分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-shaapp01-1 | 2017-12-14 09:13:59 | 2017-12-14 09:16:16 | 137 秒 |
魔盾分数
0.45
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.17.177.200 | 美国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 158.64.50.42 | 卢森堡 | |
| 否 | 183.136.212.50 | 中国 | |
| 否 | 192.35.177.64 | 美国 | |
| 否 | 202.120.2.47 | 中国 | |
| 否 | 65.55.186.113 | 美国 | |
| 否 | 96.17.182.26 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息WHOIS 信息
Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None
Orginization: None
Domain Name(s):
None
Creation Date:
None
Updated Date:
None
Expiration Date:
None
Email(s):
None
Registrar(s):
None
Name Server(s):
None
Referral URL(s):
None
| 防病毒引擎/厂商 | 网站安全分析 |
|---|---|
| CLEAN MX | Clean Site |
| MalwarePatrol | Clean Site |
| ZDB Zeus | Clean Site |
| Tencent | Clean Site |
| Netcraft | Unrated Site |
| desenmascara_me | Clean Site |
| PhishLabs | Unrated Site |
| Zerofox | Clean Site |
| K7AntiVirus | Clean Site |
| SecureBrain | Clean Site |
| Virusdie External Site Scan | Clean Site |
| SCUMWARE_org | Clean Site |
| Quttera | Clean Site |
| AegisLab WebGuard | Clean Site |
| MalwareDomainList | Clean Site |
| ZeusTracker | Clean Site |
| zvelo | Clean Site |
| Google Safebrowsing | Clean Site |
| Kaspersky | Clean Site |
| BitDefender | Clean Site |
| Certly | Clean Site |
| G-Data | Clean Site |
| C-SIRT | Clean Site |
| OpenPhish | Clean Site |
| Malware Domain Blocklist | Clean Site |
| VX Vault | Clean Site |
| Webutation | Clean Site |
| Trustwave | Clean Site |
| Web Security Guard | Clean Site |
| Dr_Web | Clean Site |
| ADMINUSLabs | Clean Site |
| Malwarebytes hpHosts | Clean Site |
| Opera | Clean Site |
| AlienVault | Clean Site |
| Emsisoft | Clean Site |
| Malc0de Database | Clean Site |
| Phishtank | Clean Site |
| Malwared | Clean Site |
| Avira | Clean Site |
| CyberCrime | Clean Site |
| Antiy-AVL | Clean Site |
| Forcepoint ThreatSeeker | Clean Site |
| FraudSense | Clean Site |
| malwares_com URL checker | Clean Site |
| Comodo Site Inspector | Clean Site |
| Malekal | Clean Site |
| ESET | Clean Site |
| Sophos | Unrated Site |
| Yandex Safebrowsing | Clean Site |
| Spam404 | Clean Site |
| Nucleon | Clean Site |
| Sucuri SiteCheck | Clean Site |
| Blueliv | Clean Site |
| ZCloudsec | Clean Site |
| AutoShun | Unrated Site |
| ThreatHive | Clean Site |
| FraudScore | Clean Site |
| Rising | Clean Site |
| URLQuery | Unrated Site |
| StopBadware | Unrated Site |
| Fortinet | Clean Site |
| ZeroCERT | Clean Site |
| Baidu-International | Clean Site |
| securolytics | Clean Site |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.17.177.200 | 美国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 158.64.50.42 | 卢森堡 | |
| 否 | 183.136.212.50 | 中国 | |
| 否 | 192.35.177.64 | 美国 | |
| 否 | 202.120.2.47 | 中国 | |
| 否 | 65.55.186.113 | 美国 | |
| 否 | 96.17.182.26 | 美国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49195 | 104.17.177.200 ocsp.msocsp.com | 80 |
| 192.168.122.201 | 49205 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49180 | 158.64.50.42 www.ipv6forum.com | 80 |
| 192.168.122.201 | 49182 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49183 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49186 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49187 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49188 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49189 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49193 | 183.136.212.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49197 | 183.136.212.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49184 | 192.35.177.64 apps.identrust.com | 80 |
| 192.168.122.201 | 49185 | 192.35.177.64 apps.identrust.com | 80 |
