Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
d3js.org | 104.26.6.30 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: d3js.org
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:39:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd21e81715ce9fbee79713d6c6eaf6cf81619152778; expires=Sun, 23-May-21 04:39:38 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:02 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68e-73411"
expires: Fri, 23 Apr 2021 03:59:37 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: 2834:0AEC:122E8E:1A6E67:6078D87B
CF-Cache-Status: HIT
Age: 580
cf-request-id: 099e9fce9c00003630c28a9000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1DLhpIAni2vCZcfVWKKuY7yi0xUvXPV7DXj4gxQdAQggr9IeaFg3GjmX8XqV28Ckq7IHeCckpH3n33ABsnOJw4xZZAk9OydRmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 644468c428ec3630-LAX
GET
200
https://d3js.org/d3-scale-chromatic.v1.min.js
REQUEST
RESPONSE
BODY
GET /d3-scale-chromatic.v1.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:39:41 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=de61a933d752a9237d724dcee238ac3861619152781; expires=Sun, 23-May-21 04:39:41 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-4d77"
expires: Fri, 23 Apr 2021 04:43:36 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: DF4E:1A22:10B2FA:178457:6078D6C1
CF-Cache-Status: HIT
Age: 365
cf-request-id: 099e9fd9ef00003630fc3df000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=e3s9R%2BLnZL87j2Aarp3RTnjH%2FYfLuYtwJ67Yn6gQ4Ouoi2krrCsmwbhMa%2FwN7Fj7nSSM6zd9kLP%2ByXCRLSFT1eyxV8cm3IoXrA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 644468d64a203630-LAX
GET
200
https://d3js.org/d3-geo-projection.v2.min.js
REQUEST
RESPONSE
BODY
GET /d3-geo-projection.v2.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:39:42 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dbb30102c03bcce04cac730222a977db21619152782; expires=Sun, 23-May-21 04:39:42 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-ed31"
expires: Fri, 23 Apr 2021 04:41:53 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: CE72:10AD:73AA9:D9A8F:6078D85F
CF-Cache-Status: HIT
Age: 469
cf-request-id: 099e9fdb3000003630a8abf000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1yI9lvbXnhY2iAj4TLu87%2FvUNXOcjyH2ssxrp1FrGx5MTDd71fKcwse%2BOJqwED2%2BM26OCqhZAPmAZ2hMiZyUaDRvxNCvJf6hGA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 644468d848583630-LAX
GET
301
http://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Apr 2021 04:39:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Apr 2021 05:39:38 GMT
Location: https://d3js.org/d3.v4.js
cf-request-id: 099e9fcbea000004eb26301000000001
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xldbE2eVq3ODdn0CQGQsBfm%2Fo1C3F2oVRMOLC%2F4yJN4K22mzEdqBEdc8YJweY5sSxNyefde9maRUzaBWVijTRewTPj8LouqcuQ%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 644468bfd91f04eb-LAX
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 12734
Cache-Control: max-age=21600
Content-MD5: Ho7x5OFxPmXuon/IucKh7g==
Content-Type: text/xml
Date: Fri, 23 Apr 2021 04:40:37 GMT
Etag: 0x8D90364ECB23BC5
Last-Modified: Mon, 19 Apr 2021 18:57:05 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cee47390-e01e-00a3-7bdd-372163000000
x-ms-version: 2009-09-19
Content-Length: 13706
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 117.18.232.200:443 -> 192.168.56.101:49214 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49205 -> 104.26.6.30:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49212 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49213 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49205 104.26.6.30:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 40:54:0c:eb:15:85:8d:78:02:32:93:ed:70:bc:2f:24:63:a2:8a:2b |
Snort Alerts
No Snort Alerts