分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp03-1 2020-11-27 11:27:31 2020-11-27 11:29:36 125 秒

魔盾分数

0.0

正常的

URL详细信息


登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
park.zunmi.cn A 172.64.162.12
A 172.64.163.12
cdn.dragonstatic.com A 104.24.115.169
A 104.24.114.169
A 172.67.185.33
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.186
A 23.63.75.168
track.dragonparking.com A 144.202.124.141

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    zunmi.cn
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    wang@quanfeng.net

Registrar(s):
    烟台帝思普网络科技有限公司
Name Server(s):
    garret.ns.cloudflare.com
    cloe.ns.cloudflare.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2444, 上一级进程 PID: 2136

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49161 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49162 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49163 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49166 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49168 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49169 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49159 172.64.162.12 park.zunmi.cn 443
192.168.122.201 49165 172.64.162.12 park.zunmi.cn 443
192.168.122.201 49164 23.63.75.186 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49153 192.168.122.1 53
192.168.122.201 55649 192.168.122.1 53
192.168.122.201 57563 192.168.122.1 53
192.168.122.201 65366 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
park.zunmi.cn A 172.64.162.12
A 172.64.163.12
cdn.dragonstatic.com A 104.24.115.169
A 104.24.114.169
A 172.67.185.33
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.63.75.186
A 23.63.75.168
track.dragonparking.com A 144.202.124.141

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49161 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49162 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49163 104.24.115.169 cdn.dragonstatic.com 443
192.168.122.201 49166 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49168 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49169 144.202.124.141 track.dragonparking.com 443
192.168.122.201 49159 172.64.162.12 park.zunmi.cn 443
192.168.122.201 49165 172.64.162.12 park.zunmi.cn 443
192.168.122.201 49164 23.63.75.186 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49153 192.168.122.1 53
192.168.122.201 55649 192.168.122.1 53
192.168.122.201 57563 192.168.122.1 53
192.168.122.201 65366 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-11-27 11:27:52.689217+0800 192.168.122.201 49161 104.24.115.169 443 TLS 1.2 C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d
2020-11-27 11:27:52.127865+0800 192.168.122.201 49160 104.24.115.169 443 TLS 1.2 C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d
2020-11-27 11:27:50.363521+0800 192.168.122.201 49159 172.64.162.12 443 TLS 1.2 C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 07:a0:7d:0d:2b:fb:bd:7f:45:0f:2b:fc:9f:62:a9:01:41:45:ed:e4
2020-11-27 11:27:52.244597+0800 192.168.122.201 49162 104.24.115.169 443 TLS 1.2 C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d
2020-11-27 11:27:58.302886+0800 192.168.122.201 49166 144.202.124.141 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=track.dragonparking.com f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad
2020-11-27 11:28:06.377305+0800 192.168.122.201 49168 144.202.124.141 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=track.dragonparking.com f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad
2020-11-27 11:28:11.780443+0800 192.168.122.201 49169 144.202.124.141 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=track.dragonparking.com f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 12.629 seconds )

  • 9.827 Suricata
  • 2.601 NetworkAnalysis
  • 0.134 Static
  • 0.052 AnalysisInfo
  • 0.008 BehaviorAnalysis
  • 0.007 Memory

Signatures ( 1.735 seconds )

  • 1.558 md_url_bl
  • 0.036 md_domain_bl
  • 0.019 antiav_detectreg
  • 0.013 anomaly_persistence_autorun
  • 0.01 ransomware_extensions
  • 0.009 ransomware_files
  • 0.008 antiav_detectfile
  • 0.008 network_torgateway
  • 0.006 infostealer_ftp
  • 0.005 geodo_banking_trojan
  • 0.004 tinba_behavior
  • 0.004 antianalysis_detectreg
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.003 rat_nanocore
  • 0.003 cerber_behavior
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 betabot_behavior
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.001 network_tor
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.749 seconds )

  • 0.749 ReportHTMLSummary
Task ID 591915
Mongo ID 5fc072baa093ef0ecdb91c6f
Cuckoo release 1.4-Maldun