分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-shaapp01-1 | 2017-12-14 09:13:59 | 2017-12-14 09:16:16 | 137 秒 |
URL |
---|
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/ |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.17.177.200 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 158.64.50.42 | 卢森堡 | |
否 | 183.136.212.50 | 中国 | |
否 | 192.35.177.64 | 美国 | |
否 | 202.120.2.47 | 中国 | |
否 | 65.55.186.113 | 美国 | |
否 | 96.17.182.26 | 美国 |
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): None Creation Date: None Updated Date: None Expiration Date: None Email(s): None Registrar(s): None Name Server(s): None Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
MalwarePatrol | Clean Site |
ZDB Zeus | Clean Site |
Tencent | Clean Site |
Netcraft | Unrated Site |
desenmascara_me | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
SecureBrain | Clean Site |
Virusdie External Site Scan | Clean Site |
SCUMWARE_org | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Clean Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
C-SIRT | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
VX Vault | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
Dr_Web | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Malc0de Database | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Clean Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Clean Site |
Spam404 | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
ZCloudsec | Clean Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Rising | Clean Site |
URLQuery | Unrated Site |
StopBadware | Unrated Site |
Fortinet | Clean Site |
ZeroCERT | Clean Site |
Baidu-International | Clean Site |
securolytics | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.17.177.200 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 158.64.50.42 | 卢森堡 | |
否 | 183.136.212.50 | 中国 | |
否 | 192.35.177.64 | 美国 | |
否 | 202.120.2.47 | 中国 | |
否 | 65.55.186.113 | 美国 | |
否 | 96.17.182.26 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49195 | 104.17.177.200 ocsp.msocsp.com | 80 |
192.168.122.201 | 49205 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49180 | 158.64.50.42 www.ipv6forum.com | 80 |
192.168.122.201 | 49182 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49183 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49186 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49187 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49188 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49189 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49193 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49197 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49184 | 192.35.177.64 apps.identrust.com | 80 |
192.168.122.201 | 49185 | 192.35.177.64 apps.identrust.com | 80 |
192.168.122.201 | 49162 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49163 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49165 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49166 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49167 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49168 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49169 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49170 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49178 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49179 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49191 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49194 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49196 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49198 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49199 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49200 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49201 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49202 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49203 | 96.17.182.26 cdn.epg.tvdownload.microsoft.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49230 | 192.168.122.1 | 53 |
