分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-01-18 23:06:13 2020-01-18 23:08:28 135 秒

魔盾分数

0.0

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://almaany.com

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
almaany.com A 104.25.217.36
A 104.25.218.36
www.almaany.com
oss.maxcdn.com A 23.111.8.154
CNAME osscdn.netdnasa9.netdna-cdn.com
pagead2.googlesyndication.com A 203.208.50.90
CNAME pagead46.l.doubleclick.net
A 203.208.50.77
A 203.208.50.89
www.googletagservices.com
stats.g.doubleclick.net CNAME stats.l.doubleclick.net
A 203.208.43.77
A 203.208.43.89
A 203.208.43.90
connect.facebook.net A 102.132.108.14
CNAME scontent.xx.fbcdn.net
ajax.googleapis.com A 172.217.160.74
s7.addthis.com CNAME ds-s7.addthis.com.edgekey.net
CNAME s8.addthis.com
A 96.16.172.183
CNAME e3615.a.akamaiedge.net

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    ALMAANY.COM
Creation Date:
    2010-01-06 14:14:37
Updated Date:
    2015-07-20 06:16:17
Expiration Date:
    2025-01-06 14:14:37
Email(s):
    abuse@godaddy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    BEN.NS.CLOUDFLARE.COM
    GAIL.NS.CLOUDFLARE.COM
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2652, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49175 102.132.108.14 connect.facebook.net 443
192.168.122.201 49161 104.25.217.36 almaany.com 80
192.168.122.201 49162 104.25.217.36 almaany.com 443
192.168.122.201 49163 104.25.217.36 almaany.com 80
192.168.122.201 49164 104.25.217.36 almaany.com 443
192.168.122.201 49166 104.25.217.36 almaany.com 443
192.168.122.201 49167 104.25.217.36 almaany.com 443
192.168.122.201 49172 104.25.217.36 almaany.com 443
192.168.122.201 49173 104.25.217.36 almaany.com 443
192.168.122.201 49174 104.25.217.36 almaany.com 443
192.168.122.201 49179 104.25.217.36 almaany.com 80
192.168.122.201 49181 104.25.217.36 almaany.com 443
192.168.122.201 49186 104.25.217.36 almaany.com 443
192.168.122.201 49191 104.25.217.36 almaany.com 443
192.168.122.201 49192 104.25.217.36 almaany.com 443
192.168.122.201 49177 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49182 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49188 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49168 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49170 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49180 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49183 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49184 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49187 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49189 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49190 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49169 23.111.8.154 oss.maxcdn.com 443
192.168.122.201 49171 23.111.8.154 oss.maxcdn.com 443
192.168.122.201 49178 96.16.172.183 s7.addthis.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 49749 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 60905 192.168.122.1 53
192.168.122.201 62594 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
almaany.com A 104.25.217.36
A 104.25.218.36
www.almaany.com
oss.maxcdn.com A 23.111.8.154
CNAME osscdn.netdnasa9.netdna-cdn.com
pagead2.googlesyndication.com A 203.208.50.90
CNAME pagead46.l.doubleclick.net
A 203.208.50.77
A 203.208.50.89
www.googletagservices.com
stats.g.doubleclick.net CNAME stats.l.doubleclick.net
A 203.208.43.77
A 203.208.43.89
A 203.208.43.90
connect.facebook.net A 102.132.108.14
CNAME scontent.xx.fbcdn.net
ajax.googleapis.com A 172.217.160.74
s7.addthis.com CNAME ds-s7.addthis.com.edgekey.net
CNAME s8.addthis.com
A 96.16.172.183
CNAME e3615.a.akamaiedge.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49175 102.132.108.14 connect.facebook.net 443
192.168.122.201 49161 104.25.217.36 almaany.com 80
192.168.122.201 49162 104.25.217.36 almaany.com 443
192.168.122.201 49163 104.25.217.36 almaany.com 80
192.168.122.201 49164 104.25.217.36 almaany.com 443
192.168.122.201 49166 104.25.217.36 almaany.com 443
192.168.122.201 49167 104.25.217.36 almaany.com 443
192.168.122.201 49172 104.25.217.36 almaany.com 443
192.168.122.201 49173 104.25.217.36 almaany.com 443
192.168.122.201 49174 104.25.217.36 almaany.com 443
192.168.122.201 49179 104.25.217.36 almaany.com 80
192.168.122.201 49181 104.25.217.36 almaany.com 443
192.168.122.201 49186 104.25.217.36 almaany.com 443
192.168.122.201 49191 104.25.217.36 almaany.com 443
192.168.122.201 49192 104.25.217.36 almaany.com 443
