7M97LnqPW1GNINPec%2ByC5vF8gWyZUkvp9Oz8Rqtmu7wO1kmSBDxW1wkPYFk8Pc6xjTSOb0s5g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/893177342426509335/898153341647982662/F33830EF.jpg
REQUEST
RESPONSE
BODY
GET /attachments/893177342426509335/898153341647982662/F33830EF.jpg HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Fri, 15 Oct 2021 01:01:47 GMT
Content-Type: image/jpeg
Content-Length: 1023400
Connection: keep-alive
CF-Ray: 69e51e4308eb61be-ICN
Accept-Ranges: bytes
Age: 32831
Cache-Control: public, max-age=31536000
ETag: "e027123147f9c41e72c7dbe291823c1a"
Expires: Sat, 15 Oct 2022 01:01:47 GMT
Last-Modified: Thu, 14 Oct 2021 10:20:43 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Cf-Bgj: h2pri
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1634206843790898
x-goog-hash: crc32c=fuGmLQ==
x-goog-hash: md5=4CcSMUf5xB5yx9vikYI8Gg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1023400
X-GUploader-UploadID: ADPycdthWi0S76rk3FCeTpF6qYbH7oYxoiU-tXcu-RA-mY-dYWLmbk2Poc3bkYmLfe69G9VFawoAZkV6INBD4pczfm6301pJwg
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BjCzc4Qag%2FRzVr4QpnyDpsGycYz7mQNaQsTRmQXlyveDtZxw5hJy95n0E6bwXftBbEI1QdzEMRsGoQa8c%2BPqYWuPFai%2F%2FAdNdIMdcLUu2xZsQkHger%2BwbiuTyLtE3DmN%2BwVKA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
200
https://cdn.discordapp.com/attachments/893177342426509335/898153343401226240/FBC84B57.jpg
REQUEST
RESPONSE
BODY
GET /attachments/893177342426509335/898153343401226240/FBC84B57.jpg HTTP/1.1
Host: cdn.discordapp.com
HTTP/1.1 200 OK
Date: Fri, 15 Oct 2021 01:01:47 GMT
Content-Type: image/jpeg
Content-Length: 5171
Connection: keep-alive
CF-Ray: 69e51e43695e61be-ICN
Accept-Ranges: bytes
Age: 32831
Cache-Control: public, max-age=31536000
ETag: "ccd46a2b1cfbd17dafccd9f2ad5feda3"
Expires: Sat, 15 Oct 2022 01:01:47 GMT
Last-Modified: Thu, 14 Oct 2021 10:20:43 GMT
Vary: Accept-Encoding
CF-Cache-Status: HIT
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Cf-Bgj: h2pri
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1634206843977342
x-goog-hash: crc32c=HrB4TQ==
x-goog-hash: md5=zNRqKxz70X2vzNnyrV/tow==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5171
X-GUploader-UploadID: ADPycduadPee2jc5dVtIRciGbiBOqInnFgWMH7_1PaqTzmG2gsXhu7z4_3UgW0IE6I2NmTqVMfTDovRBGHIikpJf_JObYATzMQ
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0brF6jYaCy7ABLtYRQjCjEgnDb4UrAhTJuXn7dclB7%2FqPg%2F9lQXFjgSWDoFsS0Ds2d2DnIMCt97CcNbiTx353OkevGqWK06jkGuAHrmiJyvBAhbQGEltp0qu%2FHnkAR9Dxh9Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET
403
http://whatismyipaddress.com/
REQUEST
RESPONSE
BODY
GET / HTTP/1.1
Host: whatismyipaddress.com
Connection: Keep-Alive
HTTP/1.1 403 Forbidden
Date: Fri, 15 Oct 2021 01:01:50 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 69e51e56c84d0f60-ICN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49163 -> 162.159.135.233:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 212.1.210.54:587 -> 192.168.56.102:49169 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.102:49169 -> 212.1.210.54:587 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 212.1.210.54:587 -> 192.168.56.102:49176 | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
| TCP 192.168.56.102:49176 -> 212.1.210.54:587 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49163 162.159.135.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da |
|
TLSv1 192.168.56.102:49169 212.1.210.54:587 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=abagoodluck.com | 7f:6d:18:f5:04:64:14:6d:bf:be:b4:2b:16:26:ba:08:7c:6f:9d:c2 |
|
TLSv1 192.168.56.102:49176 212.1.210.54:587 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=abagoodluck.com | 7f:6d:18:f5:04:64:14:6d:bf:be:b4:2b:16:26:ba:08:7c:6f:9d:c2 |
Snort Alerts
No Snort Alerts