Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| cdn.discordapp.com | 162.159.135.233 |
No traffic
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.101:49161 -> 162.159.134.233:443 | 2035464 | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) | Misc activity |
| TCP 192.168.56.101:49161 -> 162.159.134.233:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.101:49161 -> 162.159.134.233:443 | 2035464 | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) | Misc activity |
| TCP 192.168.56.101:49161 -> 162.159.134.233:443 | 2035464 | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) | Misc activity |
| UDP 192.168.56.101:59002 -> 164.124.101.2:53 | 2035466 | ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) | Misc activity |
| TCP 192.168.56.101:49161 -> 162.159.134.233:443 | 2035464 | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts