Network Analysis
Name | Response | Post-Analysis Lookup |
---|---|---|
d3js.org | 172.67.73.126 |
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
https://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: d3js.org
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:53:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d6acdae010111ff946302c354b7b11b501619153637; expires=Sun, 23-May-21 04:53:57 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:02 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68e-73411"
expires: Fri, 23 Apr 2021 04:54:40 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: B502:1234:12A657:1B6FC3:6078D7B7
CF-Cache-Status: HIT
Age: 260
cf-request-id: 099eace75300000a443c1d5000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1g3WIMXZEymIA0JtEGf8weGKzmWI4rq0wVQkXczUv8ySD3qK8umj5prtC8LTun2JV%2BDs%2BQtmE4h0giqLPFSjxfEhbsr8kMWn%2BA%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64447db88efb0a44-KIX
GET
200
https://d3js.org/d3-scale-chromatic.v1.min.js
REQUEST
RESPONSE
BODY
GET /d3-scale-chromatic.v1.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:54:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d22df36d44e1d07de858875d43ad3d2611619153640; expires=Sun, 23-May-21 04:54:00 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-4d77"
expires: Fri, 23 Apr 2021 04:58:03 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: MISS
X-GitHub-Request-Id: 6B64:1A21:77A4E:DCCCA:6078D718
CF-Cache-Status: HIT
Age: 291
cf-request-id: 099eacf24000000a44d6b8f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XxBh1y%2FTIl94nc08nUK3lCEln4rYV%2FocChl33VdDcwuXXOubKltZzM3LMOgXAgrBiU31oXea7XNN%2FPjWxFfOTuxcX8BLTKmquA%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64447dca0c080a44-KIX
GET
200
https://d3js.org/d3-geo-projection.v2.min.js
REQUEST
RESPONSE
BODY
GET /d3-geo-projection.v2.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 23 Apr 2021 04:54:00 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d22df36d44e1d07de858875d43ad3d2611619153640; expires=Sun, 23-May-21 04:54:00 GMT; path=/; domain=.d3js.org; HttpOnly; SameSite=Lax; Secure
Last-Modified: Fri, 16 Apr 2021 00:13:01 GMT
Access-Control-Allow-Origin: *
ETag: W/"6078d68d-ed31"
expires: Fri, 23 Apr 2021 05:04:00 GMT
Cache-Control: max-age=14400
Content-Encoding: gzip
x-proxy-cache: HIT
X-GitHub-Request-Id: C288:39DF:148EB3:1B9F08:6078D794
CF-Cache-Status: REVALIDATED
cf-request-id: 099eacf2f400000a440c820000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GIXnSciU2Ttv6LR6eqhlwTiudzbrBAgvmbRb5ElnXhdeXn2zF3qxwMaVLQqNqX2ae%2BkfmxUMXdYRkyipImSoPZDCvP0bdB0tAg%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64447dcb2ec60a44-KIX
GET
301
http://d3js.org/d3.v4.js
REQUEST
RESPONSE
BODY
GET /d3.v4.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: d3js.org
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Apr 2021 04:53:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Apr 2021 05:53:56 GMT
Location: https://d3js.org/d3.v4.js
cf-request-id: 099eace6420000fbd04227f000000001
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HxS44WyFNhplzsAP2jUT77qCsdgsYvxP6vFUgahv6OyjShLuXWR0NhrZ%2BORcRJOxrEXgn%2FXxgaC8c%2FUBNbq%2BmCllHlJO62NpJw%3D%3D"}],"max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 64447db6dd21fbd0-KIX
GET
200
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
REQUEST
RESPONSE
BODY
GET /IE9CompatViewList.xml HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Host: ie9cvlist.ie.microsoft.com
If-Modified-Since: Thu, 21 Nov 2019 19:37:08 GMT
If-None-Match: 0x8D76EBA32AF0BC3
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Encoding: gzip
Age: 13593
Cache-Control: max-age=21600
Content-MD5: Ho7x5OFxPmXuon/IucKh7g==
Content-Type: text/xml
Date: Fri, 23 Apr 2021 04:54:56 GMT
Etag: 0x8D90364ECB23BC5
Last-Modified: Mon, 19 Apr 2021 18:57:05 GMT
Server: ECAcc (tka/897A)
Vary: Accept-Encoding
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: cee47390-e01e-00a3-7bdd-372163000000
x-ms-version: 2009-09-19
Content-Length: 13706
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.101:49205 -> 172.67.73.126:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 117.18.232.200:443 -> 192.168.56.101:49213 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49212 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49211 -> 117.18.232.200:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49205 172.67.73.126:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 40:54:0c:eb:15:85:8d:78:02:32:93:ed:70:bc:2f:24:63:a2:8a:2b |
Snort Alerts
No Snort Alerts