分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-2 2020-07-03 22:49:18 2020-07-03 22:51:41 143 秒

魔盾分数

0.375

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://www.52fzwg.com/

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.52fzwg.com A 23.224.167.248
cbjs.baidu.com CNAME ecomcbjs.jomodns.com
A 180.163.198.49
static.52fzwg.com
cpro.baidustatic.com CNAME cpro.baidustatic.com.a.bdydns.com
A 180.97.154.35
CNAME opencdnbdwm.jomodns.com
img.52fzwg.com A 61.160.236.19
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
pos.baidu.com A 180.101.49.206
CNAME cb.e.shifen.com
dup.baidustatic.com
eclick.baidu.com A 220.181.107.131
CNAME eclick.e.shifen.com

摘要

登录查看详细行为信息

WHOIS 信息

Name: WhoisGuard Protected
Country: PA
State: Panama
City: Panama
ZIP Code: None
Address: P.O. Box 0823-03411

Orginization: WhoisGuard, Inc.
Domain Name(s):
    52FZWG.COM
    52fzwg.com
Creation Date:
    2018-06-12 14:55:14
    2018-06-12 14:55:14
Updated Date:
    2020-05-01 10:03:33
    2019-06-26 04:18:55
Expiration Date:
    2021-06-12 14:55:14
    2021-06-12 14:55:14
Email(s):
    abuse@namecheap.com
    074fbaec9bee4f6599f0f578fb459c0b.protect@whoisguard.com

Registrar(s):
    NAMECHEAP INC
Name Server(s):
    V1S1.XUNDNS.COM
    V1S2.XUNDNS.COM
    v1s1.xundns.com
    v1s2.xundns.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2636, 上一级进程 PID: 2316

