恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-1	2020-01-16 20:28:12	2020-01-16 20:30:19	127 秒

魔盾分数

0.0

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://5eplay.space/

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
5eplay.space	未知	A 104.27.169.229 A 104.27.168.229
cdnjs.cloudflare.com	A 104.17.64.4 A 104.17.65.4
use.fontawesome.com	A 23.111.9.35 CNAME fontawesome-cdn.fonticons.netdna-cdn.com
code.jquery.com	CNAME cds.s5x3j6q5.hwcdn.net A 209.197.3.24
www.smartsuppchat.com	A 52.57.141.222 A 35.156.233.228 CNAME smartsuppchat.com A 35.158.145.54
x.ss2.us	A 13.227.49.75 A 13.227.49.159 A 13.227.49.53 A 13.227.49.157
js.intercomcdn.com	未知	A 13.35.99.122 A 13.35.99.128 A 13.35.99.102 A 13.35.99.9 CNAME d1spgg7psata7d.cloudfront.net
s2.ax1x.com	A 46.4.132.220
i.gyazo.com	A 104.19.142.111 A 104.19.143.111
i.imgur.com	CNAME prod.imgur.map.fastlylb.net A 151.101.52.193
static.5eplay.com	未知	A 140.249.60.231 A 140.249.61.179 A 121.207.229.200 A 121.207.229.171 A 140.249.61.99 A 121.207.229.172 A 140.249.60.225 A 140.249.61.100 A 121.207.229.204 A 140.249.61.73 A 121.207.229.199 A 140.249.61.18 A 140.249.60.227 A 140.249.60.232 A 140.249.60.226 CNAME static.5eplay.com.w.kunlungr.com
image.ibb.co	未知	A 64.31.6.154
epulze.com	A 104.26.8.63 A 104.26.9.63

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2624

搜索
iexplore.exe (2624)

iexplore.exe, PID: 2624, 上一级进程 PID: 2332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49163	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49167	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49179	104.19.143.111 i.gyazo.com	443
192.168.122.201	49453	104.26.9.63 epulze.com	443
192.168.122.201	49454	104.26.9.63 epulze.com	443
192.168.122.201	49460	104.26.9.63 epulze.com	443
192.168.122.201	49160	104.27.168.229 5eplay.space	80
192.168.122.201	49161	104.27.168.229 5eplay.space	443
192.168.122.201	49165	104.27.168.229 5eplay.space	443
192.168.122.201	49455	104.27.168.229 5eplay.space	443
192.168.122.201	49456	104.27.168.229 5eplay.space	443
192.168.122.201	49457	104.27.168.229 5eplay.space	443
192.168.122.201	49458	104.27.168.229 5eplay.space	443
192.168.122.201	49459	104.27.168.229 5eplay.space	443
192.168.122.201	49461	104.27.168.229 5eplay.space	443
192.168.122.201	49462	104.27.168.229 5eplay.space	443
192.168.122.201	49463	104.27.168.229 5eplay.space	443
192.168.122.201	49464	104.27.168.229 5eplay.space	443
192.168.122.201	49465	104.27.168.229 5eplay.space	443
192.168.122.201	49170	13.227.49.75 x.ss2.us	80
192.168.122.201	49448	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49449	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49450	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49451	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49447	140.249.61.99 static.5eplay.com	443
192.168.122.201	49173	151.101.52.193 i.imgur.com	443
192.168.122.201	49174	151.101.52.193 i.imgur.com	443
192.168.122.201	49175	151.101.52.193 i.imgur.com	443
192.168.122.201	49176	151.101.52.193 i.imgur.com	443
192.168.122.201	49177	151.101.52.193 i.imgur.com	443
192.168.122.201	49178	151.101.52.193 i.imgur.com	443
192.168.122.201	49441	151.101.52.193 i.imgur.com	443
192.168.122.201	49442	151.101.52.193 i.imgur.com	443
192.168.122.201	49443	151.101.52.193 i.imgur.com	443
192.168.122.201	49444	151.101.52.193 i.imgur.com	443
192.168.122.201	49445	151.101.52.193 i.imgur.com	443
192.168.122.201	49446	151.101.52.193 i.imgur.com	443
192.168.122.201	49440	192.168.122.1	53
192.168.122.201	49166	209.197.3.24 code.jquery.com	443
192.168.122.201	49164	23.111.9.35 use.fontawesome.com	443
192.168.122.201	49168	23.111.9.35 use.fontawesome.com	443
192.168.122.201	49171	46.4.132.220 s2.ax1x.com	443
192.168.122.201	49169	52.57.141.222 www.smartsuppchat.com	443
192.168.122.201	49172	64.31.6.154 image.ibb.co	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	49749	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	56773	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	60905	192.168.122.1	53
192.168.122.201	61606	192.168.122.1	53
192.168.122.201	62594	192.168.122.1	53
192.168.122.201	63681	192.168.122.1	53
192.168.122.201	64155	192.168.122.1	53
192.168.122.201	64725	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
5eplay.space	未知	A 104.27.169.229 A 104.27.168.229
cdnjs.cloudflare.com	A 104.17.64.4 A 104.17.65.4
use.fontawesome.com	A 23.111.9.35 CNAME fontawesome-cdn.fonticons.netdna-cdn.com
code.jquery.com	CNAME cds.s5x3j6q5.hwcdn.net A 209.197.3.24
www.smartsuppchat.com	A 52.57.141.222 A 35.156.233.228 CNAME smartsuppchat.com A 35.158.145.54
x.ss2.us	A 13.227.49.75 A 13.227.49.159 A 13.227.49.53 A 13.227.49.157
js.intercomcdn.com	未知	A 13.35.99.122 A 13.35.99.128 A 13.35.99.102 A 13.35.99.9 CNAME d1spgg7psata7d.cloudfront.net
s2.ax1x.com	A 46.4.132.220
i.gyazo.com	A 104.19.142.111 A 104.19.143.111
i.imgur.com	CNAME prod.imgur.map.fastlylb.net A 151.101.52.193
static.5eplay.com	未知	A 140.249.60.231 A 140.249.61.179 A 121.207.229.200 A 121.207.229.171 A 140.249.61.99 A 121.207.229.172 A 140.249.60.225 A 140.249.61.100 A 121.207.229.204 A 140.249.61.73 A 121.207.229.199 A 140.249.61.18 A 140.249.60.227 A 140.249.60.232 A 140.249.60.226 CNAME static.5eplay.com.w.kunlungr.com
image.ibb.co	未知	A 64.31.6.154
epulze.com	A 104.26.8.63 A 104.26.9.63

