Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| discordapp.com | 162.159.130.233 |
POST
100
https://discordapp.com/api/webhooks/1164197415147020358/r6DHDEdEVlubS99_mqTR2EYAvLqIPvG1AA9kVN_oApRfIgXgxydFAbvOjcrA0W4bxbuR
REQUEST
RESPONSE
BODY
POST /api/webhooks/1164197415147020358/r6DHDEdEVlubS99_mqTR2EYAvLqIPvG1AA9kVN_oApRfIgXgxydFAbvOjcrA0W4bxbuR HTTP/1.1
Content-Type: multipart/form-data; boundary=----------ba6902f53c4d4c37aa7557426d5d8fa7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Host: discordapp.com
Content-Length: 2070
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2035466 | ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) | Misc activity |
| TCP 192.168.56.103:49165 -> 162.159.129.233:443 | 2035464 | ET INFO Observed Discord Domain (discordapp .com in TLS SNI) | Misc activity |
| TCP 192.168.56.103:49165 -> 162.159.129.233:443 | 906200022 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLS 1.2 192.168.56.103:49165 162.159.129.233:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=discordapp.com | 97:8b:ee:ad:1e:bf:a1:69:e7:94:29:f7:55:7a:29:64:19:c7:81:39 |
Snort Alerts
No Snort Alerts