Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| discord.com | 162.159.136.232 |
- TCP Requests
POST
100
https://discord.com/api/webhooks/1103875906361118810/4y7iINqCCd1vB_5CHVi8bfs-VsURmj2vh2ZdBw9vV7iC_QaLM-Uzs73INWoN8KSw28mH
REQUEST
RESPONSE
BODY
POST /api/webhooks/1103875906361118810/4y7iINqCCd1vB_5CHVi8bfs-VsURmj2vh2ZdBw9vV7iC_QaLM-Uzs73INWoN8KSw28mH HTTP/1.1
Content-Type: multipart/form-data; boundary=----------51ae826e4bcd4ceb928e5afd1b60301c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: discord.com
Content-Length: 3001
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2035465 | ET INFO Observed Discord Domain in DNS Lookup (discord .com) | Misc activity |
| TCP 192.168.56.101:49167 -> 162.159.137.232:443 | 2035463 | ET INFO Observed Discord Domain (discord .com in TLS SNI) | Misc activity |
| TCP 192.168.56.101:49167 -> 162.159.137.232:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.101:49167 162.159.137.232:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | a3:ea:27:1a:3d:e8:8c:05:5e:1c:c8:1d:59:0e:d2:f2:a1:76:4d:2e |
Snort Alerts
No Snort Alerts