192.168.122.201 | 51023 | 192.168.122.1 | 53 |
192.168.122.201 | 51070 | 192.168.122.1 | 53 |
192.168.122.201 | 51694 | 192.168.122.1 | 53 |
192.168.122.201 | 52576 | 192.168.122.1 | 53 |
192.168.122.201 | 52640 | 192.168.122.1 | 53 |
192.168.122.201 | 54275 | 192.168.122.1 | 53 |
192.168.122.201 | 59795 | 192.168.122.1 | 53 |
192.168.122.201 | 62669 | 192.168.122.1 | 53 |
192.168.122.201 | 64810 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49195 | 104.17.177.200 ocsp.msocsp.com | 80 |
192.168.122.201 | 49205 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.201 | 49180 | 158.64.50.42 www.ipv6forum.com | 80 |
192.168.122.201 | 49182 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49183 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49186 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49187 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49188 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49189 | 158.64.50.42 www.ipv6forum.com | 443 |
192.168.122.201 | 49193 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49197 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.201 | 49184 | 192.35.177.64 apps.identrust.com | 80 |
192.168.122.201 | 49185 | 192.35.177.64 apps.identrust.com | 80 |
192.168.122.201 | 49162 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49163 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49165 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49166 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49167 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49168 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49169 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49170 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49178 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49179 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49191 | 202.120.2.47 ipv6.sjtu.edu.cn | 80 |
192.168.122.201 | 49194 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49196 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49198 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49199 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49200 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49201 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49202 | 65.55.186.113 data.tvdownload.microsoft.com | 443 |
192.168.122.201 | 49203 | 96.17.182.26 cdn.epg.tvdownload.microsoft.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49230 | 192.168.122.1 | 53 |
192.168.122.201 | 51023 | 192.168.122.1 | 53 |
192.168.122.201 | 51070 | 192.168.122.1 | 53 |
192.168.122.201 | 51694 | 192.168.122.1 | 53 |
192.168.122.201 | 52576 | 192.168.122.1 | 53 |
192.168.122.201 | 52640 | 192.168.122.1 | 53 |
192.168.122.201 | 54275 | 192.168.122.1 | 53 |
192.168.122.201 | 59795 | 192.168.122.1 | 53 |
192.168.122.201 | 62669 | 192.168.122.1 | 53 |
192.168.122.201 | 64810 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&ved=0CCEQfjUXRrY2VoTVBQTEFZTW91UGx4&url=http%3A%2F%2Fipv6.sjtu.edu.cn%2F&ei=cGRKZW9zSXl5YUNl&usg=AFQjWkJZUHBqQUplWmFx Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/default.css | GET /default.css HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/search6.gif | GET /image/search6.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/dot.gif | GET /image/dot.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/foundation.gif | GET /image/foundation.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/net.gif | GET /image/net.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/sjtu.gif | GET /image/sjtu.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/shnet_kt.gif | GET /image/shnet_kt.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/tbg.gif | GET /image/tbg.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/image/tbg1.gif | GET /image/tbg1.gif HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.ipv6forum.com/ipv6_enabled/sa/SA1.php?id=323 | GET /ipv6_enabled/sa/SA1.php?id=323 HTTP/1.1 Accept: */* Referer: http://ipv6.sjtu.edu.cn/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.ipv6forum.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://apps.identrust.com/roots/dstrootcax3.p7c | GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com |
