Home
Result
Report
Detail Analysis

Network Analysis

Download pcap

Hosts 2 DNS 1 TCP 1 UDP 5 HTTP(S) 4 ICMP 0 IRC 0 Suricata Snort

IP Address	Status	Action
162.159.133.233	Active	Moloch
164.124.101.2	Active	Moloch

Name	Response	Post-Analysis Lookup
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.129.233 A 162.159.130.233 A 162.159.133.233	162.159.130.233

TCP Requests
- 192.168.56.102:49163 162.159.133.233:443
  cdn.discordapp.com

UDP Requests

GET 200 https://cdn.discordapp.com/attachments/893177342426509335/899579981057916928/D0541226.jpg

REQUEST

GET /attachments/893177342426509335/899579981057916928/D0541226.jpg HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

RESPONSE

HTTP/1.1 200 OK Date: Tue, 19 Oct 2021 00:30:02 GMT Content-Type: image/jpeg Content-Length: 1023400 Connection: keep-alive CF-Ray: 6a05e53e8cab0f80-ICN Accept-Ranges: bytes Age: 55969 Cache-Control: public, max-age=31536000 ETag: "11c890d9dc3a850cd17697bb9b50e223" Expires: Wed, 19 Oct 2022 00:30:02 GMT Last-Modified: Mon, 18 Oct 2021 08:49:40 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634546980955498 x-goog-hash: crc32c=GjnjpA== x-goog-hash: md5=EciQ2dw6hQzRdpe7m1DiIw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1023400 X-GUploader-UploadID: ADPycdsStjvAGe0WlGV4ym-JHG9EzjoLN7XObVtwLse8EVNdwhwK42GFN-mFAh49nJbvcIDi2V8EJXB7V5y7BVuydgs X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yjflk3w1zzU8CCOC9GiTWiXCDn5oeJQ4MtITh5lwYTkFKdmeliSjERQc0hvCSGpZRsLjgvaNDUtJFdr6D5WNtCTPk4FioM9csiuMS8S7dKp1SX%2BLdJ6NrW21XFWv5dnJt3zhgw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 https://cdn.discordapp.com/attachments/893177342426509335/899579983847096320/8F5AF8B4.jpg

REQUEST

GET /attachments/893177342426509335/899579983847096320/8F5AF8B4.jpg HTTP/1.1 Host: cdn.discordapp.com

RESPONSE

HTTP/1.1 200 OK Date: Tue, 19 Oct 2021 00:30:02 GMT Content-Type: image/jpeg Content-Length: 1023400 Connection: keep-alive CF-Ray: 6a05e53f1d2b0f80-ICN Accept-Ranges: bytes Age: 55969 Cache-Control: public, max-age=31536000 ETag: "60dfef8287d117d180b11c2b35f5a82d" Expires: Wed, 19 Oct 2022 00:30:02 GMT Last-Modified: Mon, 18 Oct 2021 08:49:41 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634546981577758 x-goog-hash: crc32c=KqT8Ew== x-goog-hash: md5=YN/vgofRF9GAsRwrNfWoLQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1023400 X-GUploader-UploadID: ADPycduiWXBfchWG-JTbxinYaDrI7Vz3JTNiNMSugBPP89IdnruoWep-XORuGAmSuFEXenUlKCmIypjiQJI-OtCx-bM X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GYz%2FI0jFXwvvhQwZmYjbkJ9wbxLAx7g2Zpn70owfAXrfknz1APADPau7c6YGnHDTc7utMPODUIQc4mwr73NCtwIVh3pr8dVisDauPYZpq3V6C%2B5kkzaqujcL4fq50JjKgRLIw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 https://cdn.discordapp.com/attachments/893177342426509335/899579986283986974/61AD9E94.jpg

REQUEST

GET /attachments/893177342426509335/899579986283986974/61AD9E94.jpg HTTP/1.1 Host: cdn.discordapp.com

RESPONSE

HTTP/1.1 200 OK Date: Tue, 19 Oct 2021 00:30:02 GMT Content-Type: image/jpeg Content-Length: 1023400 Connection: keep-alive CF-Ray: 6a05e53fadbd0f80-ICN Accept-Ranges: bytes Age: 55968 Cache-Control: public, max-age=31536000 ETag: "9f46f937f474d89676193d3e97d1a55f" Expires: Wed, 19 Oct 2022 00:30:02 GMT Last-Modified: Mon, 18 Oct 2021 08:49:42 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634546982166329 x-goog-hash: crc32c=5bZuoA== x-goog-hash: md5=n0b5N/R02JZ2GT0+l9GlXw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1023400 X-GUploader-UploadID: ADPycdug4R53zldkVaMQA_MUNw9o1GWxcJtNS5jZD98ypNKJtmv0YeENlTNR1XVCtpoi1Q2V97oRYE6z7wAbKnaALuY X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5BNdAtU7Q1Cw48MlcuGyKq69O059mVy2EPll1CY%2FijXEfo9pi%2BYJlhVIWU6bYCqt31bMozgxq9aI0djQwohezmHRSYGDCM4jkgGAXkXt2L%2BRcBn9r6gp6UtaXmThLh%2BvRpifg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

GET 200 https://cdn.discordapp.com/attachments/893177342426509335/899579987907186728/7377E0AD.jpg

REQUEST

GET /attachments/893177342426509335/899579987907186728/7377E0AD.jpg HTTP/1.1 Host: cdn.discordapp.com

RESPONSE

HTTP/1.1 200 OK Date: Tue, 19 Oct 2021 00:30:02 GMT Content-Type: image/jpeg Content-Length: 558792 Connection: keep-alive CF-Ray: 6a05e5402e340f80-ICN Accept-Ranges: bytes Age: 55967 Cache-Control: public, max-age=31536000 ETag: "6a57069a6c312ebb9dce88439eacd3f6" Expires: Wed, 19 Oct 2022 00:30:02 GMT Last-Modified: Mon, 18 Oct 2021 08:49:42 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1634546982596645 x-goog-hash: crc32c=3teb3g== x-goog-hash: md5=alcGmmwxLrudzohDnqzT9g== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 558792 X-GUploader-UploadID: ADPycdt_IKwFtt8CuzI5RVwiZBjf5Dv3hCgbU0qMQiAFx8g7biXgQE7Ue-7bY8QSVx2Ln1bdLmuQygTEUp9lob1uWRw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZu%2Boigumd5v5aAQL739QiFLo2nAKoLRhoPswu3hl%2B9U6X%2Bun7akJD5SKbqi9UyEyJkVh%2B%2BgN3iCpPnbv%2BbuJvFzoKs94RtH%2FDxmCpgdR8ekIN3ACuV8w5d0B92ymjLnfEfrNQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare

BODY

request response

plaintext hex

16 bytes 32 bytes 48 bytes 64 bytes

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49163 -> 162.159.133.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49163 162.159.133.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da

Snort Alerts

No Snort Alerts