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49177 106.120.159.126 hm.baidu.com 443
192.168.122.202 49179 180.101.49.206 pos.baidu.com 443
192.168.122.202 49163 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49180 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49181 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49165 180.97.154.35 cpro.baidustatic.com 443
192.168.122.202 49182 220.181.107.131 eclick.baidu.com 443
192.168.122.202 49160 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49161 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49162 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49164 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49166 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49167 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49168 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49169 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49176 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49170 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49171 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49172 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49173 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49174 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49175 61.160.236.19 img.52fzwg.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50663 192.168.122.1 53
192.168.122.202 53154 192.168.122.1 53
192.168.122.202 54949 192.168.122.1 53
192.168.122.202 55264 192.168.122.1 53
192.168.122.202 55957 192.168.122.1 53
192.168.122.202 60873 192.168.122.1 53
192.168.122.202 61249 192.168.122.1 53
192.168.122.202 61636 192.168.122.1 53
192.168.122.202 62154 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.52fzwg.com A 23.224.167.248
cbjs.baidu.com CNAME ecomcbjs.jomodns.com
A 180.163.198.49
static.52fzwg.com
cpro.baidustatic.com CNAME cpro.baidustatic.com.a.bdydns.com
A 180.97.154.35
CNAME opencdnbdwm.jomodns.com
img.52fzwg.com A 61.160.236.19
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
pos.baidu.com A 180.101.49.206
CNAME cb.e.shifen.com
dup.baidustatic.com
eclick.baidu.com A 220.181.107.131
CNAME eclick.e.shifen.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49177 106.120.159.126 hm.baidu.com 443
192.168.122.202 49179 180.101.49.206 pos.baidu.com 443
192.168.122.202 49163 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49180 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49181 180.163.198.49 cbjs.baidu.com 443
192.168.122.202 49165 180.97.154.35 cpro.baidustatic.com 443
192.168.122.202 49182 220.181.107.131 eclick.baidu.com 443
192.168.122.202 49160 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49161 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49162 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49164 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49166 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49167 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49168 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49169 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49176 23.224.167.248 www.52fzwg.com 443
192.168.122.202 49170 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49171 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49172 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49173 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49174 61.160.236.19 img.52fzwg.com 443
192.168.122.202 49175 61.160.236.19 img.52fzwg.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50663 192.168.122.1 53
192.168.122.202 53154 192.168.122.1 53
192.168.122.202 54949 192.168.122.1 53
192.168.122.202 55264 192.168.122.1 53
192.168.122.202 55957 192.168.122.1 53
192.168.122.202 60873 192.168.122.1 53
192.168.122.202 61249 192.168.122.1 53
192.168.122.202 61636 192.168.122.1 53
192.168.122.202 62154 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-07-03 22:49:57.136728+0800 192.168.122.202 49160 23.224.167.248 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=www.52fzwg.com cc:5a:29:30:1a:13:ed:61:b0:2f:6a:d9:96:41:6b:08:33:3b:d4:fe
2020-07-03 22:49:58.504680+0800 192.168.122.202 49165 180.97.154.35 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:49:58.743809+0800 192.168.122.202 49167 23.224.167.248 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=static.52fzwg.com 61:87:fa:b9:b1:04:be:38:78:44:d4:4f:40:4b:9e:b0:6d:d9:8c:18
2020-07-03 22:49:58.752680+0800 192.168.122.202 49166 23.224.167.248 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=static.52fzwg.com 61:87:fa:b9:b1:04:be:38:78:44:d4:4f:40:4b:9e:b0:6d:d9:8c:18
2020-07-03 22:49:58.430194+0800 192.168.122.202 49163 180.163.198.49 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:49:58.755461+0800 192.168.122.202 49164 23.224.167.248 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=static.52fzwg.com 61:87:fa:b9:b1:04:be:38:78:44:d4:4f:40:4b:9e:b0:6d:d9:8c:18
2020-07-03 22:49:58.787172+0800 192.168.122.202 49168 23.224.167.248 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=static.52fzwg.com 61:87:fa:b9:b1:04:be:38:78:44:d4:4f:40:4b:9e:b0:6d:d9:8c:18
2020-07-03 22:50:00.426228+0800 192.168.122.202 49171 61.160.236.19 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=img.52fzwg.com 12:84:7e:bd:01:3c:b4:67:c5:63:ea:bb:23:46:ab:f6:ff:ad:8a:55
2020-07-03 22:50:00.428972+0800 192.168.122.202 49170 61.160.236.19 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=img.52fzwg.com 12:84:7e:bd:01:3c:b4:67:c5:63:ea:bb:23:46:ab:f6:ff:ad:8a:55
2020-07-03 22:50:00.432510+0800 192.168.122.202 49172 61.160.236.19 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=img.52fzwg.com 12:84:7e:bd:01:3c:b4:67:c5:63:ea:bb:23:46:ab:f6:ff:ad:8a:55
2020-07-03 22:50:04.175450+0800 192.168.122.202 49177 106.120.159.126 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:50:07.578574+0800 192.168.122.202 49179 180.101.49.206 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:50:07.914849+0800 192.168.122.202 49180 180.163.198.49 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:50:07.918540+0800 192.168.122.202 49181 180.163.198.49 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-07-03 22:50:10.813407+0800 192.168.122.202 49182 220.181.107.131 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 28.328 seconds )

  • 15.564 Suricata
  • 7.21 NetworkAnalysis
  • 5.419 Static
  • 0.123 AnalysisInfo
  • 0.007 BehaviorAnalysis
  • 0.005 Memory

Signatures ( 0.163 seconds )

  • 0.044 md_domain_bl
  • 0.016 antiav_detectreg
  • 0.014 md_url_bl
  • 0.008 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.006 ransomware_files
  • 0.005 infostealer_im
  • 0.005 ransomware_extensions
  • 0.004 infostealer_bitcoin
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.688 seconds )

  • 0.688 ReportHTMLSummary
Task ID 557506
Mongo ID 5eff46232f8f2e13a5e22795
Cuckoo release 1.4-Maldun