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49163	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49167	104.17.65.4 cdnjs.cloudflare.com	443
192.168.122.201	49179	104.19.143.111 i.gyazo.com	443
192.168.122.201	49453	104.26.9.63 epulze.com	443
192.168.122.201	49454	104.26.9.63 epulze.com	443
192.168.122.201	49460	104.26.9.63 epulze.com	443
192.168.122.201	49160	104.27.168.229 5eplay.space	80
192.168.122.201	49161	104.27.168.229 5eplay.space	443
192.168.122.201	49165	104.27.168.229 5eplay.space	443
192.168.122.201	49455	104.27.168.229 5eplay.space	443
192.168.122.201	49456	104.27.168.229 5eplay.space	443
192.168.122.201	49457	104.27.168.229 5eplay.space	443
192.168.122.201	49458	104.27.168.229 5eplay.space	443
192.168.122.201	49459	104.27.168.229 5eplay.space	443
192.168.122.201	49461	104.27.168.229 5eplay.space	443
192.168.122.201	49462	104.27.168.229 5eplay.space	443
192.168.122.201	49463	104.27.168.229 5eplay.space	443
192.168.122.201	49464	104.27.168.229 5eplay.space	443
192.168.122.201	49465	104.27.168.229 5eplay.space	443
192.168.122.201	49170	13.227.49.75 x.ss2.us	80
192.168.122.201	49448	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49449	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49450	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49451	13.35.99.122 js.intercomcdn.com	443
192.168.122.201	49447	140.249.61.99 static.5eplay.com	443
192.168.122.201	49173	151.101.52.193 i.imgur.com	443
192.168.122.201	49174	151.101.52.193 i.imgur.com	443
192.168.122.201	49175	151.101.52.193 i.imgur.com	443
192.168.122.201	49176	151.101.52.193 i.imgur.com	443
192.168.122.201	49177	151.101.52.193 i.imgur.com	443
192.168.122.201	49178	151.101.52.193 i.imgur.com	443
192.168.122.201	49441	151.101.52.193 i.imgur.com	443
192.168.122.201	49442	151.101.52.193 i.imgur.com	443
192.168.122.201	49443	151.101.52.193 i.imgur.com	443
192.168.122.201	49444	151.101.52.193 i.imgur.com	443
192.168.122.201	49445	151.101.52.193 i.imgur.com	443
192.168.122.201	49446	151.101.52.193 i.imgur.com	443
192.168.122.201	49440	192.168.122.1	53
192.168.122.201	49166	209.197.3.24 code.jquery.com	443
192.168.122.201	49164	23.111.9.35 use.fontawesome.com	443
192.168.122.201	49168	23.111.9.35 use.fontawesome.com	443
192.168.122.201	49171	46.4.132.220 s2.ax1x.com	443
192.168.122.201	49169	52.57.141.222 www.smartsuppchat.com	443
192.168.122.201	49172	64.31.6.154 image.ibb.co	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	49749	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	56773	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	60905	192.168.122.1	53
192.168.122.201	61606	192.168.122.1	53
192.168.122.201	62594	192.168.122.1	53
192.168.122.201	63681	192.168.122.1	53
192.168.122.201	64155	192.168.122.1	53
192.168.122.201	64725	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://5eplay.space/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 5eplay.space Connection: Keep-Alive
URL专业沙箱检测 -> http://x.ss2.us/x.cer	GET /x.cer HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: x.ss2.us

