分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2020-01-16 20:28:12 | 2020-01-16 20:30:19 | 127 秒 |
URL |
---|
URL专业沙箱检测 -> http://5eplay.space/ |
无主机纪录.
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): None Creation Date: None Updated Date: None Expiration Date: None Email(s): None Registrar(s): None Name Server(s): None Referral URL(s): None
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49163 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49167 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49179 | 104.19.143.111 i.gyazo.com | 443 |
192.168.122.201 | 49453 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49454 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49460 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49160 | 104.27.168.229 5eplay.space | 80 |
192.168.122.201 | 49161 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49165 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49455 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49456 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49457 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49458 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49459 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49461 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49462 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49463 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49464 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49465 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49170 | 13.227.49.75 x.ss2.us | 80 |
192.168.122.201 | 49448 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49449 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49450 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49451 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49447 | 140.249.61.99 static.5eplay.com | 443 |
192.168.122.201 | 49173 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49174 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49175 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49176 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49177 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49178 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49441 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49442 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49443 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49444 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49445 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49446 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49440 | 192.168.122.1 | 53 |
192.168.122.201 | 49166 | 209.197.3.24 code.jquery.com | 443 |
192.168.122.201 | 49164 | 23.111.9.35 use.fontawesome.com | 443 |
192.168.122.201 | 49168 | 23.111.9.35 use.fontawesome.com | 443 |
192.168.122.201 | 49171 | 46.4.132.220 s2.ax1x.com | 443 |
192.168.122.201 | 49169 | 52.57.141.222 www.smartsuppchat.com | 443 |
192.168.122.201 | 49172 | 64.31.6.154 image.ibb.co | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 49749 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 56773 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 60905 | 192.168.122.1 | 53 |
192.168.122.201 | 61606 | 192.168.122.1 | 53 |
192.168.122.201 | 62594 | 192.168.122.1 | 53 |
192.168.122.201 | 63681 | 192.168.122.1 | 53 |
192.168.122.201 | 64155 | 192.168.122.1 | 53 |
192.168.122.201 | 64725 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49163 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49167 | 104.17.65.4 cdnjs.cloudflare.com | 443 |
192.168.122.201 | 49179 | 104.19.143.111 i.gyazo.com | 443 |
192.168.122.201 | 49453 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49454 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49460 | 104.26.9.63 epulze.com | 443 |
192.168.122.201 | 49160 | 104.27.168.229 5eplay.space | 80 |
192.168.122.201 | 49161 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49165 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49455 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49456 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49457 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49458 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49459 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49461 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49462 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49463 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49464 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49465 | 104.27.168.229 5eplay.space | 443 |
192.168.122.201 | 49170 | 13.227.49.75 x.ss2.us | 80 |
192.168.122.201 | 49448 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49449 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49450 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49451 | 13.35.99.122 js.intercomcdn.com | 443 |
192.168.122.201 | 49447 | 140.249.61.99 static.5eplay.com | 443 |