192.168.122.201 49177 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49182 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49188 203.208.43.77 stats.g.doubleclick.net 443
192.168.122.201 49168 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49170 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49180 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49183 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49184 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49187 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49189 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49190 203.208.50.90 pagead2.googlesyndication.com 443
192.168.122.201 49169 23.111.8.154 oss.maxcdn.com 443
192.168.122.201 49171 23.111.8.154 oss.maxcdn.com 443
192.168.122.201 49178 96.16.172.183 s7.addthis.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 49749 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 60905 192.168.122.1 53
192.168.122.201 62594 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://almaany.com/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: almaany.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.almaany.com/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.almaany.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.almaany.com/answers/
GET /answers/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Cookie: PHPSESSID=mb7erdedtcqqh7so4lus65knu3
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.almaany.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-01-18 23:06:43.476331+0800 192.168.122.201 49162 104.25.217.36 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb
2020-01-18 23:06:52.194526+0800 192.168.122.201 49164 104.25.217.36 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb
2020-01-18 23:06:56.909613+0800 192.168.122.201 49170 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:06:56.816200+0800 192.168.122.201 49168 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:02.687870+0800 192.168.122.201 49177 203.208.43.77 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:02.762927+0800 192.168.122.201 49178 96.16.172.183 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA C=US, ST=California, L=Redwood Shores, O=Oracle Corporation, OU=Content Management Services IT, CN=odc-prod-01.oracle.com f7:6c:01:ec:e1:fd:51:14:bd:d6:5b:9a:01:8c:81:21:c0:63:6a:86
2020-01-18 23:07:04.142777+0800 192.168.122.201 49175 102.132.108.14 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com 29:4e:b0:b4:8b:3f:3c:0c:5e:e0:23:6b:31:00:67:08:11:fe:74:5e
2020-01-18 23:06:57.457258+0800 192.168.122.201 49169 23.111.8.154 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA OU=Domain Control Validated, CN=oss.maxcdn.com 48:7a:2f:47:93:3b:01:53:34:44:71:73:6b:2b:b5:80:ba:1c:78:f8
2020-01-18 23:06:59.849128+0800 192.168.122.201 49171 23.111.8.154 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA OU=Domain Control Validated, CN=oss.maxcdn.com 48:7a:2f:47:93:3b:01:53:34:44:71:73:6b:2b:b5:80:ba:1c:78:f8
2020-01-18 23:07:07.186544+0800 192.168.122.201 49180 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:08.151271+0800 192.168.122.201 49182 203.208.43.77 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:08.142168+0800 192.168.122.201 49183 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:09.153164+0800 192.168.122.201 49184 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:12.375462+0800 192.168.122.201 49187 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:13.972188+0800 192.168.122.201 49188 203.208.43.77 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:13.969850+0800 192.168.122.201 49189 203.208.50.90 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f
2020-01-18 23:07:24.168540+0800 192.168.122.201 49192 104.25.217.36 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.732 seconds )

  • 15.531 Suricata
  • 11.762 Static
  • 7.019 NetworkAnalysis
  • 2.274 VirusTotal
  • 0.134 AnalysisInfo
  • 0.007 BehaviorAnalysis
  • 0.005 Memory

Signatures ( 2.164 seconds )

  • 1.993 md_url_bl
  • 0.053 md_domain_bl
  • 0.018 antiav_detectreg
  • 0.011 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.006 ransomware_files
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_im
  • 0.005 ransomware_extensions
  • 0.004 tinba_behavior
  • 0.004 infostealer_bitcoin
  • 0.004 network_torgateway
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.774 seconds )

  • 0.774 ReportHTMLSummary
Task ID 488356
Mongo ID 5e231f9c2f8f2e4bf5636f57
Cuckoo release 1.4-Maldun