分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-07-02 20:04:15 2020-07-02 20:06:28 133 秒

魔盾分数

0.0

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://weixin110.qq.com/
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
weixin110.qq.com A 101.226.49.154
A 101.89.38.155
A 61.151.183.16
CNAME minorshort.weixin.qq.com
res.wx.qq.com A 115.231.229.8
A 111.177.1.109
A 58.49.224.31
A 124.225.105.110
A 183.66.103.187
A 180.153.100.249
CNAME res.wx.qq.com.sched.ssdv6.tdnsv6.com
A 122.228.0.223
A 58.49.157.229
CNAME res.wx.qq.com.v6.tcdn.qq.com
A 114.106.160.70
A 61.184.213.242
A 111.177.1.77
CNAME reswx.tc.qq.com
tajs.qq.com A 14.215.138.25
pingtas.qq.com A 183.3.226.92
tudg.qq.com A 14.17.43.114
support.weixin.qq.com

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: CN
State: Guang Dong
City: None
ZIP Code: None
Address: None

Orginization: Shenzhen Tencent Computer Systems CO.,Ltd
Domain Name(s):
    QQ.COM
    qq.com
Creation Date:
    1995-05-04 04:00:00
    1995-05-03 21:00:00-0700
Updated Date:
    2020-03-04 03:29:29
    2020-03-03 19:13:59-0800
Expiration Date:
    2027-07-27 02:09:19
    2027-07-26 19:09:19-0700
Email(s):
    abusecomplaints@markmonitor.com
    whoisrequest@markmonitor.com

Registrar(s):
    MarkMonitor, Inc.
Name Server(s):
    NS1.QQ.COM
    NS2.QQ.COM
    NS3.QQ.COM
    NS4.QQ.COM
    ns3.qq.com
    ns4.qq.com
    ns1.qq.com
    ns2.qq.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

iexplore.exe, PID: 2660, 上一级进程 PID: 2332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 101.226.49.154 weixin110.qq.com 443
192.168.122.201 49451 101.89.38.155 weixin110.qq.com 443
192.168.122.201 49443 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49444 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49445 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49446 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49447 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49448 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49450 14.17.43.114 tudg.qq.com 443
192.168.122.201 49441 14.215.138.25 tajs.qq.com 443
192.168.122.201 49442 14.215.138.25 tajs.qq.com 443
192.168.122.201 49449 183.3.226.92 pingtas.qq.com 443
192.168.122.201 49440 192.168.122.1 53

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
weixin110.qq.com A 101.226.49.154
A 101.89.38.155
A 61.151.183.16
CNAME minorshort.weixin.qq.com
res.wx.qq.com A 115.231.229.8
A 111.177.1.109
A 58.49.224.31
A 124.225.105.110
A 183.66.103.187
A 180.153.100.249
CNAME res.wx.qq.com.sched.ssdv6.tdnsv6.com
A 122.228.0.223
A 58.49.157.229
CNAME res.wx.qq.com.v6.tcdn.qq.com
A 114.106.160.70
A 61.184.213.242
A 111.177.1.77
CNAME reswx.tc.qq.com
tajs.qq.com A 14.215.138.25
pingtas.qq.com A 183.3.226.92
tudg.qq.com A 14.17.43.114
support.weixin.qq.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 101.226.49.154 weixin110.qq.com 443
192.168.122.201 49451 101.89.38.155 weixin110.qq.com 443
192.168.122.201 49443 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49444 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49445 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49446 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49447 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49448 114.106.160.70 res.wx.qq.com 443
192.168.122.201 49450 14.17.43.114 tudg.qq.com 443
192.168.122.201 49441 14.215.138.25 tajs.qq.com 443
192.168.122.201 49442 14.215.138.25 tajs.qq.com 443
192.168.122.201 49449 183.3.226.92 pingtas.qq.com 443
192.168.122.201 49440 192.168.122.1 53

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-07-02 20:04:44.886222+0800 192.168.122.201 49442 14.215.138.25 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=pingfore.qq.com bb:5d:15:8d:96:fc:77:01:90:f0:de:f8:7d:9d:fb:60:82:56:85:11
2020-07-02 20:04:44.874748+0800 192.168.122.201 49441 14.215.138.25 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=pingfore.qq.com bb:5d:15:8d:96:fc:77:01:90:f0:de:f8:7d:9d:fb:60:82:56:85:11
2020-07-02 20:04:44.913301+0800 192.168.122.201 49447 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:44.908728+0800 192.168.122.201 49446 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:43.692069+0800 192.168.122.201 49160 101.226.49.154 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=comm.weixin.qq.com 48:dc:5d:b2:6b:bc:ec:da:f4:b5:88:7a:a9:9e:d0:1a:28:f9:95:33
2020-07-02 20:04:44.899505+0800 192.168.122.201 49445 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:44.952337+0800 192.168.122.201 49444 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:44.942804+0800 192.168.122.201 49443 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:45.154951+0800 192.168.122.201 49448 114.106.160.70 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=res.wx.qq.com c5:df:60:d7:0b:e9:94:06:22:9e:88:ec:70:b8:d3:65:ad:9f:64:54
2020-07-02 20:04:50.359483+0800 192.168.122.201 49449 183.3.226.92 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=pingfore.qq.com bb:5d:15:8d:96:fc:77:01:90:f0:de:f8:7d:9d:fb:60:82:56:85:11
2020-07-02 20:04:51.468531+0800 192.168.122.201 49451 101.89.38.155 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=comm.weixin.qq.com 48:dc:5d:b2:6b:bc:ec:da:f4:b5:88:7a:a9:9e:d0:1a:28:f9:95:33
2020-07-02 20:04:50.641794+0800 192.168.122.201 49450 14.17.43.114 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, OU=R&D, CN=tudg.qq.com fb:6a:00:d6:45:ff:39:44:cf:00:20:f8:64:21:87:28:aa:82:07:62

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.512 seconds )

  • 15.501 Suricata
  • 7.264 NetworkAnalysis
  • 4.651 Static
  • 0.084 AnalysisInfo
  • 0.007 BehaviorAnalysis
  • 0.005 Memory

Signatures ( 0.154 seconds )

  • 0.031 md_domain_bl
  • 0.017 antiav_detectreg
  • 0.014 md_url_bl
  • 0.009 anomaly_persistence_autorun
  • 0.007 antiav_detectfile
  • 0.007 infostealer_ftp
  • 0.006 ransomware_files
  • 0.005 ransomware_extensions
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 md_bad_drop
  • 0.002 cerber_behavior
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.001 network_tor
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.877 seconds )

  • 0.877 ReportHTMLSummary
Task ID 557108
Mongo ID 5efdcde82f8f2e0b56a3e9d6
Cuckoo release 1.4-Maldun