分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp03-1 2021-06-18 22:12:00 2021-06-18 22:14:04 124 秒

魔盾分数

0.35

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://wwa.lanzoui.com/iBahgqdgkqb

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
wwa.lanzoui.com CNAME all.lanzoui.com.w.kunlungr.com
A 114.80.187.102
s95.cnzz.com
v1.cnzz.com CNAME all.cnzz.com.danuoyi.tbcache.com
A 222.188.8.250
CNAME c.cnzz.com
statics.woozooo.com A 183.6.231.204
CNAME statics.woozooo.com.w.cdngslb.com
z4.cnzz.com CNAME z.cnzz.com
CNAME z.gds.cnzz.com
A 203.119.216.75
c.cnzz.com
cnzz.mmstat.com A 140.205.33.11
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
hzs2.cnzz.com CNAME z6.cnzz.com
hm.woozooo.com A 120.27.232.100
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 104.75.169.10
A 104.75.169.8

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: CN
State: shan dong
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    LANZOUI.COM
    lanzoui.com
Creation Date:
    2018-03-28 19:25:37
Updated Date:
    2021-02-26 05:11:02
Expiration Date:
    2022-03-28 19:25:37
Email(s):
    DomainAbuse@service.aliyun.com

Registrar(s):
    Alibaba Cloud Computing (Beijing) Co., Ltd.
Name Server(s):
    F1G1NS1.DNSPOD.NET
    F1G1NS2.DNSPOD.NET
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2440, 上一级进程 PID: 2152

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49170 104.75.169.10 acroipm.adobe.com 80
192.168.122.201 49159 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49165 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49169 120.27.232.100 hm.woozooo.com 443
192.168.122.201 49166 140.205.33.11 cnzz.mmstat.com 443
192.168.122.201 49168 140.205.33.11 cnzz.mmstat.com 443
192.168.122.201 49160 183.6.231.204 statics.woozooo.com 443
192.168.122.201 49164 203.119.216.75 z4.cnzz.com 443
192.168.122.201 49167 203.119.216.75 z4.cnzz.com 443
192.168.122.201 49161 222.188.8.250 v1.cnzz.com 443
192.168.122.201 49162 222.188.8.250 v1.cnzz.com 443
192.168.122.201 49163 222.188.8.250 v1.cnzz.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
wwa.lanzoui.com CNAME all.lanzoui.com.w.kunlungr.com
A 114.80.187.102
s95.cnzz.com
v1.cnzz.com CNAME all.cnzz.com.danuoyi.tbcache.com
A 222.188.8.250
CNAME c.cnzz.com
statics.woozooo.com A 183.6.231.204
CNAME statics.woozooo.com.w.cdngslb.com
z4.cnzz.com CNAME z.cnzz.com
CNAME z.gds.cnzz.com
A 203.119.216.75
c.cnzz.com
cnzz.mmstat.com A 140.205.33.11
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
hzs2.cnzz.com CNAME z6.cnzz.com
hm.woozooo.com A 120.27.232.100
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 104.75.169.10
A 104.75.169.8

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49170 104.75.169.10 acroipm.adobe.com 80
192.168.122.201 49159 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49165 114.80.187.102 wwa.lanzoui.com 443
192.168.122.201 49169 120.27.232.100 hm.woozooo.com 443
192.168.122.201 49166 140.205.33.11 cnzz.mmstat.com 443
192.168.122.201 49168 140.205.33.11 cnzz.mmstat.com 443
192.168.122.201 49160 183.6.231.204 statics.woozooo.com 443
192.168.122.201 49164 203.119.216.75 z4.cnzz.com 443
192.168.122.201 49167 203.119.216.75 z4.cnzz.com 443
192.168.122.201 49161 222.188.8.250 v1.cnzz.com 443
192.168.122.201 49162 222.188.8.250 v1.cnzz.com 443
192.168.122.201 49163 222.188.8.250 v1.cnzz.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-06-18 22:12:19.033376+0800 192.168.122.201 49159 114.80.187.102 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.lanzoui.com d1:7a:6f:b5:77:df:e3:2b:dd:d9:0d:7b:e3:d4:63:2c:e6:c6:44:09
2021-06-18 22:12:19.569898+0800 192.168.122.201 49162 222.188.8.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 79:58:35:0e:31:d2:98:03:51:0c:9b:c1:52:dc:09:26:c7:fd:40:0f
2021-06-18 22:12:19.569522+0800 192.168.122.201 49161 222.188.8.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 79:58:35:0e:31:d2:98:03:51:0c:9b:c1:52:dc:09:26:c7:fd:40:0f
2021-06-18 22:12:19.736207+0800 192.168.122.201 49163 222.188.8.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 79:58:35:0e:31:d2:98:03:51:0c:9b:c1:52:dc:09:26:c7:fd:40:0f
2021-06-18 22:12:19.627341+0800 192.168.122.201 49160 183.6.231.204 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.woozooo.com b0:b2:01:02:3b:96:a0:01:b7:ba:5d:44:21:48:1a:35:fa:87:81:36
2021-06-18 22:12:19.790198+0800 192.168.122.201 49164 203.119.216.75 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 79:58:35:0e:31:d2:98:03:51:0c:9b:c1:52:dc:09:26:c7:fd:40:0f
2021-06-18 22:12:20.136407+0800 192.168.122.201 49166 140.205.33.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1
2021-06-18 22:12:20.248102+0800 192.168.122.201 49168 140.205.33.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1
2021-06-18 22:12:20.212785+0800 192.168.122.201 49167 203.119.216.75 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 79:58:35:0e:31:d2:98:03:51:0c:9b:c1:52:dc:09:26:c7:fd:40:0f
2021-06-18 22:12:20.306030+0800 192.168.122.201 49169 120.27.232.100 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 CN=*.woozooo.com b0:b2:01:02:3b:96:a0:01:b7:ba:5d:44:21:48:1a:35:fa:87:81:36

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 15.612 seconds )

  • 10.974 Suricata
  • 4.03 NetworkAnalysis
  • 0.592 Static
  • 0.011 AnalysisInfo
  • 0.003 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.487 seconds )

  • 1.386 md_url_bl
  • 0.025 md_domain_bl
  • 0.011 antiav_detectreg
  • 0.008 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_uac
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 md_bad_drop
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.413 seconds )

  • 0.413 ReportHTMLSummary
Task ID 641029
Mongo ID 60ccaa447e769a1c5970fac3
Cuckoo release 1.4-Maldun