分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2020-01-18 23:06:13 | 2020-01-18 23:08:28 | 135 秒 |
URL |
---|
URL专业沙箱检测 -> http://almaany.com |
无主机纪录.
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): ALMAANY.COM Creation Date: 2010-01-06 14:14:37 Updated Date: 2015-07-20 06:16:17 Expiration Date: 2025-01-06 14:14:37 Email(s): abuse@godaddy.com Registrar(s): GoDaddy.com, LLC Name Server(s): BEN.NS.CLOUDFLARE.COM GAIL.NS.CLOUDFLARE.COM Referral URL(s): None
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49175 | 102.132.108.14 connect.facebook.net | 443 |
192.168.122.201 | 49161 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49162 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49163 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49164 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49166 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49167 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49172 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49173 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49174 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49179 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49181 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49186 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49191 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49192 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49177 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49182 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49188 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49168 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49170 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49180 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49183 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49184 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49187 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49189 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49190 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49169 | 23.111.8.154 oss.maxcdn.com | 443 |
192.168.122.201 | 49171 | 23.111.8.154 oss.maxcdn.com | 443 |
192.168.122.201 | 49178 | 96.16.172.183 s7.addthis.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 49749 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 60905 | 192.168.122.1 | 53 |
192.168.122.201 | 62594 | 192.168.122.1 | 53 |
192.168.122.201 | 64155 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49175 | 102.132.108.14 connect.facebook.net | 443 |
192.168.122.201 | 49161 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49162 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49163 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49164 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49166 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49167 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49172 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49173 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49174 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49179 | 104.25.217.36 almaany.com | 80 |
192.168.122.201 | 49181 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49186 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49191 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49192 | 104.25.217.36 almaany.com | 443 |
192.168.122.201 | 49177 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49182 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49188 | 203.208.43.77 stats.g.doubleclick.net | 443 |
192.168.122.201 | 49168 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49170 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49180 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49183 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49184 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49187 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49189 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49190 | 203.208.50.90 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49169 | 23.111.8.154 oss.maxcdn.com | 443 |
192.168.122.201 | 49171 | 23.111.8.154 oss.maxcdn.com | 443 |
192.168.122.201 | 49178 | 96.16.172.183 s7.addthis.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 49749 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 60905 | 192.168.122.1 | 53 |
192.168.122.201 | 62594 | 192.168.122.1 | 53 |
192.168.122.201 | 64155 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://almaany.com/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: almaany.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.almaany.com/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.almaany.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.almaany.com/answers/ | GET /answers/ HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Cookie: PHPSESSID=mb7erdedtcqqh7so4lus65knu3 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.almaany.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-01-18 23:06:43.476331+0800 | 192.168.122.201 | 49162 | 104.25.217.36 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com | f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb |
2020-01-18 23:06:52.194526+0800 | 192.168.122.201 | 49164 | 104.25.217.36 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com | f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb |
2020-01-18 23:06:56.909613+0800 | 192.168.122.201 | 49170 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:06:56.816200+0800 | 192.168.122.201 | 49168 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:02.687870+0800 | 192.168.122.201 | 49177 | 203.208.43.77 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:02.762927+0800 | 192.168.122.201 | 49178 | 96.16.172.183 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Redwood Shores, O=Oracle Corporation, OU=Content Management Services IT, CN=odc-prod-01.oracle.com | f7:6c:01:ec:e1:fd:51:14:bd:d6:5b:9a:01:8c:81:21:c0:63:6a:86 |
2020-01-18 23:07:04.142777+0800 | 192.168.122.201 | 49175 | 102.132.108.14 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com | 29:4e:b0:b4:8b:3f:3c:0c:5e:e0:23:6b:31:00:67:08:11:fe:74:5e |
2020-01-18 23:06:57.457258+0800 | 192.168.122.201 | 49169 | 23.111.8.154 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | OU=Domain Control Validated, CN=oss.maxcdn.com | 48:7a:2f:47:93:3b:01:53:34:44:71:73:6b:2b:b5:80:ba:1c:78:f8 |
2020-01-18 23:06:59.849128+0800 | 192.168.122.201 | 49171 | 23.111.8.154 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | OU=Domain Control Validated, CN=oss.maxcdn.com | 48:7a:2f:47:93:3b:01:53:34:44:71:73:6b:2b:b5:80:ba:1c:78:f8 |
2020-01-18 23:07:07.186544+0800 | 192.168.122.201 | 49180 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:08.151271+0800 | 192.168.122.201 | 49182 | 203.208.43.77 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:08.142168+0800 | 192.168.122.201 | 49183 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:09.153164+0800 | 192.168.122.201 | 49184 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:12.375462+0800 | 192.168.122.201 | 49187 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:13.972188+0800 | 192.168.122.201 | 49188 | 203.208.43.77 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:13.969850+0800 | 192.168.122.201 | 49189 | 203.208.50.90 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 74:e6:9f:fe:24:6a:65:3f:7b:dd:ec:d2:28:bd:e6:9b:f1:08:68:5f |
2020-01-18 23:07:24.168540+0800 | 192.168.122.201 | 49192 | 104.25.217.36 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2 | OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl373500.cloudflaressl.com | f9:9d:2b:d5:fc:b9:f2:8b:db:a4:e0:c9:03:bb:c1:ec:35:d0:3c:eb |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 488356 |
---|---|
Mongo ID | 5e231f9c2f8f2e4bf5636f57 |
Cuckoo release | 1.4-Maldun |