URL专业沙箱检测 -> http://ipv6.sjtu.edu.cn/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ipv6.sjtu.edu.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2017-12-14 09:14:22.035771+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49193 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-14 09:14:27.475506+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-14 09:14:27.497255+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-14 09:14:27.542140+0800 | 183.136.212.50 | 80 | 192.168.122.201 | 49197 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2017-12-14 09:14:18.036113+0800 | 192.168.122.201 | 49183 | 158.64.50.42 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=ipv6forum.com | 19:a0:13:a9:b8:74:d0:e2:08:55:fe:ee:a0:58:c2:53:fe:19:17:93 |
2017-12-14 09:14:17.994829+0800 | 192.168.122.201 | 49182 | 158.64.50.42 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=ipv6forum.com | 19:a0:13:a9:b8:74:d0:e2:08:55:fe:ee:a0:58:c2:53:fe:19:17:93 |
2017-12-14 09:14:23.701445+0800 | 192.168.122.201 | 49194 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-14 09:14:31.340811+0800 | 192.168.122.201 | 49200 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-14 09:14:28.398512+0800 | 192.168.122.201 | 49198 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-14 09:14:33.132786+0800 | 192.168.122.201 | 49201 | 65.55.186.113 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
No Suricata HTTP
文件名 | SA1[1].htm |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\SA1[1].htm
|
文件大小 | 3544 字节 |
文件类型 | HTML document, ASCII text, with very long lines |
MD5 | f295de3b041fab03ac2f2466ad6c2973 |
SHA1 | 5aa47e123f1693ed463e3dc5c59419952c676576 |
SHA256 | 3a63eeee06d6383d70d0c92991bb8026460b126fd8e7b352ee6a530aa91dbc44 |
CRC32 | 7685894C |
Ssdeep | 48:nip10fRN9f5MfYkwz5McpC3BTGx5MfYkwz5McgC34y3T+kZBJsBZm5CxrnrYaa:nipmRfBdNnCxTGrdN+Coy68cmarYaa |
Yara |
|
下载 提交魔盾安全分析 显示文本 | |
var url = 'ipv6.sjtu.edu.cn'; url = url.toLowerCase(); var src_url = location.href; if(src_url.indexOf(url) != -1 && url != ' ' && url.length !=0){ var id = '323'; var ip = '180.173.36.83'; function chkIP(str){ return /:/.test(str)&&str.match(/:/g).length<8&&/::/.test(str)?(str.match(/::/g).length==1&&/^::$|^(::)?([\da-f]{1,4}(:|::))*[\da-f]{1,4}(:|::)?$/i.test(str)):/^([\da-f]{1,4}:){7}[\da-f]{1,4}$/i.test(str); } var J = "https://"; J+="www.ipv6forum.com/ipv6_enabled/sa/i"; function grt_log(){ var result = 'Status:+<a href="https://www.ipv6forum.com/ipv6_enabled/approval_list.php" style="color:#7df227;text-decoration: none;background:transparent;font-style:italic;font: arial,sans-serif;font-size:9px;"> IPv6 Enabled</a>!Last: + 2017-12-14! VIA IPv4 NOW !'; if(chkIP(ip)){ var all_text = "<div style='clear:both;background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_right.png);padding:0px;background-position:right;background-repeat:no-repeat;width:148px;height:49px;margin:0px'><div style='color:#000;font-size:9px;height:49px;width:145px;repeat:repeat-y; background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_backgroud_main.png);margin:0;padding:0'><div style='float:left;margin:0;padding:0;'><img src='https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_left.png' style='margin:0;padding:0;'></div><div style = 'padding-right:0;padding-bottom:0;padding-top:10px;padding-left:45px;word-break:normal;write-space:nowrap;line-height:130%;font-size:10px;text-align:left'>"; } else{ var all_text = "<div