恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp03-1	2021-12-05 01:30:48	2021-12-05 01:32:55	127 秒

魔盾分数

0.375

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://livr.jp/contents/P159006119

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	104.16.19.94	未知	美国
否	113.108.239.233	未知	中国
否	13.225.174.78	未知	美国
否	13.226.235.29	未知	美国
否	13.226.237.116	未知	美国
否	13.32.54.49	未知	美国
否	180.163.150.161	未知	中国
否	203.208.40.66	未知	中国
否	61.114.177.151	未知	日本
否	61.164.119.121	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
livr.jp	A 13.225.174.78 A 13.225.174.109 A 13.225.174.60 A 13.225.174.47
www.googletagmanager.com	CNAME www-googletagmanager.l.google.com A 113.108.239.233
fonts.googleapis.com	A 180.163.150.161
cdn.jsdelivr.net	A 61.164.119.121 A 49.71.73.132 CNAME cdn.jsdelivr.net.mwcloudcdn.com
cdnjs.cloudflare.com	A 104.16.19.94 A 104.16.18.94
fonts.gstatic.com	CNAME gstaticadssl.l.google.com A 203.208.40.66
media.livr.jp	A 13.32.54.19 A 13.32.54.49 A 13.32.54.55 A 13.32.54.63
s.yjtag.jp	A 13.226.237.31 CNAME d1kdvuzh4logm5.cloudfront.net A 13.226.237.116 A 13.226.237.113 A 13.226.237.107
x.ss2.us	A 13.226.235.100 A 13.226.235.9 A 13.226.235.29 A 13.226.235.206
repository.secomtrust.net	A 61.114.177.151

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2396, 上一级进程 PID: 2184

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	104.16.19.94	未知	美国
否	113.108.239.233	未知	中国
否	13.225.174.78	未知	美国
否	13.226.235.29	未知	美国
否	13.226.237.116	未知	美国
否	13.32.54.49	未知	美国
否	180.163.150.161	未知	中国
否	203.208.40.66	未知	中国
否	61.114.177.151	未知	日本
否	61.164.119.121	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	104.16.19.94 cdnjs.cloudflare.com	443
192.168.122.201	49161	113.108.239.233 www.googletagmanager.com	443
192.168.122.201	49159	13.225.174.78 livr.jp	443
192.168.122.201	49165	13.225.174.78 livr.jp	443
192.168.122.201	49166	13.225.174.78 livr.jp	443
192.168.122.201	49167	13.225.174.78 livr.jp	443
192.168.122.201	49168	13.225.174.78 livr.jp	443
192.168.122.201	49169	13.225.174.78 livr.jp	443
192.168.122.201	49176	13.225.174.78 livr.jp	443
192.168.122.201	49173	13.226.235.29 x.ss2.us	80
192.168.122.201	49174	13.226.235.29 x.ss2.us	80
192.168.122.201	49177	13.226.237.116 s.yjtag.jp	443
192.168.122.201	49170	13.32.54.49 media.livr.jp	443
192.168.122.201	49171	13.32.54.49 media.livr.jp	443
192.168.122.201	49175	13.32.54.49 media.livr.jp	443
192.168.122.201	49160	180.163.150.161 fonts.googleapis.com	443
192.168.122.201	49164	203.208.40.66 fonts.gstatic.com	443
192.168.122.201	49172	23.218.94.155	80
192.168.122.201	49178	61.114.177.151 repository.secomtrust.net	80
192.168.122.201	49163	61.164.119.121 cdn.jsdelivr.net	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
livr.jp	A 13.225.174.78 A 13.225.174.109 A 13.225.174.60 A 13.225.174.47
www.googletagmanager.com	CNAME www-googletagmanager.l.google.com A 113.108.239.233
fonts.googleapis.com	A 180.163.150.161
cdn.jsdelivr.net	A 61.164.119.121 A 49.71.73.132 CNAME cdn.jsdelivr.net.mwcloudcdn.com
cdnjs.cloudflare.com	A 104.16.19.94 A 104.16.18.94
fonts.gstatic.com	CNAME gstaticadssl.l.google.com A 203.208.40.66
media.livr.jp	A 13.32.54.19 A 13.32.54.49 A 13.32.54.55 A 13.32.54.63
s.yjtag.jp	A 13.226.237.31 CNAME d1kdvuzh4logm5.cloudfront.net A 13.226.237.116 A 13.226.237.113 A 13.226.237.107
x.ss2.us	A 13.226.235.100 A 13.226.235.9 A 13.226.235.29 A 13.226.235.206
repository.secomtrust.net	A 61.114.177.151

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	104.16.19.94 cdnjs.cloudflare.com	443
192.168.122.201	49161	113.108.239.233 www.googletagmanager.com	443
192.168.122.201	49159	13.225.174.78 livr.jp	443
192.168.122.201	49165	13.225.174.78 livr.jp	443
192.168.122.201	49166	13.225.174.78 livr.jp	443
192.168.122.201	49167	13.225.174.78 livr.jp	443
192.168.122.201	49168	13.225.174.78 livr.jp	443
192.168.122.201	49169	13.225.174.78 livr.jp	443
192.168.122.201	49176	13.225.174.78 livr.jp	443
192.168.122.201	49173	13.226.235.29 x.ss2.us	80
192.168.122.201	49174	13.226.235.29 x.ss2.us	80
192.168.122.201	49177	13.226.237.116 s.yjtag.jp	443
192.168.122.201	49170	13.32.54.49 media.livr.jp	443
192.168.122.201	49171	13.32.54.49 media.livr.jp	443
192.168.122.201	49175	13.32.54.49 media.livr.jp	443
192.168.122.201	49160	180.163.150.161 fonts.googleapis.com	443
192.168.122.201	49164	203.208.40.66 fonts.gstatic.com	443
192.168.122.201	49172	23.218.94.155	80
192.168.122.201	49178	61.114.177.151 repository.secomtrust.net	80
192.168.122.201	49163	61.164.119.121 cdn.jsdelivr.net	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://x.ss2.us/x.cer	GET /x.cer HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: x.ss2.us
URL专业沙箱检测 -> http://repository.secomtrust.net/SC-Root2/SCRoot2ca.cer	GET /SC-Root2/SCRoot2ca.cer HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: repository.secomtrust.net