| 192.168.122.201 | 49162 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49163 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49165 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49166 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49167 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49168 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49169 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49170 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49178 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49179 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49191 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49194 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49196 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49198 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49199 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49200 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49201 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49202 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49203 | 96.17.182.26 cdn.epg.tvdownload.microsoft.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49230 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51023 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51070 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51694 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52576 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52640 | 192.168.122.1 | 53 |
| 192.168.122.201 | 54275 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59795 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62669 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64810 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49195 | 104.17.177.200 ocsp.msocsp.com | 80 |
| 192.168.122.201 | 49205 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49180 | 158.64.50.42 www.ipv6forum.com | 80 |
| 192.168.122.201 | 49182 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49183 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49186 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49187 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49188 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49189 | 158.64.50.42 www.ipv6forum.com | 443 |
| 192.168.122.201 | 49193 | 183.136.212.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49197 | 183.136.212.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49184 | 192.35.177.64 apps.identrust.com | 80 |
| 192.168.122.201 | 49185 | 192.35.177.64 apps.identrust.com | 80 |
| 192.168.122.201 | 49162 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49163 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49165 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49166 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49167 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49168 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49169 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49170 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49178 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49179 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49191 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
| 192.168.122.201 | 49194 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49196 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49198 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49199 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49200 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49201 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49202 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
| 192.168.122.201 | 49203 | 96.17.182.26 cdn.epg.tvdownload.microsoft.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49230 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51023 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51070 | 192.168.122.1 | 53 |
| 192.168.122.201 | 51694 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52576 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52640 | 192.168.122.1 | 53 |
