恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-1	2019-11-16 00:49:17	2019-11-16 00:51:25	128 秒

魔盾分数

0.0

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://119.23.17.1

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
cdn.bootcss.com	CNAME cdn.bootcss.com.maoyundns.com A 118.212.226.62 A 123.6.4.228 A 123.6.2.171 A 221.204.166.36 A 118.212.225.117 A 123.6.24.185 A 220.194.87.190 CNAME 1629826.p23.tc.cdntip.com A 123.6.2.99 A 121.29.54.65 A 220.194.79.73 A 123.6.4.114 CNAME cdn.bootcss.com.cdn.dnsv1.com A 123.6.2.61 A 113.1.0.63 A 113.1.0.98 A 221.204.166.20
s.tzg6.com	未知	A 47.101.11.112
tzg6.app	未知	A 104.27.188.184 A 104.27.189.184
zihanguoffice-my.sharepoint.com	CNAME prodnet12472-12459edgea0000.sharepointonline.com.akadns.net A 13.107.136.9 CNAME prodnet12472-12459a0000.sharepointonline.com.akadns.net.spo-0004.spo-msedge.net CNAME zihanguoffice.sharepoint.com CNAME spo-0004.spo-msedge.net

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49443	104.27.188.184 tzg6.app	443
192.168.122.201	49444	104.27.188.184 tzg6.app	443
192.168.122.201	49162	119.23.17.1	80
192.168.122.201	49449	119.23.17.1	80
192.168.122.201	49441	123.6.2.61 cdn.bootcss.com	443
192.168.122.201	49442	123.6.2.61 cdn.bootcss.com	443
192.168.122.201	49447	13.107.136.9 zihanguoffice-my.sharepoint.com	443
192.168.122.201	49448	13.107.136.9 zihanguoffice-my.sharepoint.com	443
192.168.122.201	49440	192.168.122.1	53
192.168.122.201	49445	47.101.11.112 s.tzg6.com	80
192.168.122.201	49446	47.101.11.112 s.tzg6.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
cdn.bootcss.com	CNAME cdn.bootcss.com.maoyundns.com A 118.212.226.62 A 123.6.4.228 A 123.6.2.171 A 221.204.166.36 A 118.212.225.117 A 123.6.24.185 A 220.194.87.190 CNAME 1629826.p23.tc.cdntip.com A 123.6.2.99 A 121.29.54.65 A 220.194.79.73 A 123.6.4.114 CNAME cdn.bootcss.com.cdn.dnsv1.com A 123.6.2.61 A 113.1.0.63 A 113.1.0.98 A 221.204.166.20
s.tzg6.com	未知	A 47.101.11.112
tzg6.app	未知	A 104.27.188.184 A 104.27.189.184
zihanguoffice-my.sharepoint.com	CNAME prodnet12472-12459edgea0000.sharepointonline.com.akadns.net A 13.107.136.9 CNAME prodnet12472-12459a0000.sharepointonline.com.akadns.net.spo-0004.spo-msedge.net CNAME zihanguoffice.sharepoint.com CNAME spo-0004.spo-msedge.net

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49443	104.27.188.184 tzg6.app	443
192.168.122.201	49444	104.27.188.184 tzg6.app	443
192.168.122.201	49162	119.23.17.1	80
192.168.122.201	49449	119.23.17.1	80
192.168.122.201	49441	123.6.2.61 cdn.bootcss.com	443
192.168.122.201	49442	123.6.2.61 cdn.bootcss.com	443
192.168.122.201	49447	13.107.136.9 zihanguoffice-my.sharepoint.com	443
192.168.122.201	49448	13.107.136.9 zihanguoffice-my.sharepoint.com	443
192.168.122.201	49440	192.168.122.1	53
192.168.122.201	49445	47.101.11.112 s.tzg6.com	80
192.168.122.201	49446	47.101.11.112 s.tzg6.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://119.23.17.1/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 119.23.17.1 Connection: Keep-Alive
URL专业沙箱检测 -> http://s.tzg6.com/matomo.js	GET /matomo.js HTTP/1.1 Accept: / Referer: http://119.23.17.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s.tzg6.com Connection: Keep-Alive
URL专业沙箱检测 -> http://s.tzg6.com/matomo.php?action_name=TZG%20KMS%E6%9C%8D%E5%8A%A1%E5%99%A8&idsite=9&rec=1&r=607539&h=0&m=49&s=28&url=http%3A%2F%2F119.23.17.1%2F&_id=e6a37eaf81152f49&_idts=1573836569&_idvc=1&_idn=0&_refts=0&_viewts=1573836569&send_image=1&res=800x600&pv_id=RbAJlB	GET /matomo.php?action_name=TZG%20KMS%E6%9C%8D%E5%8A%A1%E5%99%A8&idsite=9&rec=1&r=607539&h=0&m=49&s=28&url=http%3A%2F%2F119.23.17.1%2F&_id=e6a37eaf81152f49&_idts=1573836569&_idvc=1&_idn=0&_refts=0&_viewts=1573836569&send_image=1&res=800x600&pv_id=RbAJlB HTTP/1.1 Accept: / Referer: http://119.23.17.1/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s.tzg6.com Connection: Keep-Alive
URL专业沙箱检测 -> http://119.23.17.1/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 119.23.17.1 Connection: Keep-Alive Cookie: _pk_id.9.3b8d=e6a37eaf81152f49.1573836569.1.1573836569.1573836569.; _pk_ses.9.3b8d=1