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://x.ss2.us/x.cer

GET /x.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x.ss2.us

URL专业沙箱检测 -> http://repository.secomtrust.net/SC-Root2/SCRoot2ca.cer

GET /SC-Root2/SCRoot2ca.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: repository.secomtrust.net

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2021-12-05 01:31:11.316302+0800	192.168.122.201	49164	203.208.40.66	443	TLS 1.2	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.gstatic.com	e9:ec:b0:5c:f1:88:78:5d:9d:24:04:de:04:a7:f3:5e:33:a0:8b:0c
2021-12-05 01:31:10.953135+0800	192.168.122.201	49162	104.16.19.94	443	TLS 1.2	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	5d:cd:ff:cf:d5:e1:23:21:56:30:e7:79:d0:2c:e0:5b:7d:4e:34:ce
2021-12-05 01:31:10.724046+0800	192.168.122.201	49160	180.163.150.161	443	TLS 1.2	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=upload.video.google.com	68:db:23:67:82:7a:3d:3a:3d:68:e1:7b:dd:8e:49:36:fb:46:8b:b8
2021-12-05 01:31:10.779591+0800	192.168.122.201	49161	113.108.239.233	443	TLS 1.2	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	46:9f:a6:8f:d4:0c:51:2c:3d:40:b7:40:b5:fe:3d:5f:cc:4c:2c:98
2021-12-05 01:31:12.755430+0800	192.168.122.201	49175	13.32.54.49	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=livr.jp	20:d9:24:40:2d:b6:d1:86:2a:67:7b:41:f3:5d:18:50:8b:33:36:31
2021-12-05 01:31:09.360149+0800	192.168.122.201	49159	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:11.590407+0800	192.168.122.201	49170	13.32.54.49	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=livr.jp	20:d9:24:40:2d:b6:d1:86:2a:67:7b:41:f3:5d:18:50:8b:33:36:31
2021-12-05 01:31:12.790864+0800	192.168.122.201	49176	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:11.445807+0800	192.168.122.201	49169	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:10.745306+0800	192.168.122.201	49163	61.164.119.121	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=cdn.jsdelivr.net	9f:25:8c:50:0f:02:f0:ed:7f:66:29:e4:eb:90:e6:b0:24:18:2f:80
2021-12-05 01:31:11.433463+0800	192.168.122.201	49168	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:11.605012+0800	192.168.122.201	49171	13.32.54.49	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=livr.jp	20:d9:24:40:2d:b6:d1:86:2a:67:7b:41:f3:5d:18:50:8b:33:36:31
2021-12-05 01:31:11.422138+0800	192.168.122.201	49166	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:11.449416+0800	192.168.122.201	49167	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e
2021-12-05 01:31:13.305613+0800	192.168.122.201	49177	13.226.237.116	443	TLS 1.2	C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan SureServer CA G4	C=JP, ST=Tokyo, L=Chiyoda-ku, O=Yahoo Japan Corporation, CN=*.tgm.yahoo-net.jp	1a:6b:4b:e6:ae:bf:f7:e7:9e:21:19:02:90:37:ac:17:96:b2:b5:41
2021-12-05 01:31:11.456857+0800	192.168.122.201	49165	13.225.174.78	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	unknown=Private Organization, serialNumber=010401052465, unknown=JP, C=JP, ST=Tokyo, L=Minato-ku, unknown=1-9-1 Higashi-shimbashi, OU=Business Development Office, O=SoftBank Corp., CN=livr.jp	0d:2c:b7:68:47:ba:c9:b1:bb:ca:6e:a9:d8:47:18:94:8a:2f:3a:3e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 30.935 seconds )

17.226 NetworkAnalysis
10.959 Suricata
2.557 AnalysisInfo
0.187 Static
0.003 BehaviorAnalysis
0.003 Memory

Signatures ( 1.545 seconds )

1.451 md_url_bl
0.024 md_domain_bl
0.011 antiav_detectreg
0.005 anomaly_persistence_autorun
0.005 antiav_detectfile
0.005 infostealer_ftp
0.004 geodo_banking_trojan
0.004 network_torgateway
0.004 ransomware_extensions
0.004 ransomware_files
0.003 disables_browser_warn
0.003 infostealer_bitcoin
0.003 infostealer_im
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_mail
0.001 rat_nanocore
0.001 betabot_behavior
0.001 cerber_behavior
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 browser_security
0.001 disables_system_restore
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 ie_martian_children
0.001 md_bad_drop

Reporting ( 0.432 seconds )

0.432 ReportHTMLSummary


Task ID	667897
Mongo ID	61aba66c7e769a79ac101079
Cuckoo release	1.4-Maldun