| 192.168.122.201 | 54275 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59795 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62669 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64810 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&ved=0CCEQfjUXRrY2VoTVBQTEFZTW91UGx4&url=http%3A%2F%2Fipv6.sjtu.edu.cn%2F&ei=cGRKZW9zSXl5YUNl&usg=AFQjWkJZUHBqQUplWmFx Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/default.css | GET /default.css HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/search6.gif | GET /image/search6.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/dot.gif | GET /image/dot.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/foundation.gif | GET /image/foundation.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/net.gif | GET /image/net.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/sjtu.gif | GET /image/sjtu.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/shnet_kt.gif | GET /image/shnet_kt.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/tbg.gif | GET /image/tbg.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/tbg1.gif | GET /image/tbg1.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://www.ipv6forum.com/ipv6_enabled/sa/SA1.php?id=323 | GET /ipv6_enabled/sa/SA1.php?id=323 HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.ipv6forum.com Connection: Keep-Alive |
| URL专业沙箱检测 -> http://apps.identrust.com/roots/dstrootcax3.p7c | GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com |
| URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
| URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
| URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
| URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
| URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
| URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2017-12-14 09:14:22.035771+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49193 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
| 2017-12-14 09:14:27.475506+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
| 2017-12-14 09:14:27.497255+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
| 2017-12-14 09:14:27.542140+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2017-12-14 09:14:18.036113+0800 | 192.168.122.201 | 49183 | 158.64.50.42 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=ipv6forum.com | 19:a0:13:a9:b8:74:d0:e2:08:55:fe:ee:a0:58:c2:53:fe:19:17:93 |
| 2017-12-14 09:14:17.994829+0800 | 192.168.122.201 | 49182 | 158.64.50.42 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=ipv6forum.com | 19:a0:13:a9:b8:74:d0:e2:08:55:fe:ee:a0:58:c2:53:fe:19:17:93 |
| 2017-12-14 09:14:23.701445+0800 | 192.168.122.201 | 49194 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
| 2017-12-14 09:14:31.340811+0800 | 192.168.122.201 | 49200 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
| 2017-12-14 09:14:28.398512+0800 | 192.168.122.201 | 49198 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
| 2017-12-14 09:14:33.132786+0800 | 192.168.122.201 | 49201 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | SA1[1].htm |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\SA1[1].htm
|
| 文件大小 | 3544 字节 |
| 文件类型 | HTML document, ASCII text, with very long lines |
| MD5 | f295de3b041fab03ac2f2466ad6c2973 |
| SHA1 | 5aa47e123f1693ed463e3dc5c59419952c676576 |
| SHA256 | 3a63eeee06d6383d70d0c92991bb8026460b126fd8e7b352ee6a530aa91dbc44 |
| CRC32 | 7685894C |
| Ssdeep | 48:nip10fRN9f5MfYkwz5McpC3BTGx5MfYkwz5McgC34y3T+kZBJsBZm5CxrnrYaa:nipmRfBdNnCxTGrdN+Coy68cmarYaa |
| Yara |
|
| 下载 提交魔盾安全分析 显示文本 | |
var url = 'ipv6.sjtu.edu.cn';
url = url.toLowerCase();
var src_url = location.href;
if(src_url.indexOf(url) != -1 && url != ' ' && url.length !=0){
var id = '323';
var ip = '180.173.36.83';
function chkIP(str){
return /:/.test(str)&&str.match(/:/g).length<8&&/::/.test(str)?(str.match(/::/g).length==1&&/^::$|^(::)?([\da-f]{1,4}(:|::))*[\da-f]{1,4}(:|::)?$/i.test(str)):/^([\da-f]{1,4}:){7}[\da-f]{1,4}$/i.test(str);
}
var J = "https://";
J+="www.ipv6forum.com/ipv6_enabled/sa/i";