URI

HTTP数据

URL专业沙箱检测 -> http://5eplay.space/

GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 5eplay.space
Connection: Keep-Alive

URL专业沙箱检测 -> http://x.ss2.us/x.cer

GET /x.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x.ss2.us

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2020-01-16 20:28:36.564774+0800	192.168.122.201	49161	104.27.168.229	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	5c:35:70:c3:50:5b:9b:38:f6:93:07:66:3d:c8:10:77:30:f5:7a:ea
2020-01-16 20:28:38.442124+0800	192.168.122.201	49163	104.17.65.4	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com	72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30
2020-01-16 20:28:38.439969+0800	192.168.122.201	49162	104.17.65.4	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com	72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30
2020-01-16 20:28:39.077855+0800	192.168.122.201	49167	104.17.65.4	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com	72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30
2020-01-16 20:28:38.622739+0800	192.168.122.201	49164	23.111.9.35	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Fonticons Inc, OU=Font Awesome, CN=*.fontawesome.com	7b:2f:0f:22:72:ba:87:df:1e:0f:40:c0:4c:10:46:76:6d:1d:a8:bf
2020-01-16 20:28:40.411037+0800	192.168.122.201	49168	23.111.9.35	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Massachusetts, L=Cambridge, O=Fonticons Inc, OU=Font Awesome, CN=*.fontawesome.com	7b:2f:0f:22:72:ba:87:df:1e:0f:40:c0:4c:10:46:76:6d:1d:a8:bf
2020-01-16 20:28:40.925277+0800	192.168.122.201	49169	52.57.141.222	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.smartsuppchat.com	3f:93:36:6c:f2:41:ce:74:9f:93:32:b6:64:a2:18:68:c5:95:a2:79
2020-01-16 20:28:43.591260+0800	192.168.122.201	49179	104.19.143.111	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018	CN=*.gyazo.com	ed:6a:c3:c6:63:68:6b:cc:52:a4:7a:3b:ad:30:e5:9a:b4:ce:00:99
2020-01-16 20:28:44.476691+0800	192.168.122.201	49447	140.249.61.99	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018	CN=*.5eplay.com	d3:49:c8:f6:58:a1:0a:a2:30:72:8b:62:78:32:78:fd:3b:c8:94:7f
2020-01-16 20:28:44.905661+0800	192.168.122.201	49449	13.35.99.122	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.intercomcdn.com	87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2
2020-01-16 20:28:44.838658+0800	192.168.122.201	49450	13.35.99.122	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.intercomcdn.com	87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2
2020-01-16 20:28:44.571272+0800	192.168.122.201	49171	46.4.132.220	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2	OU=Domain Control Validated, CN=*.ax1x.com	aa:c5:f4:3a:16:af:59:7b:9e:d2:4c:f4:a7:ee:68:90:c5:a0:e9:af
2020-01-16 20:28:46.864926+0800	192.168.122.201	49451	13.35.99.122	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.intercomcdn.com	87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2
2020-01-16 20:28:44.024724+0800	192.168.122.201	49172	64.31.6.154	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=ibb.co	f0:3b:eb:c6:58:a0:d5:3f:8a:9f:fd:ae:21:18:8d:8f:44:40:f9:df
2020-01-16 20:28:51.573654+0800	192.168.122.201	49454	104.26.9.63	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	4a:58:10:2a:76:32:a8:25:3b:85:d3:0b:f4:2d:7d:ce:d4:c0:84:e6
2020-01-16 20:28:40.208991+0800	192.168.122.201	49166	209.197.3.24	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=jquery.org	f3:2c:f3:68:f1:95:d3:ee:97:35:51:a0:93:fd:c9:c0:00:d1:32:bc
2020-01-16 20:28:57.807239+0800	192.168.122.201	49448	13.35.99.122	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.intercomcdn.com	87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 30.181 seconds )

15.549 Suricata
14.468 NetworkAnalysis
0.093 Static
0.061 AnalysisInfo
0.006 BehaviorAnalysis
0.004 Memory

Signatures ( 2.08 seconds )

1.929 md_url_bl
0.045 md_domain_bl
0.016 antiav_detectreg
0.007 anomaly_persistence_autorun
0.007 antiav_detectfile
0.007 infostealer_ftp
0.006 ransomware_files
0.005 geodo_banking_trojan
0.005 infostealer_im
0.005 ransomware_extensions
0.004 infostealer_bitcoin
0.004 network_torgateway
0.003 tinba_behavior
0.003 antianalysis_detectreg
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 rat_nanocore
0.002 cerber_behavior
0.002 browser_security
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 ie_martian_children
0.001 md_bad_drop
0.001 maldun_network_blacklist
0.001 recon_checkip
0.001 stealth_modify_uac_prompt

Reporting ( 0.733 seconds )

0.733 ReportHTMLSummary


Task ID	487888
Mongo ID	5e2057912f8f2e4bea6368d7
Cuckoo release	1.4-Maldun