Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| discord.com | 162.159.128.233 |
- TCP Requests
GET
200
https://discord.com/channels/@me/990887447170793522/991802468818243614
REQUEST
RESPONSE
BODY
GET /channels/@me/990887447170793522/991802468818243614 HTTP/1.1
Host: discord.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Jul 2022 00:29:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 723b0786dc6a9307-ICN
Accept-Ranges: bytes
Cache-Control: private
Last-Modified: Thu, 30 Jun 2022 21:51:11 GMT
Set-Cookie: __dcfduid=e9bbffd0f8d411ecad62f734948ea9c1; Expires=Wed, 30 Jun 2027 00:29:47 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
CF-Cache-Status: HIT
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MjAyLDE3Niw4NCwxNTQsMTg1LDczLDkwLDY0' https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://*.gyfcat.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://origin-analytics-prod.production.braintree-api.com https://payments.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://*.gfycat.com https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://assets.braintreegateway.com https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://localhost:* https://*.discordsays.com; child-src 'self' https://assets.braintreegateway.com https://checkout.paypal.com;
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Permissions-Policy: interest-cohort=()
Set-Cookie: __sdcfduid=e9bbffd1f8d411ecad62f734948ea9c1362368a22dd28eff1474f4476d5f76b2fd314a882be143c8eb39d84e1df65d8b; Expires=Wed, 30 Jun 2027 00:29:47 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
X-Build-Id: 4bb0c7192f31b346becaac6b03c8eae2e7aa6553
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqVl%2BqN4aIH5G0p1Xp7Vg4fn8MKHz5JFE75rVAZmpEbssIeG6XF%2BdcCmmV7dGiivKzn%2BmbA3mLGYAQIa41PtoATG4R1eZBHvmhiK5yrKoojrjjAXOZ6QrseokUhn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:60117 -> 164.124.101.2:53 | 2035465 | ET INFO Observed Discord Domain in DNS Lookup (discord .com) | Misc activity |
| TCP 192.168.56.103:49163 -> 162.159.137.232:443 | 2035463 | ET INFO Observed Discord Domain (discord .com in TLS SNI) | Misc activity |
| TCP 192.168.56.103:49163 -> 162.159.137.232:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49163 162.159.137.232:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 7f:8c:3c:11:cb:b1:87:28:aa:1b:bf:7b:e0:d0:49:64:a6:d3:da:3a |
Snort Alerts
No Snort Alerts