function grt_log(){
var result = 'Status:+<a href="https://www.ipv6forum.com/ipv6_enabled/approval_list.php" style="color:#7df227;text-decoration: none;background:transparent;font-style:italic;font: arial,sans-serif;font-size:9px;"> IPv6 Enabled</a>!Last: + 2017-12-14! VIA IPv4 NOW !';
if(chkIP(ip)){
var all_text = "<div style='clear:both;background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_right.png);padding:0px;background-position:right;background-repeat:no-repeat;width:148px;height:49px;margin:0px'><div style='color:#000;font-size:9px;height:49px;width:145px;repeat:repeat-y; background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_backgroud_main.png);margin:0;padding:0'><div style='float:left;margin:0;padding:0;'><img src='https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_left.png' style='margin:0;padding:0;'></div><div style = 'padding-right:0;padding-bottom:0;padding-top:10px;padding-left:45px;word-break:normal;write-space:nowrap;line-height:130%;font-size:10px;text-align:left'>";
}
else{
var all_text = "<div style='clear:both;background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_right.png);padding:0px;background-position:right;background-repeat:no-repeat;width:148px;height:49px;margin:0px'><div style='color:#000;font-size:9px;height:49px;width:145px;repeat:repeat-y; background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_backgroud_main.png);margin:0;padding:0;'><div style='float:left;margin:0;padding:0;'><img src='https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_left.png'></div><div style = 'padding-right:0;padding-bottom:0;padding-top:6px;padding-left:43px;word-break:normal;write-space:nowrap;line-height:100%;font-size:10px;text-align:left'>";
}
var result_str = result.split("!");
if(result_str.length > 0){
for(i=0;i<result_str.length;i++){
var span_str =result_str[i].split("+");
if(span_str.length > 1){
for(j=0;j<span_str.length;j++){
if(j==0){
all_text += "<span style='line-height:100%;font-weight:bold;font: arial,sans-serif;color:#fff;font-size:9px;magin:0;padding:0'>" + span_str[j] + "</span>"; }
else all_text += "<span style='line-height:100%;font-style:italic;font: arial,sans-serif;color:#7df227;font-size:9px;magin:0;padding:0'>" + span_str[j] + "<br></span>";
}
}
else{
all_text += "<span style='line-height:100%;font-weight:bold;font: arial,sans-serif;color:#50001E;font-size:9px;'>" + span_str[0] + "</span>";
}
}
all_text += "</div></div></div>";
document.getElementById("ipv6_enabled_www_test_logo").innerHTML=all_text;
}
}
J+=".php?id=";
grt_log();
if( chkIP(ip) ){
J+=id;
J+="&u=";
J+=src_url;
document.write(unescape("%3Cscript src='" + J + "' type='text/javascript'%3E%3C/script%3E"));
}
}
else{}
|
|
| 文件名 | foundation[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\foundation[1].gif
|
| 文件大小 | 5593 字节 |
| 文件类型 | GIF image data, version 89a, 180 x 35 |
| MD5 | 54681ae826683118d27dc02ee9257ba1 |
| SHA1 | b385bedb73b8157a04adb4ab3a302f860dad3637 |
| SHA256 | c969354e54ca54e01acd7e0822b7d1c4a000b4ff43b6d15ba5a6414d2d0f86ff |
| CRC32 | 21776305 |
| Ssdeep | 96:Qd/AzIUqvlNgTog43PeW6FCt8BGvF1UCW/qE9Ph4p+Bd/Hhv0WEHOAgNtBhkhoXs:oCIUvT23D+G1U1qE9PHFHhv0WKBgkhoc |
| 下载 提交魔盾安全分析 |
| 文件名 | search6[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\search6[1].gif
|
| 文件大小 | 1953 字节 |
| 文件类型 | GIF image data, version 87a, 180 x 35 |
| MD5 | feeff6f1f4d08935bbdbfb8f9bb9fdee |
| SHA1 | f39b564736e0a6840bc856621bee26896e974658 |
| SHA256 | a57aed2f2b0502cba7db71211a800d9f8692173aa1d7a28c17c23cc4aef7ca91 |
| CRC32 | 85BB6659 |
| Ssdeep | 24:wmJNRwctvLeo5/UZVV4j64XAa+5bt8273WvqC2hpm5tQVE:wmrZNM4j64Qa+IoGvhwpm5tQm |
| 下载 提交魔盾安全分析 |
| 文件名 | tbg1[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\tbg1[1].gif
|
| 文件大小 | 887 字节 |
| 文件类型 | GIF image data, version 89a, 475 x 34 |
| MD5 | a999a580b9602de729f88dfbc94286f5 |
| SHA1 | 7ad3a204a19936d89090119efd124148e81e0457 |
| SHA256 | a580a943c303a901544f64c3ffe039404fb677949d54c3544b84651b25c14c1f |
