分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp03-1 | 2020-11-27 11:27:31 | 2020-11-27 11:29:36 | 125 秒 |
URL |
---|
URL专业沙箱检测 -> https://park.zunmi.cn/?acct=660&site=allelectronics.com.br |
无主机纪录.
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): zunmi.cn Creation Date: None Updated Date: None Expiration Date: None Email(s): wang@quanfeng.net Registrar(s): 烟台帝思普网络科技有限公司 Name Server(s): garret.ns.cloudflare.com cloe.ns.cloudflare.com Referral URL(s): None
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49161 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49162 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49163 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49166 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49168 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49169 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49159 | 172.64.162.12 park.zunmi.cn | 443 |
192.168.122.201 | 49165 | 172.64.162.12 park.zunmi.cn | 443 |
192.168.122.201 | 49164 | 23.63.75.186 acroipm.adobe.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49153 | 192.168.122.1 | 53 |
192.168.122.201 | 55649 | 192.168.122.1 | 53 |
192.168.122.201 | 57563 | 192.168.122.1 | 53 |
192.168.122.201 | 65366 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49161 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49162 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49163 | 104.24.115.169 cdn.dragonstatic.com | 443 |
192.168.122.201 | 49166 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49168 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49169 | 144.202.124.141 track.dragonparking.com | 443 |
192.168.122.201 | 49159 | 172.64.162.12 park.zunmi.cn | 443 |
192.168.122.201 | 49165 | 172.64.162.12 park.zunmi.cn | 443 |
192.168.122.201 | 49164 | 23.63.75.186 acroipm.adobe.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49153 | 192.168.122.1 | 53 |
192.168.122.201 | 55649 | 192.168.122.1 | 53 |
192.168.122.201 | 57563 | 192.168.122.1 | 53 |
192.168.122.201 | 65366 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-11-27 11:27:52.689217+0800 | 192.168.122.201 | 49161 | 104.24.115.169 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d |
2020-11-27 11:27:52.127865+0800 | 192.168.122.201 | 49160 | 104.24.115.169 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d |
2020-11-27 11:27:50.363521+0800 | 192.168.122.201 | 49159 | 172.64.162.12 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 07:a0:7d:0d:2b:fb:bd:7f:45:0f:2b:fc:9f:62:a9:01:41:45:ed:e4 |
2020-11-27 11:27:52.244597+0800 | 192.168.122.201 | 49162 | 104.24.115.169 | 443 | TLS 1.2 | C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 13:e8:f7:88:a4:a9:74:57:a4:ea:43:5f:32:34:da:f6:f1:4a:45:8d |
2020-11-27 11:27:58.302886+0800 | 192.168.122.201 | 49166 | 144.202.124.141 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=track.dragonparking.com | f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad |
2020-11-27 11:28:06.377305+0800 | 192.168.122.201 | 49168 | 144.202.124.141 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=track.dragonparking.com | f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad |
2020-11-27 11:28:11.780443+0800 | 192.168.122.201 | 49169 | 144.202.124.141 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=track.dragonparking.com | f7:10:e7:e5:64:78:e7:b8:91:a1:80:e0:8a:12:f4:49:2a:c9:cb:ad |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 591915 |
---|---|
Mongo ID | 5fc072baa093ef0ecdb91c6f |
Cuckoo release | 1.4-Maldun |