style='clear:both;background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_right.png);padding:0px;background-position:right;background-repeat:no-repeat;width:148px;height:49px;margin:0px'><div style='color:#000;font-size:9px;height:49px;width:145px;repeat:repeat-y; background-image:url(https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_backgroud_main.png);margin:0;padding:0;'><div style='float:left;margin:0;padding:0;'><img src='https://www.ipv6forum.com/ipv6_enabled/public/images/small_logo_background_left.png'></div><div style = 'padding-right:0;padding-bottom:0;padding-top:6px;padding-left:43px;word-break:normal;write-space:nowrap;line-height:100%;font-size:10px;text-align:left'>"; } var result_str = result.split("!"); if(result_str.length > 0){ for(i=0;i<result_str.length;i++){ var span_str =result_str[i].split("+"); if(span_str.length > 1){ for(j=0;j<span_str.length;j++){ if(j==0){ all_text += "<span style='line-height:100%;font-weight:bold;font: arial,sans-serif;color:#fff;font-size:9px;magin:0;padding:0'>" + span_str[j] + "</span>"; } else all_text += "<span style='line-height:100%;font-style:italic;font: arial,sans-serif;color:#7df227;font-size:9px;magin:0;padding:0'>" + span_str[j] + "<br></span>"; } } else{ all_text += "<span style='line-height:100%;font-weight:bold;font: arial,sans-serif;color:#50001E;font-size:9px;'>" + span_str[0] + "</span>"; } } all_text += "</div></div></div>"; document.getElementById("ipv6_enabled_www_test_logo").innerHTML=all_text; } } J+=".php?id="; grt_log(); if( chkIP(ip) ){ J+=id; J+="&u="; J+=src_url; document.write(unescape("%3Cscript src='" + J + "' type='text/javascript'%3E%3C/script%3E")); } } else{} |
文件名 | foundation[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\foundation[1].gif
|
文件大小 | 5593 字节 |
文件类型 | GIF image data, version 89a, 180 x 35 |
MD5 | 54681ae826683118d27dc02ee9257ba1 |
SHA1 | b385bedb73b8157a04adb4ab3a302f860dad3637 |
SHA256 | c969354e54ca54e01acd7e0822b7d1c4a000b4ff43b6d15ba5a6414d2d0f86ff |
CRC32 | 21776305 |
Ssdeep | 96:Qd/AzIUqvlNgTog43PeW6FCt8BGvF1UCW/qE9Ph4p+Bd/Hhv0WEHOAgNtBhkhoXs:oCIUvT23D+G1U1qE9PHFHhv0WKBgkhoc |
下载 提交魔盾安全分析 |
文件名 | search6[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\search6[1].gif
|
文件大小 | 1953 字节 |
文件类型 | GIF image data, version 87a, 180 x 35 |
MD5 | feeff6f1f4d08935bbdbfb8f9bb9fdee |
SHA1 | f39b564736e0a6840bc856621bee26896e974658 |
SHA256 | a57aed2f2b0502cba7db71211a800d9f8692173aa1d7a28c17c23cc4aef7ca91 |
CRC32 | 85BB6659 |
Ssdeep | 24:wmJNRwctvLeo5/UZVV4j64XAa+5bt8273WvqC2hpm5tQVE:wmrZNM4j64Qa+IoGvhwpm5tQm |
下载 提交魔盾安全分析 |
文件名 | tbg1[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\tbg1[1].gif
|
文件大小 | 887 字节 |
文件类型 | GIF image data, version 89a, 475 x 34 |
MD5 | a999a580b9602de729f88dfbc94286f5 |
SHA1 | 7ad3a204a19936d89090119efd124148e81e0457 |
SHA256 | a580a943c303a901544f64c3ffe039404fb677949d54c3544b84651b25c14c1f |
CRC32 | 0A518428 |
Ssdeep | 24:4REf/XpIv+7aeL+um7mXhvznct8a53Oo+xrCF61:4RiZ977La7ANc3B+xWF61 |
下载 提交魔盾安全分析 |
文件名 | net[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\net[1].gif
|
文件大小 | 5169 字节 |
文件类型 | GIF image data, version 89a, 180 x 35 |
MD5 | 4720d144db521a0b02b22ae3e06c3003 |
SHA1 | 3d1a63a1ddddd3ac7ee82e59003d7a71ed5ffd3c |
SHA256 | ae89d3a82badcff6e074c1751660d66d2ba09d6fbd4bfc79001194adf72aaa89 |
CRC32 | ACE750D3 |
Ssdeep | 96:DGMVgWiKGwOVnTNDVwRwTqUEL3BLf/BCBvpRUmc6:DzgWLJi1VwRC6L3Br/BCBvTU76 |
下载 提交魔盾安全分析 |
文件名 | tbg[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\tbg[1].gif
|
文件大小 | 481 字节 |
文件类型 | GIF image data, version 89a, 228 x 24 |
MD5 | be8c5bf048623cb494132bc712d736d6 |
SHA1 | a52d6ea3f94166e0e421f26dc0e6067b713ec958 |
SHA256 | e779b1eb9c21e6e2b6db797a737b7c66b88cbff1fdd74e5fddfbc37238d66b0a |
CRC32 | 5DCF20FB |
Ssdeep | 12:qR9c7+uSUMn2yKH6t2Q7DQLuIhGy9U/+V537jm5k8qxkuE:qR9mUnU6t2Q7kLrbs+LXm5knE |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121420171215\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 2e20a07d55c2fa817d6a11f2d356e837 |
