分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-02-19 02:35:09 2020-02-19 02:37:27 138 秒

魔盾分数

0.0

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://lzhangren.xyz/

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
lzhangren.xyz 未知 CNAME leyi-ydy.mek2.cn
A 156.239.158.142
web.aituv.com 未知 A 47.104.134.245
lib.baomitu.com A 117.91.191.254
A 61.147.108.254
CNAME webcdn.360qhcdn.com
CNAME lib.baomitu.com.qh-cdn.com
A 180.97.249.117
A 58.222.38.25
A 58.222.38.24
A 180.97.249.126
img.alicdn.com A 101.226.27.253
A 101.226.27.254
A 101.226.26.253
CNAME img.alicdn.com.danuoyi.alicdn.com
A 101.226.26.254

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: CN
State: He Nan
City: None
ZIP Code: None
Address: None

Orginization: Jin Xue Bin
Domain Name(s):
    LZHANGREN.XYZ
Creation Date:
    2020-01-17 04:03:50
Updated Date:
    2020-02-18 10:51:00
Expiration Date:
    2021-01-17 23:59:59
Email(s):
    domainabuse@service.aliyun.com

Registrar(s):
    Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn)
Name Server(s):
    DNS17.HICHINA.COM
    DNS18.HICHINA.COM
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2624, 上一级进程 PID: 2332

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49166 101.226.26.253 img.alicdn.com 443
192.168.122.201 49160 156.239.158.142 lzhangren.xyz 80
192.168.122.201 49161 47.104.134.245 web.aituv.com 80
192.168.122.201 49162 47.104.134.245 web.aituv.com 80
192.168.122.201 49163 47.104.134.245 web.aituv.com 80
192.168.122.201 49164 47.104.134.245 web.aituv.com 80
192.168.122.201 49165 61.147.108.254 lib.baomitu.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
lzhangren.xyz 未知 CNAME leyi-ydy.mek2.cn
A 156.239.158.142
web.aituv.com 未知 A 47.104.134.245
lib.baomitu.com A 117.91.191.254
A 61.147.108.254
CNAME webcdn.360qhcdn.com
CNAME lib.baomitu.com.qh-cdn.com
A 180.97.249.117
A 58.222.38.25
A 58.222.38.24
A 180.97.249.126
img.alicdn.com A 101.226.27.253
A 101.226.27.254
A 101.226.26.253
CNAME img.alicdn.com.danuoyi.alicdn.com
A 101.226.26.254

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49166 101.226.26.253 img.alicdn.com 443
192.168.122.201 49160 156.239.158.142 lzhangren.xyz 80
192.168.122.201 49161 47.104.134.245 web.aituv.com 80
192.168.122.201 49162 47.104.134.245 web.aituv.com 80
192.168.122.201 49163 47.104.134.245 web.aituv.com 80
192.168.122.201 49164 47.104.134.245 web.aituv.com 80
192.168.122.201 49165 61.147.108.254 lib.baomitu.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://lzhangren.xyz/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: lzhangren.xyz
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/web.php?id=oaEQnvRn
GET /web.php?id=oaEQnvRn HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://lzhangren.xyz/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/js/main.js
GET /i/skin/mb07/js/main.js HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/main.css
GET /i/skin/mb07/css/main.css HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/leyi.js
GET /i/skin/leyi.js HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/font-awesome-4.7.0/css/font-awesome.min.css
GET /i/skin/mb07/css/font-awesome-4.7.0/css/font-awesome.min.css HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://lib.baomitu.com/jquery/3.3.1/jquery.js
GET /jquery/3.3.1/jquery.js HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: lib.baomitu.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/js/leyi.js
GET /i/skin/mb07/js/leyi.js HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot?
GET /i/skin/mb07/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/css/animate.css
GET /i/skin/mb07/css/animate.css HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/d/file/20190927/b0d5fabb4a52c44a153a0ed9a22a7ff6.png
GET /i/d/file/20190927/b0d5fabb4a52c44a153a0ed9a22a7ff6.png HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://web.aituv.com/i/skin/mb07/fonts/pattern.svg
GET /i/skin/mb07/fonts/pattern.svg HTTP/1.1
Accept: */*
Referer: http://web.aituv.com/web.php?id=oaEQnvRn
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: web.aituv.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://lzhangren.xyz/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: lzhangren.xyz
Connection: Keep-Alive
Cookie: security_session_verify=5f4e1bc4fe8ef1672f3742f4e4928d2d

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-02-19 02:35:44.349155+0800 192.168.122.201 49166 101.226.26.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com f4:c4:ba:50:9d:b8:94:4d:d4:03:9b:4f:8f:06:20:c1:fe:56:bb:d6

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 31.684 seconds )

  • 18.38 Suricata
  • 11.378 NetworkAnalysis
  • 1.775 Static
  • 0.126 AnalysisInfo
  • 0.018 Memory
  • 0.007 BehaviorAnalysis

Signatures ( 2.46 seconds )

  • 2.289 md_url_bl
  • 0.031 md_domain_bl
  • 0.021 ransomware_extensions
  • 0.019 antiav_detectreg
  • 0.012 anomaly_persistence_autorun
  • 0.008 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.006 geodo_banking_trojan
  • 0.006 ransomware_files
  • 0.005 infostealer_bitcoin
  • 0.005 infostealer_im
  • 0.004 tinba_behavior
  • 0.004 antianalysis_detectreg
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 network_torgateway
  • 0.002 betabot_behavior
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.91 seconds )

  • 0.91 ReportHTMLSummary
Task ID 513036
Mongo ID 5e4c2f152f8f2e0df66c8b99
Cuckoo release 1.4-Maldun