分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2020-02-19 02:35:09 | 2020-02-19 02:37:27 | 138 秒 |
URL |
---|
URL专业沙箱检测 -> http://lzhangren.xyz/ |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
lzhangren.xyz | 未知 |
CNAME leyi-ydy.mek2.cn A 156.239.158.142 |
web.aituv.com | 未知 | A 47.104.134.245 |
lib.baomitu.com |
A 117.91.191.254 A 61.147.108.254 CNAME webcdn.360qhcdn.com CNAME lib.baomitu.com.qh-cdn.com A 180.97.249.117 A 58.222.38.25 A 58.222.38.24 A 180.97.249.126 |
|
img.alicdn.com |
A 101.226.27.253 A 101.226.27.254 A 101.226.26.253 CNAME img.alicdn.com.danuoyi.alicdn.com A 101.226.26.254 |
Name: None Country: CN State: He Nan City: None ZIP Code: None Address: None Orginization: Jin Xue Bin Domain Name(s): LZHANGREN.XYZ Creation Date: 2020-01-17 04:03:50 Updated Date: 2020-02-18 10:51:00 Expiration Date: 2021-01-17 23:59:59 Email(s): domainabuse@service.aliyun.com Registrar(s): Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) Name Server(s): DNS17.HICHINA.COM DNS18.HICHINA.COM Referral URL(s): None
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49166 | 101.226.26.253 img.alicdn.com | 443 |
192.168.122.201 | 49160 | 156.239.158.142 lzhangren.xyz | 80 |
192.168.122.201 | 49161 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49162 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49163 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49164 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49165 | 61.147.108.254 lib.baomitu.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
lzhangren.xyz | 未知 |
CNAME leyi-ydy.mek2.cn A 156.239.158.142 |
web.aituv.com | 未知 | A 47.104.134.245 |
lib.baomitu.com |
A 117.91.191.254 A 61.147.108.254 CNAME webcdn.360qhcdn.com CNAME lib.baomitu.com.qh-cdn.com A 180.97.249.117 A 58.222.38.25 A 58.222.38.24 A 180.97.249.126 |
|
img.alicdn.com |
A 101.226.27.253 A 101.226.27.254 A 101.226.26.253 CNAME img.alicdn.com.danuoyi.alicdn.com A 101.226.26.254 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49166 | 101.226.26.253 img.alicdn.com | 443 |
192.168.122.201 | 49160 | 156.239.158.142 lzhangren.xyz | 80 |
192.168.122.201 | 49161 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49162 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49163 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49164 | 47.104.134.245 web.aituv.com | 80 |
192.168.122.201 | 49165 | 61.147.108.254 lib.baomitu.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://lzhangren.xyz/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: lzhangren.xyz Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/web.php?id=oaEQnvRn | GET /web.php?id=oaEQnvRn HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://lzhangren.xyz/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/js/main.js | GET /i/skin/mb07/js/main.js HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/main.css | GET /i/skin/mb07/css/main.css HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/leyi.js | GET /i/skin/leyi.js HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/font-awesome-4.7.0/css/font-awesome.min.css | GET /i/skin/mb07/css/font-awesome-4.7.0/css/font-awesome.min.css HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://lib.baomitu.com/jquery/3.3.1/jquery.js | GET /jquery/3.3.1/jquery.js HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: lib.baomitu.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/js/leyi.js | GET /i/skin/mb07/js/leyi.js HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot? | GET /i/skin/mb07/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot? HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/animate.css | GET /i/skin/mb07/css/animate.css HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/d/file/20190927/b0d5fabb4a52c44a153a0ed9a22a7ff6.png | GET /i/d/file/20190927/b0d5fabb4a52c44a153a0ed9a22a7ff6.png HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/fonts/pattern.svg | GET /i/skin/mb07/fonts/pattern.svg HTTP/1.1 Accept: */* Referer: http://web.aituv.com/web.php?id=oaEQnvRn Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: web.aituv.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://lzhangren.xyz/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: lzhangren.xyz Connection: Keep-Alive Cookie: security_session_verify=5f4e1bc4fe8ef1672f3742f4e4928d2d |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-02-19 02:35:44.349155+0800 | 192.168.122.201 | 49166 | 101.226.26.253 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | f4:c4:ba:50:9d:b8:94:4d:d4:03:9b:4f:8f:06:20:c1:fe:56:bb:d6 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 513036 |
---|---|
Mongo ID | 5e4c2f152f8f2e0df66c8b99 |
Cuckoo release | 1.4-Maldun |