分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2020-09-25 20:42:01 | 2020-09-25 20:44:07 | 126 秒 |
文件名 | 生死狙击爱尚辅助V15.5.exe |
---|---|
文件大小 | 8671232 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 08aa277b506b594bf4212933cbc56a7b |
SHA1 | f18d1ecd31314366a2c59c34d1ed83c839549419 |
SHA256 | 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57 |
SHA512 | 17e3d360a8b2e331961f95759ec34c457b7b13f776324c42cabadf20ef02b04209495a4f8cdbc1321f97acbef40b400d9f77dd3ed2b457657ce90d0c5831673e |
CRC32 | F154A0DF |
Ssdeep | 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x005333e0 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0084506f |
最低操作系统版本要求 | 4.0 |
编译时间 | 2020-08-15 04:57:02 |
载入哈希 | d945ea8d2611442d51698c47482aa4ad |
图标 | |
图标精确哈希值 | fed729cfe3036ad379f30dc442a25b53 |
图标相似性哈希值 | 69ac855da432bbf7912116a65bdec02a |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UnPackEr | 0x00001000 | 0x0015a000 | 0x0015a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.40 |
By | 0x0015b000 | 0x0068a000 | 0x0068a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.56 |
LoveBoom | 0x007e5000 | 0x00058000 | 0x00058000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.68 |
0x0083d000 | 0x00006000 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.57 | |
0x00843000 | 0x00002000 | 0x00002000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.28 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x0083dc18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x0083dc18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x0083dc18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x0083e108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x0083e108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x0083e108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x0083e108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x0083f97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x008447d4 | 0x00000130 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.93 | data |
RT_ICON | 0x008447d4 | 0x00000130 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.93 | data |
RT_ICON | 0x008447d4 | 0x00000130 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.93 | data |
RT_MENU | 0x0084000c | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x0084000c | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00841254 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00841c9c | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x00841ce8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00841ce8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00841ce8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x00844798 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00844798 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00844798 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x00844504 | 0x00000294 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_MANIFEST | 0x00844334 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49173 | 101.227.102.169 fs.img4399.com | 80 |
192.168.122.201 | 49161 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49175 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49180 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49186 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49195 | 106.11.251.20 cnzz.mmstat.com | 443 |
192.168.122.201 | 49196 | 106.11.251.20 cnzz.mmstat.com | 443 |
192.168.122.201 | 49192 | 106.11.84.7 z5.cnzz.com | 443 |
192.168.122.201 | 49194 | 106.11.84.7 z5.cnzz.com | 443 |
192.168.122.201 | 49182 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49183 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49184 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49185 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49197 | 122.224.186.209 tj.img4399.com | 443 |
192.168.122.201 | 49162 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49163 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49187 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49164 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49168 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49176 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49165 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49166 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49167 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49169 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49170 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49171 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49172 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49189 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49191 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49193 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49160 | 23.198.99.176 acroipm.adobe.com | 80 |
192.168.122.201 | 49188 | 42.62.52.249 gprp.4399api.net | 80 |
192.168.122.201 | 49181 | 49.232.78.158 mygame.5054399.com | 80 |
192.168.122.201 | 49190 | 58.215.157.250 s19.cnzz.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 54135 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60220 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 60919 | 192.168.122.1 | 53 |
192.168.122.201 | 61329 | 192.168.122.1 | 53 |
192.168.122.201 | 64363 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
192.168.122.201 | 65259 | 192.168.122.1 | 53 |
192.168.122.201 | 65529 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49173 | 101.227.102.169 fs.img4399.com | 80 |
192.168.122.201 | 49161 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49175 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49180 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49186 | 101.227.98.71 my.4399.com | 80 |
192.168.122.201 | 49195 | 106.11.251.20 cnzz.mmstat.com | 443 |
192.168.122.201 | 49196 | 106.11.251.20 cnzz.mmstat.com | 443 |
192.168.122.201 | 49192 | 106.11.84.7 z5.cnzz.com | 443 |
192.168.122.201 | 49194 | 106.11.84.7 z5.cnzz.com | 443 |
192.168.122.201 | 49182 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49183 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49184 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49185 | 106.120.159.126 hm.baidu.com | 443 |
192.168.122.201 | 49197 | 122.224.186.209 tj.img4399.com | 443 |
192.168.122.201 | 49162 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49163 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49187 | 154.221.16.135 asdata.ui10.net | 80 |
192.168.122.201 | 49164 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49168 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49176 | 183.131.168.6 ptlogin.3304399.net | 80 |
192.168.122.201 | 49165 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49166 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49167 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49169 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49170 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49171 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49172 | 218.1.70.80 my.4399.com | 80 |
192.168.122.201 | 49189 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49191 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49193 | 218.94.207.228 s19.cnzz.com | 443 |
192.168.122.201 | 49160 | 23.198.99.176 acroipm.adobe.com | 80 |
192.168.122.201 | 49188 | 42.62.52.249 gprp.4399api.net | 80 |
