分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2020-01-18 22:47:56 | 2020-01-18 22:50:09 | 133 秒 |
魔盾分数
0.325
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://surferseo.com/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息WHOIS 信息
Name: DATA REDACTED
Country: DATA REDACTED
State: DATA REDACTED
City: DATA REDACTED
ZIP Code: DATA REDACTED
Address: DATA REDACTED
Orginization: DATA REDACTED
Domain Name(s):
SURFERSEO.COM
Creation Date:
2017-10-03 16:47:04
Updated Date:
2019-10-02 04:21:49
2019-10-03 03:38:32
Expiration Date:
2020-10-03 16:47:04
Email(s):
registrar-abuse@cloudflare.com
Registrar(s):
Cloudflare, Inc.
Name Server(s):
GAIL.NS.CLOUDFLARE.COM
NED.NS.CLOUDFLARE.COM
gail.ns.cloudflare.com
ned.ns.cloudflare.com
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49180 | 102.132.108.14 connect.facebook.net | 443 |
| 192.168.122.201 | 49186 | 104.17.115.176 js.hsadspixel.net | 443 |
| 192.168.122.201 | 49185 | 104.17.130.171 js.hscollectedforms.net | 443 |
| 192.168.122.201 | 49163 | 104.17.210.204 js.hs-scripts.com | 443 |
| 192.168.122.201 | 49187 | 104.17.69.176 js.hs-analytics.net | 443 |
| 192.168.122.201 | 49179 | 104.20.243.100 surfer.user.com | 443 |
| 192.168.122.201 | 49160 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49161 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49174 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49175 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49176 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49177 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49182 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49183 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49184 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49188 | 13.225.100.26 x.ss2.us | 80 |
| 192.168.122.201 | 49181 | 13.225.103.9 cdn.firstpromoter.com | 443 |
| 192.168.122.201 | 49165 | 203.208.39.224 fonts.googleapis.com | 443 |
| 192.168.122.201 | 49162 | 203.208.50.190 www.googletagmanager.com | 443 |
| 192.168.122.201 | 49173 | 203.208.50.190 www.googletagmanager.com | 443 |
| 192.168.122.201 | 49164 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49166 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49167 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49168 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49169 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49170 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49171 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49190 | 31.13.66.23 www.youtube.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49310 | 192.168.122.1 | 53 |
| 192.168.122.201 | 49608 | 192.168.122.1 | 53 |
| 192.168.122.201 | 49749 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51856 | 192.168.122.1 | 53 |
| 192.168.122.201 | 56773 | 192.168.122.1 | 53 |
| 192.168.122.201 | 58897 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59672 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60905 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61606 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62594 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63681 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64155 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64725 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49180 | 102.132.108.14 connect.facebook.net | 443 |
| 192.168.122.201 | 49186 | 104.17.115.176 js.hsadspixel.net | 443 |
| 192.168.122.201 | 49185 | 104.17.130.171 js.hscollectedforms.net | 443 |
| 192.168.122.201 | 49163 | 104.17.210.204 js.hs-scripts.com | 443 |
| 192.168.122.201 | 49187 | 104.17.69.176 js.hs-analytics.net | 443 |
| 192.168.122.201 | 49179 | 104.20.243.100 surfer.user.com | 443 |
| 192.168.122.201 | 49160 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49161 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49174 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49175 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49176 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49177 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49182 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49183 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49184 | 104.26.12.174 surferseo.com | 443 |
| 192.168.122.201 | 49188 | 13.225.100.26 x.ss2.us | 80 |
| 192.168.122.201 | 49181 | 13.225.103.9 cdn.firstpromoter.com | 443 |
| 192.168.122.201 | 49165 | 203.208.39.224 fonts.googleapis.com | 443 |
| 192.168.122.201 | 49162 | 203.208.50.190 www.googletagmanager.com | 443 |
| 192.168.122.201 | 49173 | 203.208.50.190 www.googletagmanager.com | 443 |
| 192.168.122.201 | 49164 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49166 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49167 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49168 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49169 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49170 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49171 | 23.1.21.227 use.typekit.net | 443 |