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-11-16 00:49:41.780070+0800	192.168.122.201	49442	123.6.2.61	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=*.bootcss.com	fd:f0:35:70:ea:1e:ce:13:4b:da:30:b9:ea:2c:f1:2d:e1:56:3b:43
2019-11-16 00:49:41.786587+0800	192.168.122.201	49441	123.6.2.61	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=*.bootcss.com	fd:f0:35:70:ea:1e:ce:13:4b:da:30:b9:ea:2c:f1:2d:e1:56:3b:43
2019-11-16 00:49:43.441835+0800	192.168.122.201	49444	104.27.188.184	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=sni.cloudflaressl.com	ed:78:65:16:9f:7c:c2:81:14:8d:7f:bb:89:f6:d6:9f:da:4c:3c:94
2019-11-16 00:49:43.312557+0800	192.168.122.201	49446	47.101.11.112	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS ECC CA	CN=s.tzg6.com	19:46:87:8c:7e:2d:28:bd:e0:43:a6:5e:a6:00:7f:d3:17:50:a4:c1
2019-11-16 00:49:43.437580+0800	192.168.122.201	49443	104.27.188.184	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=sni.cloudflaressl.com	ed:78:65:16:9f:7c:c2:81:14:8d:7f:bb:89:f6:d6:9f:da:4c:3c:94
2019-11-16 00:49:45.171844+0800	192.168.122.201	49448	13.107.136.9	443	TLS 1.2	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sharepoint.com	7c:a6:dc:41:15:7f:1c:7a:e0:4d:86:73:c3:7b:fc:f0:dc:8e:46:3d
2019-11-16 00:49:45.148740+0800	192.168.122.201	49447	13.107.136.9	443	TLS 1.2	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sharepoint.com	7c:a6:dc:41:15:7f:1c:7a:e0:4d:86:73:c3:7b:fc:f0:dc:8e:46:3d

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 38.007 seconds )

15.603 Suricata
11.496 NetworkAnalysis
10.769 Static
0.128 AnalysisInfo
0.006 BehaviorAnalysis
0.005 Memory

Signatures ( 2.133 seconds )

1.992 md_url_bl
0.02 md_domain_bl
0.019 antiav_detectreg
0.012 anomaly_persistence_autorun
0.008 antiav_detectfile
0.007 infostealer_ftp
0.006 ransomware_files
0.005 geodo_banking_trojan
0.005 infostealer_im
0.005 ransomware_extensions
0.004 tinba_behavior
0.004 antianalysis_detectreg
0.004 infostealer_bitcoin
0.003 rat_nanocore
0.003 cerber_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.003 network_torgateway
0.002 betabot_behavior
0.002 browser_security
0.002 md_bad_drop
0.001 network_tor
0.001 anomaly_persistence_bootexecute
0.001 ursnif_behavior
0.001 kazybot_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 ie_martian_children
0.001 stealth_modify_uac_prompt

Reporting ( 0.707 seconds )

0.707 ReportHTMLSummary


Task ID	460011
Mongo ID	5dced7ba2f8f2e58b6836884
Cuckoo release	1.4-Maldun