分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-1 | 2020-02-19 05:43:33 | 2020-02-19 05:45:41 | 128 秒 |
URL |
---|
URL专业沙箱检测 -> http://hardyload.com/22783aa0106c0e89f2.js |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
hardyload.com |
A 172.64.194.32 A 172.64.195.32 |
Name: Domain Admin Country: BS State: New Providence City: Nassau ZIP Code: None Address: Ocean Centre, Montagu Foreshore, East Bay Street Orginization: Whois Privacy Corp. Domain Name(s): HARDYLOAD.COM Creation Date: 2020-01-10 14:54:27 Updated Date: 2020-01-10 14:54:27 Expiration Date: 2021-01-10 14:54:27 Email(s): abuse@internet.bs hardyload.com-owner-8ovs@customers.whoisprivacycorp.com hardyload.com-admin-qsjm@customers.whoisprivacycorp.com hardyload.com-tech-jdc4@customers.whoisprivacycorp.com Registrar(s): Internet Domain Service BS Corp. Name Server(s): RAM.NS.CLOUDFLARE.COM ZITA.NS.CLOUDFLARE.COM ram.ns.cloudflare.com zita.ns.cloudflare.com Referral URL(s): None
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 172.64.194.32 hardyload.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
hardyload.com |
A 172.64.194.32 A 172.64.195.32 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 172.64.194.32 hardyload.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://hardyload.com/22783aa0106c0e89f2.js | GET /22783aa0106c0e89f2.js HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: hardyload.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2020-02-19 05:43:57.784206+0800 | 172.64.194.32 | 80 | 192.168.122.201 | 49160 | TCP | 2020605 | ET CURRENT_EVENTS WindowBase64.atob Function In Edwards Packed JavaScript - Possible iFrame Injection Detected | Potentially Bad Traffic |
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 513043 |
---|---|
Mongo ID | 5e4c5b222f8f2e0dfc6c833d |
Cuckoo release | 1.4-Maldun |