| 192.168.122.201 | 49190 | 31.13.66.23 www.youtube.com | 443 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49310 | 192.168.122.1 | 53 |
| 192.168.122.201 | 49608 | 192.168.122.1 | 53 |
| 192.168.122.201 | 49749 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51856 | 192.168.122.1 | 53 |
| 192.168.122.201 | 56773 | 192.168.122.1 | 53 |
| 192.168.122.201 | 58897 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59672 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60905 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61606 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62594 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63681 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64155 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64725 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64912 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://x.ss2.us/x.cer | GET /x.cer HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: x.ss2.us |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2020-01-18 22:48:24.333968+0800 | 192.168.122.201 | 49160 | 104.26.12.174 | 443 | TLS 1.2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=sni.cloudflaressl.com | c6:29:ad:0d:5d:6a:aa:5c:04:4d:32:b0:5c:a9:49:03:c0:07:55:73 |
| 2020-01-18 22:48:26.371731+0800 | 192.168.122.201 | 49162 | 203.208.50.190 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 4c:ac:e1:a5:34:44:7e:04:d7:33:a8:ac:2a:a3:2e:de:91:9e:d1:72 |
| 2020-01-18 22:48:28.150253+0800 | 192.168.122.201 | 49164 | 23.1.21.227 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, OU=IT, CN=*.typekit.net | c6:35:8b:eb:eb:82:d9:f2:61:3f:e2:ec:e8:c2:4c:24:3f:37:f4:0c |
| 2020-01-18 22:48:26.634281+0800 | 192.168.122.201 | 49165 | 203.208.39.224 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com | 7b:bd:9c:ba:37:4d:6a:e9:8f:85:9f:2f:54:6b:5d:cf:26:e1:51:19 |
| 2020-01-18 22:48:32.521301+0800 | 192.168.122.201 | 49171 | 23.1.21.227 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, OU=IT, CN=*.typekit.net | c6:35:8b:eb:eb:82:d9:f2:61:3f:e2:ec:e8:c2:4c:24:3f:37:f4:0c |
| 2020-01-18 22:48:27.240372+0800 | 192.168.122.201 | 49163 | 104.17.210.204 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl817718.cloudflaressl.com | 98:46:8f:1b:ee:c4:15:17:ae:dc:ab:fc:bd:d5:34:23:68:64:35:62 |
| 2020-01-18 22:48:33.518904+0800 | 192.168.122.201 | 49173 | 203.208.50.190 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 4c:ac:e1:a5:34:44:7e:04:d7:33:a8:ac:2a:a3:2e:de:91:9e:d1:72 |
| 2020-01-18 22:48:34.934444+0800 | 192.168.122.201 | 49179 | 104.20.243.100 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | CN=ssl933244.cloudflaressl.com | 61:fb:bd:12:1e:57:fe:a2:84:49:58:e2:d0:70:d6:2b:60:a8:d7:0f |
| 2020-01-18 22:48:35.043489+0800 | 192.168.122.201 | 49180 | 102.132.108.14 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com | 29:4e:b0:b4:8b:3f:3c:0c:5e:e0:23:6b:31:00:67:08:11:fe:74:5e |
| 2020-01-18 22:48:39.583001+0800 | 192.168.122.201 | 49181 | 13.225.103.9 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=*.firstpromoter.com | 4a:ba:13:81:70:a5:06:aa:ef:bd:d7:9e:1e:ff:06:a4:d4:2d:43:2b |
| 2020-01-18 22:48:40.334460+0800 | 192.168.122.201 | 49185 | 104.17.130.171 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl803673.cloudflaressl.com | ad:eb:60:25:1a:8d:8f:1b:2f:2e:42:9b:4a:3b:49:12:18:2e:fa:b4 |
| 2020-01-18 22:48:40.347573+0800 | 192.168.122.201 | 49186 | 104.17.115.176 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl803643.cloudflaressl.com | 20:d3:20:e2:6a:50:8b:17:32:92:6f:ab:fe:d2:5e:48:ec:3e:30:66 |
| 2020-01-18 22:48:40.438774+0800 | 192.168.122.201 | 49187 | 104.17.69.176 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl803670.cloudflaressl.com | 24:50:3d:eb:ad:52:4a:cc:24:f2:db:10:25:96:5b:39:19:d4:99:a8 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 33.574 seconds )
- 16.359 Suricata
- 12.945 NetworkAnalysis
- 4.171 Static
- 0.089 AnalysisInfo
- 0.005 BehaviorAnalysis
- 0.005 Memory
Signatures ( 2.062 seconds )
- 1.882 md_url_bl
- 0.065 md_domain_bl
- 0.017 antiav_detectreg
- 0.008 anomaly_persistence_autorun
- 0.008 infostealer_ftp
- 0.007 antiav_detectfile
- 0.006 geodo_banking_trojan
- 0.006 ransomware_files
- 0.005 infostealer_bitcoin
- 0.005 infostealer_im
- 0.005 ransomware_extensions
- 0.004 antianalysis_detectreg
- 0.004 disables_browser_warn
- 0.004 network_torgateway
- 0.003 tinba_behavior
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.002 rat_nanocore
- 0.002 cerber_behavior
- 0.002 browser_security
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 betabot_behavior
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 ie_martian_children
- 0.001 recon_checkip
- 0.001 stealth_modify_uac_prompt
- 0.001 whois_create
Reporting ( 0.847 seconds )
- 0.847 ReportHTMLSummary
| Task ID | 488352 |
|---|---|
| Mongo ID | 5e231b4f2f8f2e4bf2637007 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号