| CRC32 | 0A518428 |
| Ssdeep | 24:4REf/XpIv+7aeL+um7mXhvznct8a53Oo+xrCF61:4RiZ977La7ANc3B+xWF61 |
| 下载 提交魔盾安全分析 |
| 文件名 | net[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\net[1].gif
|
| 文件大小 | 5169 字节 |
| 文件类型 | GIF image data, version 89a, 180 x 35 |
| MD5 | 4720d144db521a0b02b22ae3e06c3003 |
| SHA1 | 3d1a63a1ddddd3ac7ee82e59003d7a71ed5ffd3c |
| SHA256 | ae89d3a82badcff6e074c1751660d66d2ba09d6fbd4bfc79001194adf72aaa89 |
| CRC32 | ACE750D3 |
| Ssdeep | 96:DGMVgWiKGwOVnTNDVwRwTqUEL3BLf/BCBvpRUmc6:DzgWLJi1VwRC6L3Br/BCBvTU76 |
| 下载 提交魔盾安全分析 |
| 文件名 | tbg[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\tbg[1].gif
|
| 文件大小 | 481 字节 |
| 文件类型 | GIF image data, version 89a, 228 x 24 |
| MD5 | be8c5bf048623cb494132bc712d736d6 |
| SHA1 | a52d6ea3f94166e0e421f26dc0e6067b713ec958 |
| SHA256 | e779b1eb9c21e6e2b6db797a737b7c66b88cbff1fdd74e5fddfbc37238d66b0a |
| CRC32 | 5DCF20FB |
| Ssdeep | 12:qR9c7+uSUMn2yKH6t2Q7DQLuIhGy9U/+V537jm5k8qxkuE:qR9mUnU6t2Q7kLrbs+LXm5knE |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121420171215\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 2e20a07d55c2fa817d6a11f2d356e837 |
| SHA1 | c0e6eecf2b767f3889eb29a701f1057ac68d82da |
| SHA256 | d10e62624997bc202812641c3b3838231bce29e34c03386934d7a34880bd61dc |
| CRC32 | EDF1F403 |
| Ssdeep | 6:qjyxXKUfyb3+EInFJTubl6Xh3+ERXFJTublcX:qjRGE3OFJTklc3vVJTkl |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{0FB88C23-E06C-11E7-A1F7-525400F9C664}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0FB88C23-E06C-11E7-A1F7-525400F9C664}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | bf83438d9a1dcfe3492de204f2975824 |
| SHA1 | c5105105a997a7d4547bbfb1c85fd2901da54290 |
| SHA256 | 40a3055b206eb8ff57f6b4bbcc6e6946c91c620e110a1629771c2aeb9e160cca |
| CRC32 | 69DF0132 |
| Ssdeep | 12:rl0YmGF2XrEg5+IaCrI017+FpEDrEgmf+IaCy8qgQNlTqoN+q+q:rIX5/yQGv/TQNlWoN+q5 |
| 下载 提交魔盾安全分析 |
| 文件名 | E0F5C59F9FA661F6F4C50B87FEF3A15A |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
| 文件大小 | 893 字节 |
| 文件类型 | data |
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| CRC32 | 1C31685D |
| Ssdeep | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
| 下载 提交魔盾安全分析 |
| 文件名 | sjtu[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\sjtu[1].gif
|
| 文件大小 | 6125 字节 |
| 文件类型 | GIF image data, version 89a, 180 x 35 |
| MD5 | 69abf351bfa577badd62016b41edf1bb |
| SHA1 | b8e162f94dc0b3795cac9b147ac3eed93a1a9459 |
| SHA256 | 1a192f7bdf42a7a7c405aebe37a09787a211a1bed3be5ba4f9525dd74b1421c5 |
| CRC32 | DABB36BD |
| Ssdeep | 96:WDbFvdXmk/+yefxGUUvDrqRmZUgmbI5XKugIIb3vOOzHr2qPsp7f9AX:WDpd1VepGJqRCrm8zgIISOz6n7fOX |
| 下载 提交魔盾安全分析 |
| 文件名 | MSIMGSIZ.DAT |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
| 文件大小 | 16384 字节 |
| 文件类型 | data |
| MD5 | 54af209e7323de4099429a164a33f46a |
| SHA1 | 2ddad5b59c21664cf3fda9bc394dea54a945f8b2 |
| SHA256 | b0853f89e9eba9138a9fe6cfe5477a41c9337f224978fad9c6a3509deb51035d |
| CRC32 | ECC87557 |
| Ssdeep | 48:jBQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:dBXHbbSrka5PIL8mJdcPzz76 |
| 下载 提交魔盾安全分析 |
| 文件名 | shnet_kt[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\shnet_kt[1].gif
|
| 文件大小 | 18607 字节 |
| 文件类型 | GIF image data, version 89a, 200 x 133 |
| MD5 | f329096b3e5299bbeeb8a61d6b2b894f |
| SHA1 | d0be93cb6175b020af6d25dfda79e8e59df41288 |
| SHA256 | ec0161fd7394c97073db98e41e1abf46c36735a8b9ea4e88d88e1d6d2e8d3b37 |
| CRC32 | 30D0D21A |
| Ssdeep | 384:sASAslxCcuv8Y9qIsiJCd1CuNC3XVgwJK8RRRTUlZ5OIN3Ok2/PdFT4y+P8WobIS:sAxGxCcuv8Y9JsiwhNCna58RH0Z5B3OJ |
| 下载 提交魔盾安全分析 |
| 文件名 | E0F5C59F9FA661F6F4C50B87FEF3A15A |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
| 文件大小 | 212 字节 |
| 文件类型 | data |
| MD5 | e5dbe16def6beb3f2d33b5320abea137 |
| SHA1 | 3557c3fc1f301793b3083fba13f728b532ced716 |
| SHA256 | 65299ba69a2833950a7e5c5dec5b99e59611cf64685d35e927ed7b68da86a685 |
| CRC32 | F2DFDAF0 |
| Ssdeep | 3:kkFkl7LX/fllXlE/islolzRkwWBARLNDU+ZMlKlBkvclcMlVn:kKC6loliBAIdQZVn |
| 下载 提交魔盾安全分析 |