SHA1 | c0e6eecf2b767f3889eb29a701f1057ac68d82da |
SHA256 | d10e62624997bc202812641c3b3838231bce29e34c03386934d7a34880bd61dc |
CRC32 | EDF1F403 |
Ssdeep | 6:qjyxXKUfyb3+EInFJTubl6Xh3+ERXFJTublcX:qjRGE3OFJTklc3vVJTkl |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{0FB88C23-E06C-11E7-A1F7-525400F9C664}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0FB88C23-E06C-11E7-A1F7-525400F9C664}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | bf83438d9a1dcfe3492de204f2975824 |
SHA1 | c5105105a997a7d4547bbfb1c85fd2901da54290 |
SHA256 | 40a3055b206eb8ff57f6b4bbcc6e6946c91c620e110a1629771c2aeb9e160cca |
CRC32 | 69DF0132 |
Ssdeep | 12:rl0YmGF2XrEg5+IaCrI017+FpEDrEgmf+IaCy8qgQNlTqoN+q+q:rIX5/yQGv/TQNlWoN+q5 |
下载 提交魔盾安全分析 |
文件名 | E0F5C59F9FA661F6F4C50B87FEF3A15A |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
文件大小 | 893 字节 |
文件类型 | data |
MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
CRC32 | 1C31685D |
Ssdeep | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
下载 提交魔盾安全分析 |
文件名 | sjtu[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\sjtu[1].gif
|
文件大小 | 6125 字节 |
文件类型 | GIF image data, version 89a, 180 x 35 |
MD5 | 69abf351bfa577badd62016b41edf1bb |
SHA1 | b8e162f94dc0b3795cac9b147ac3eed93a1a9459 |
SHA256 | 1a192f7bdf42a7a7c405aebe37a09787a211a1bed3be5ba4f9525dd74b1421c5 |
CRC32 | DABB36BD |
Ssdeep | 96:WDbFvdXmk/+yefxGUUvDrqRmZUgmbI5XKugIIb3vOOzHr2qPsp7f9AX:WDpd1VepGJqRCrm8zgIISOz6n7fOX |
下载 提交魔盾安全分析 |
文件名 | MSIMGSIZ.DAT |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
文件大小 | 16384 字节 |
文件类型 | data |
MD5 | 54af209e7323de4099429a164a33f46a |
SHA1 | 2ddad5b59c21664cf3fda9bc394dea54a945f8b2 |
SHA256 | b0853f89e9eba9138a9fe6cfe5477a41c9337f224978fad9c6a3509deb51035d |
CRC32 | ECC87557 |
Ssdeep | 48:jBQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:dBXHbbSrka5PIL8mJdcPzz76 |
下载 提交魔盾安全分析 |
文件名 | shnet_kt[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\shnet_kt[1].gif
|
文件大小 | 18607 字节 |
文件类型 | GIF image data, version 89a, 200 x 133 |
MD5 | f329096b3e5299bbeeb8a61d6b2b894f |
SHA1 | d0be93cb6175b020af6d25dfda79e8e59df41288 |
SHA256 | ec0161fd7394c97073db98e41e1abf46c36735a8b9ea4e88d88e1d6d2e8d3b37 |
CRC32 | 30D0D21A |
Ssdeep | 384:sASAslxCcuv8Y9qIsiJCd1CuNC3XVgwJK8RRRTUlZ5OIN3Ok2/PdFT4y+P8WobIS:sAxGxCcuv8Y9JsiwhNCna58RH0Z5B3OJ |
下载 提交魔盾安全分析 |
文件名 | E0F5C59F9FA661F6F4C50B87FEF3A15A |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
文件大小 | 212 字节 |
文件类型 | data |
MD5 | e5dbe16def6beb3f2d33b5320abea137 |
SHA1 | 3557c3fc1f301793b3083fba13f728b532ced716 |
SHA256 | 65299ba69a2833950a7e5c5dec5b99e59611cf64685d35e927ed7b68da86a685 |
CRC32 | F2DFDAF0 |
Ssdeep | 3:kkFkl7LX/fllXlE/islolzRkwWBARLNDU+ZMlKlBkvclcMlVn:kKC6loliBAIdQZVn |
下载 提交魔盾安全分析 |
文件名 | {0FB88C24-E06C-11E7-A1F7-525400F9C664}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FB88C24-E06C-11E7-A1F7-525400F9C664}.dat
|
文件大小 | 4608 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 41e11816cca53fe77e3a0e614fdd211f |
SHA1 | 66f49393c9c17efaab293da6b7fedf764a06b68a |
SHA256 | fdbac47c96fa2f0c9045a2643af088f629253e84af6fb03de72b8087953254a5 |
CRC32 | A8C0518B |
Ssdeep | 12:rlfF7rEgmfR16FhuQrEgmfF1qjNlYfOo3+/NlX9o3TAI:r3GdQGoNljowNlNos |
下载 提交魔盾安全分析 |
文件名 | dot[1].gif |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\dot[1].gif
|
文件大小 | 59 字节 |
文件类型 | GIF image data, version 89a, 7 x 5 |
MD5 | 4a0d7c225c6d26541dc5d8ab69565ad6 |
SHA1 | 7cec9cea695febe56626fd6bba5f651a3e4b37ae |
SHA256 | fc891609dd8290918133ad066b804b017385e51d2a0323ba51c7886aa1c54b8a |
CRC32 | CB0F88BF |
Ssdeep | 3:CGutpREREchESxl5O2CKMen:OEREchESjQ2CKf |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
文件大小 | 262144 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
CRC32 | E94B92FD |
Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 122481 |
---|---|
Mongo ID | 5a31d109bb7d5720df125cf7 |
Cuckoo release | 1.4-Maldun |