Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
d3js.org | 104.26.7.30 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: d3js.org
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:07:56 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d0a768ae876269b0c52930f6d4640bb531619150876; expires=Sun, 23-May-21 04:07:56 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:02 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68e-73411"
expires: Fri, 23 Apr 2021 03:59:37 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: 2834:0AEC:122E8E:1A6E67:6078D87B
CF-Cache-Status: HIT
Age: 497
cf-request-id: 099e82c7a6000036305baf2000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G9MDyVpnVrdqSRNS6fLv6DL8W7J8e4lDx0sHnlR7ZN9NH%2Bsk4EzuL5VBoqXVLHL%2Fmg3WsgoiOyh0DSPWDaNCnzm%2BxthBx1b1%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64443a52abd43630-LAX
GET
200
https://d3js.org/d3-scale-chromatic.v1.min.js
REQUEST
RESPONSE
BODY
GET /d3-scale-chromatic.v1.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:07:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=ddbfa71c574d9cb215b31b89f3ae49d811619150879; expires=Sun, 23-May-21 04:07:59 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-4d77"
expires: Fri, 23 Apr 2021 04:06:31 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: DF4E:1A22:10B2FA:178457:6078D6C1
CF-Cache-Status: HIT
Age: 427
cf-request-id: 099e82d2ef000036305db59000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ftdQfLkTJZWrEsj3EB9IW5OqG%2B5C1AdmnXjN6VV6%2BeIqXjoXkia6CnuhDRpQpSaVRkEv1gBGDqrTlnUgUJIqTc6fqPOzJ%2FxE3w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64443a64be2d3630-LAX
GET
200
https://d3js.org/d3-geo-projection.v2.min.js
REQUEST
RESPONSE
BODY
GET /d3-geo-projection.v2.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:07:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=ddbfa71c574d9cb215b31b89f3ae49d811619150879; expires=Sun, 23-May-21 04:07:59 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-ed31"
expires: Fri, 23 Apr 2021 04:08:05 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: CE72:10AD:73AA9:D9A8F:6078D85F
CF-Cache-Status: HIT
Age: 594
cf-request-id: 099e82d402000036305aa3e000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lUPhak7ALTCgFCXWlVxGwole%2B%2BeBQMWUJlsKq7AoIfOjGQNYJGLr2na4coqooCIPgvnVsITkEfB4oE8uKL%2F2%2BkIWbW8cDRK%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64443a666b103630-LAX
GET
301
http://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Apr 2021 04:07:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Apr 2021 05:07:55 GMT
Location: https://d3js.org/d3.v4.js
cf-request-id: 099e82c49c0000e7a80a257000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OcYv%2BLj9V8mr%2FfaR9xG3pMbGIUvCTBNqRyTV5j1mG%2BDnxUYu1kx3CMkMqz9vkPsy%2FyepmY5bRSRONSK6XDrwH3ecVLCnBDriPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
CF-RAY: 64443a4dca24e7a8-LAX
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 10831
Cache-Control: max-age=21600
Content-MD5: Ho7x5OFxPmXuon/IucKh7g==
Content-Type: text/xml
Date: Fri, 23 Apr 2021 04:08:54 GMT
Etag: 0x8D90364ECB23BC5
Last-Modified: Mon, 19 Apr 2021 18:57:05 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cee47390-e01e-00a3-7bdd-372163000000
x-ms-version: 2009-09-19
Content-Length: 13706
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 117.18.232.200:443 -> 192.168.56.101:49213 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49212 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49211 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49205 -> 104.26.6.30:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49205 104.26.6.30:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 40:54:0c:eb:15:85:8d:78:02:32:93:ed:70:bc:2f:24:63:a2:8a:2b |
Snort Alerts
No Snort Alerts