192.168.122.201 | 49181 | 49.232.78.158 mygame.5054399.com | 80 |
192.168.122.201 | 49190 | 58.215.157.250 s19.cnzz.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 54135 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60220 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 60919 | 192.168.122.1 | 53 |
192.168.122.201 | 61329 | 192.168.122.1 | 53 |
192.168.122.201 | 64363 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
192.168.122.201 | 65259 | 192.168.122.1 | 53 |
192.168.122.201 | 65529 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://my.4399.com/yxssjj/?from=news&newsrefer= | GET /yxssjj/?from=news&newsrefer= HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: my.4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net/asjjdata/gonggao/zxgg.html | GET /asjjdata/gonggao/zxgg.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: asdata.ui10.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/js/jquery.min.1.7.2.js?eba9b9c | GET /base/js/jquery.min.1.7.2.js?eba9b9c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?eba9b9c | GET /base/css/KS.css?eba9b9c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 | GET /resource/css/base.css?v=2 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ptlogin.3304399.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css | GET /base/css/ptunlogin.css HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/js/init/PageWebTools.js?67a898c | GET /webgame/home/js/init/PageWebTools.js?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c | GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/css/wg_downline.css?67a898c | GET /webgame/home/css/wg_downline.css?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?eba9b9c | GET /base/css/KS.css?eba9b9c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Tue, 20 Nov 2012 02:13:11 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ue_common.css?eba9b9c | GET /base/css/ue_common.css?eba9b9c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 | GET /resource/css/base.css?v=2 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Fri, 19 Jun 2020 13:56:56 GMT If-None-Match: "5eecc428-d624" User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ptlogin.3304399.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css | GET /base/css/ptunlogin.css HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Fri, 26 May 2017 09:09:34 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=67a898c | GET /merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/body_bg.png?67a898c | GET /webgame/ssjj/news/images/body_bg.png?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c | GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Sun, 28 Jun 2020 16:21:26 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/images/global/global_ftop.png | GET /base/images/global/global_ftop.png HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_01.jpg?67a898c | GET /webgame/ssjj/news/images/full_bg_01.jpg?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_02.jpg?67a898c | GET /webgame/ssjj/news/images/full_bg_02.jpg?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_03.jpg?67a898c | GET /webgame/ssjj/news/images/full_bg_03.jpg?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://fs.img4399.com/images~2020/09/25/14_OdjA_DAauO.807x56.jpg | GET /images~2020/09/25/14_OdjA_DAauO.807x56.jpg HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: fs.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/out_face_bg.png?67a898c | GET /webgame/ssjj/news/images/out_face_bg.png?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/css/wg_downline.css?67a898c | GET /webgame/home/css/wg_downline.css?67a898c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Wed, 23 Sep 2020 03:48:49 GMT User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/ucenter.js?v=191225 | GET /resource/ucenter.js?v=191225 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ptlogin.3304399.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/r/tj/heatmap.js | GET /r/tj/heatmap.js HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/tj/tj.js?v170104&eba9b9c | GET /base/tj/tj.js?v170104&eba9b9c HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://mygame.5054399.com/js/stat.js | GET /js/stat.js HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: mygame.5054399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/cs.txt | GET //asjjdata/cs.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gonggao/gglx.txt | GET //asjjdata/gonggao/gglx.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/banben.txt | GET //asjjdata/banben.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/zdbanben.txt | GET //asjjdata/zdbanben.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://4399stat.5054399.com/js/click.js | GET /js/click.js HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 4399stat.5054399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/tj.html?V15.5 | GET //asjjdata/tj.html?V15.5 HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: asdata.ui10.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gxdz.txt | GET //asjjdata/gxdz.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://gprp.4399api.net/s?uid=&vid=15906983391826035&m=&f=&c=&t=1590698339182&v=1 | GET /s?uid=&vid=15906983391826035&m=&f=&c=&t=1590698339182&v=1 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: gprp.4399api.net Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2020-09-25 20:42:30.425616+0800 | 192.168.122.201 | 49187 | 154.221.16.135 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2020-09-25 20:42:30.184330+0800 | 192.168.122.201 | 49163 | 154.221.16.135 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-09-25 20:42:29.353998+0800 | 192.168.122.201 | 49183 | 106.120.159.126 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb |
2020-09-25 20:42:29.354957+0800 | 192.168.122.201 | 49182 | 106.120.159.126 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb |
2020-09-25 20:42:30.441881+0800 | 192.168.122.201 | 49190 | 58.215.157.250 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.581235+0800 | 192.168.122.201 | 49191 | 218.94.207.228 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.608077+0800 | 192.168.122.201 | 49192 | 106.11.84.7 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.680299+0800 | 192.168.122.201 | 49193 | 218.94.207.228 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.691488+0800 | 192.168.122.201 | 49195 | 106.11.251.20 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com | 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1 |
2020-09-25 20:42:30.697384+0800 | 192.168.122.201 | 49194 | 106.11.84.7 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.439127+0800 | 192.168.122.201 | 49189 | 218.94.207.228 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8 |
2020-09-25 20:42:30.763288+0800 | 192.168.122.201 | 49196 | 106.11.251.20 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com | 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1 |
2020-09-25 20:42:31.710218+0800 | 192.168.122.201 | 49197 | 122.224.186.209 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1 | C=CN, ST=福建省, L=厦门市, O=网宿科技股份有限公司厦门分公司, OU=IT, CN=www.chinanetcenter.com | 80:92:4b:c8:03:14:6f:4c:ab:88:7c:c0:9c:a6:0d:68:80:85:20:10 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 577689 |
---|---|
Mongo ID | 5f6de6977e769a53d2c22724 |
Cuckoo release | 1.4-Maldun |