192.168.122.201 | 49173 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49174 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49175 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49176 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49177 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49178 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49441 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49442 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49443 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49444 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49445 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49446 | 151.101.52.193 i.imgur.com | 443 |
192.168.122.201 | 49440 | 192.168.122.1 | 53 |
192.168.122.201 | 49166 | 209.197.3.24 code.jquery.com | 443 |
192.168.122.201 | 49164 | 23.111.9.35 use.fontawesome.com | 443 |
192.168.122.201 | 49168 | 23.111.9.35 use.fontawesome.com | 443 |
192.168.122.201 | 49171 | 46.4.132.220 s2.ax1x.com | 443 |
192.168.122.201 | 49169 | 52.57.141.222 www.smartsuppchat.com | 443 |
192.168.122.201 | 49172 | 64.31.6.154 image.ibb.co | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 49749 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 56773 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 60905 | 192.168.122.1 | 53 |
192.168.122.201 | 61606 | 192.168.122.1 | 53 |
192.168.122.201 | 62594 | 192.168.122.1 | 53 |
192.168.122.201 | 63681 | 192.168.122.1 | 53 |
192.168.122.201 | 64155 | 192.168.122.1 | 53 |
192.168.122.201 | 64725 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://5eplay.space/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 5eplay.space Connection: Keep-Alive |
URL专业沙箱检测 -> http://x.ss2.us/x.cer | GET /x.cer HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: x.ss2.us |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-01-16 20:28:36.564774+0800 | 192.168.122.201 | 49161 | 104.27.168.229 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 5c:35:70:c3:50:5b:9b:38:f6:93:07:66:3d:c8:10:77:30:f5:7a:ea |
2020-01-16 20:28:38.442124+0800 | 192.168.122.201 | 49163 | 104.17.65.4 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com | 72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30 |
2020-01-16 20:28:38.439969+0800 | 192.168.122.201 | 49162 | 104.17.65.4 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com | 72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30 |
2020-01-16 20:28:39.077855+0800 | 192.168.122.201 | 49167 | 104.17.65.4 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=cloudflare.com | 72:c0:20:54:17:08:ce:ab:5a:3c:55:1d:8b:7b:34:9d:aa:57:17:30 |
2020-01-16 20:28:38.622739+0800 | 192.168.122.201 | 49164 | 23.111.9.35 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Fonticons Inc, OU=Font Awesome, CN=*.fontawesome.com | 7b:2f:0f:22:72:ba:87:df:1e:0f:40:c0:4c:10:46:76:6d:1d:a8:bf |
2020-01-16 20:28:40.411037+0800 | 192.168.122.201 | 49168 | 23.111.9.35 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Fonticons Inc, OU=Font Awesome, CN=*.fontawesome.com | 7b:2f:0f:22:72:ba:87:df:1e:0f:40:c0:4c:10:46:76:6d:1d:a8:bf |
2020-01-16 20:28:40.925277+0800 | 192.168.122.201 | 49169 | 52.57.141.222 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.smartsuppchat.com | 3f:93:36:6c:f2:41:ce:74:9f:93:32:b6:64:a2:18:68:c5:95:a2:79 |
2020-01-16 20:28:43.591260+0800 | 192.168.122.201 | 49179 | 104.19.143.111 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 | CN=*.gyazo.com | ed:6a:c3:c6:63:68:6b:cc:52:a4:7a:3b:ad:30:e5:9a:b4:ce:00:99 |
2020-01-16 20:28:44.476691+0800 | 192.168.122.201 | 49447 | 140.249.61.99 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 | CN=*.5eplay.com | d3:49:c8:f6:58:a1:0a:a2:30:72:8b:62:78:32:78:fd:3b:c8:94:7f |
2020-01-16 20:28:44.905661+0800 | 192.168.122.201 | 49449 | 13.35.99.122 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.intercomcdn.com | 87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2 |
2020-01-16 20:28:44.838658+0800 | 192.168.122.201 | 49450 | 13.35.99.122 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.intercomcdn.com | 87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2 |
2020-01-16 20:28:44.571272+0800 | 192.168.122.201 | 49171 | 46.4.132.220 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.ax1x.com | aa:c5:f4:3a:16:af:59:7b:9e:d2:4c:f4:a7:ee:68:90:c5:a0:e9:af |
2020-01-16 20:28:46.864926+0800 | 192.168.122.201 | 49451 | 13.35.99.122 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.intercomcdn.com | 87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2 |
2020-01-16 20:28:44.024724+0800 | 192.168.122.201 | 49172 | 64.31.6.154 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=ibb.co | f0:3b:eb:c6:58:a0:d5:3f:8a:9f:fd:ae:21:18:8d:8f:44:40:f9:df |
2020-01-16 20:28:51.573654+0800 | 192.168.122.201 | 49454 | 104.26.9.63 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 4a:58:10:2a:76:32:a8:25:3b:85:d3:0b:f4:2d:7d:ce:d4:c0:84:e6 |
2020-01-16 20:28:40.208991+0800 | 192.168.122.201 | 49166 | 209.197.3.24 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=jquery.org | f3:2c:f3:68:f1:95:d3:ee:97:35:51:a0:93:fd:c9:c0:00:d1:32:bc |
2020-01-16 20:28:57.807239+0800 | 192.168.122.201 | 49448 | 13.35.99.122 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.intercomcdn.com | 87:3a:87:3f:6c:02:e1:f5:52:46:90:dc:0d:fd:9b:fd:d3:3d:dc:d2 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 487888 |
---|---|
Mongo ID | 5e2057912f8f2e4bea6368d7 |
Cuckoo release | 1.4-Maldun |