| 文件名 | {0FB88C24-E06C-11E7-A1F7-525400F9C664}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FB88C24-E06C-11E7-A1F7-525400F9C664}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 41e11816cca53fe77e3a0e614fdd211f |
| SHA1 | 66f49393c9c17efaab293da6b7fedf764a06b68a |
| SHA256 | fdbac47c96fa2f0c9045a2643af088f629253e84af6fb03de72b8087953254a5 |
| CRC32 | A8C0518B |
| Ssdeep | 12:rlfF7rEgmfR16FhuQrEgmfF1qjNlYfOo3+/NlX9o3TAI:r3GdQGoNljowNlNos |
| 下载 提交魔盾安全分析 |
| 文件名 | dot[1].gif |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\dot[1].gif
|
| 文件大小 | 59 字节 |
| 文件类型 | GIF image data, version 89a, 7 x 5 |
| MD5 | 4a0d7c225c6d26541dc5d8ab69565ad6 |
| SHA1 | 7cec9cea695febe56626fd6bba5f651a3e4b37ae |
| SHA256 | fc891609dd8290918133ad066b804b017385e51d2a0323ba51c7886aa1c54b8a |
| CRC32 | CB0F88BF |
| Ssdeep | 3:CGutpREREchESxl5O2CKMen:OEREchESjQ2CKf |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
| 文件大小 | 262144 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
| SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
| SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
| CRC32 | E94B92FD |
| Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 33.198 seconds )
- 19.636 NetworkAnalysis
- 8.271 Suricata
- 1.689 BehaviorAnalysis
- 1.513 Static
- 1.319 VirusTotal
- 0.752 Dropped
- 0.013 AnalysisInfo
- 0.003 Memory
- 0.002 Debug
Signatures ( 3.368 seconds )
- 2.384 md_url_bl
- 0.182 antiav_detectreg
- 0.079 stealth_timeout
- 0.074 infostealer_ftp
- 0.063 api_spamming
- 0.042 infostealer_im
- 0.041 antivm_generic_scsi
- 0.038 md_domain_bl
- 0.035 md_bad_drop
- 0.034 antianalysis_detectreg
- 0.024 infostealer_mail
- 0.021 antivm_generic_services
- 0.018 stealth_file
- 0.014 antivm_generic_disk
- 0.014 antiav_detectfile
- 0.013 mimics_filetime
- 0.012 geodo_banking_trojan
- 0.012 infostealer_bitcoin
- 0.01 antivm_xen_keys
- 0.01 darkcomet_regkeys
- 0.009 bootkit
- 0.009 betabot_behavior
- 0.009 kibex_behavior
- 0.009 virus
- 0.009 antivm_parallels_keys
- 0.008 vawtrak_behavior
- 0.007 antiemu_wine_func
- 0.007 antivm_generic_diskreg
- 0.007 antivm_vbox_files
- 0.006 dridex_behavior
- 0.006 persistence_autorun
- 0.006 kovter_behavior
- 0.006 ransomware_extensions
- 0.006 ransomware_files
- 0.006 recon_fingerprint
- 0.005 hancitor_behavior
- 0.005 stealth_network
- 0.005 shifu_behavior
- 0.005 infostealer_browser_password
- 0.004 andromeda_behavior
- 0.004 antivm_vbox_libs
- 0.004 antidbg_windows
- 0.004 antisandbox_productid
- 0.003 injection_createremotethread
- 0.003 antidbg_devices
- 0.003 antivm_xen_keys
- 0.003 antivm_hyperv_keys
- 0.003 antivm_vbox_acpi
- 0.003 antivm_vbox_keys
- 0.003 antivm_vmware_keys
- 0.003 antivm_vpc_keys
- 0.003 bypass_firewall
- 0.003 disables_browser_warn
- 0.003 network_torgateway
- 0.003 packer_armadillo_regkey
- 0.002 tinba_behavior
- 0.002 hawkeye_behavior
- 0.002 rat_nanocore
- 0.002 antiav_avast_libs
- 0.002 stack_pivot
- 0.002 clickfraud_cookies
- 0.002 ransomware_message
- 0.002 Locky_behavior
- 0.002 antisandbox_sunbelt_libs
- 0.002 kazybot_behavior
- 0.002 exec_crash
- 0.002 antivm_vmware_events
- 0.002 cerber_behavior
- 0.002 injection_runpe
- 0.002 cryptowall_behavior
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_system
- 0.002 browser_security
- 0.002 rat_pcclient
- 0.002 recon_programs
- 0.001 network_tor
- 0.001 rat_luminosity
- 0.001 network_anomaly
- 0.001 antivm_vmware_libs
- 0.001 injection_explorer
- 0.001 kelihos_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 dead_connect
- 0.001 antiav_bitdefender_libs
- 0.001 dyre_behavior
- 0.001 ispy_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_generic_cpu
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 ie_martian_children
- 0.001 modify_uac_prompt
- 0.001 rat_spynet
- 0.001 sniffer_winpcap
- 0.001 targeted_flame
Reporting ( 0.575 seconds )
- 0.575 ReportHTMLSummary
| Task ID | 122481 |
|---|---|
| Mongo ID | 5a31d109bb7d5720df125cf7 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号