分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-shaapp01-2 | 2017-12-13 09:45:22 | 2017-12-13 09:47:39 | 137 秒 |
URL |
---|
URL专业沙箱检测 -> http://t.cn/RlIV0wR |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 101.96.10.73 | 中国 | |
否 | 104.17.178.200 | 美国 | |
否 | 104.215.29.84 | 未知 | 日本 |
否 | 116.211.174.71 | 未知 | 中国 |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 118.151.231.179 | 未知 | 日本 |
否 | 172.217.160.78 | 美国 | |
否 | 182.22.31.252 | 未知 | 日本 |
否 | 183.136.212.50 | 未知 | 中国 |
否 | 216.58.203.46 | 未知 | 美国 |
否 | 65.55.5.170 | 美国 |
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): t.cn Creation Date: None Updated Date: None Expiration Date: None Email(s): domainname@staff.sina.com.cn Registrar(s): 厦门易名科技股份有限公司 Name Server(s): ns1.sina.com.cn ns2.sina.com.cn ns3.sina.com.cn ns4.sina.com.cn Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
DNS8 | Clean Site |
MalwarePatrol | Clean Site |
ZDB Zeus | Clean Site |
Tencent | Clean Site |
Netcraft | Unrated Site |
desenmascara_me | Clean Site |
Dr_Web | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
SecureBrain | Clean Site |
Virusdie External Site Scan | Clean Site |
SCUMWARE_org | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Clean Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
C-SIRT | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
VX Vault | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
CyRadar | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Malc0de Database | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Clean Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Clean Site |
Spam404 | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
ZCloudsec | Clean Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Rising | Clean Site |
URLQuery | Unrated Site |
StopBadware | Unrated Site |
Fortinet | Clean Site |
ZeroCERT | Clean Site |
Baidu-International | Clean Site |
securolytics | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 101.96.10.73 | 中国 | |
否 | 104.17.178.200 | 美国 | |
否 | 104.215.29.84 | 未知 | 日本 |
否 | 116.211.174.71 | 未知 | 中国 |
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 118.151.231.179 | 未知 | 日本 |
否 | 172.217.160.78 | 美国 | |
否 | 182.22.31.252 | 未知 | 日本 |
否 | 183.136.212.50 | 未知 | 中国 |
否 | 216.58.203.46 | 未知 | 美国 |
否 | 65.55.5.170 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 56260 | 101.96.10.73 | 80 |
192.168.122.202 | 56244 | 104.17.178.200 ocsp.msocsp.com | 80 |
192.168.122.202 | 56236 | 104.215.29.84 ocsp.cybertrust.ne.jp | 80 |
192.168.122.202 | 49161 | 116.211.174.71 t.cn | 80 |
192.168.122.202 | 49177 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 56261 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49163 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49165 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49171 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 56262 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49173 | 182.22.31.252 bc-geocities.yahoo.co.jp | 80 |
192.168.122.202 | 49175 | 182.22.31.252 bc-geocities.yahoo.co.jp | 443 |
192.168.122.202 | 56240 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.202 | 56247 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.202 | 56235 | 192.168.122.1 | 53 |
192.168.122.202 | 56242 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56245 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56248 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56250 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56251 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56252 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56253 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56259 | 96.17.182.18 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50395 | 192.168.122.1 | 53 |
192.168.122.202 | 51930 | 192.168.122.1 | 53 |
192.168.122.202 | 51997 | 192.168.122.1 | 53 |
192.168.122.202 | 53717 | 192.168.122.1 | 53 |
192.168.122.202 | 54930 | 192.168.122.1 | 53 |
192.168.122.202 | 55046 | 192.168.122.1 | 53 |
192.168.122.202 | 56664 | 192.168.122.1 | 53 |
192.168.122.202 | 57204 | 192.168.122.1 | 53 |
192.168.122.202 | 57729 | 192.168.122.1 | 53 |
192.168.122.202 | 58578 | 192.168.122.1 | 53 |
192.168.122.202 | 63720 | 192.168.122.1 | 53 |
192.168.122.202 | 64125 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 56260 | 101.96.10.73 | 80 |
192.168.122.202 | 56244 | 104.17.178.200 ocsp.msocsp.com | 80 |
192.168.122.202 | 56236 | 104.215.29.84 ocsp.cybertrust.ne.jp | 80 |
192.168.122.202 | 49161 | 116.211.174.71 t.cn | 80 |
192.168.122.202 | 49177 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 56261 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49163 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49165 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49171 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 56262 | 118.151.231.179 sky.geocities.jp | 80 |
192.168.122.202 | 49173 | 182.22.31.252 bc-geocities.yahoo.co.jp | 80 |
192.168.122.202 | 49175 | 182.22.31.252 bc-geocities.yahoo.co.jp | 443 |
192.168.122.202 | 56240 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.202 | 56247 | 183.136.212.50 www.microsoft.com | 80 |
192.168.122.202 | 56235 | 192.168.122.1 | 53 |
192.168.122.202 | 56242 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56245 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56248 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56250 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56251 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56252 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56253 | 65.55.5.170 data.tvdownload.microsoft.com | 443 |
192.168.122.202 | 56259 | 96.17.182.18 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50395 | 192.168.122.1 | 53 |
192.168.122.202 | 51930 | 192.168.122.1 | 53 |
192.168.122.202 | 51997 | 192.168.122.1 | 53 |
192.168.122.202 | 53717 | 192.168.122.1 | 53 |
192.168.122.202 | 54930 | 192.168.122.1 | 53 |
192.168.122.202 | 55046 | 192.168.122.1 | 53 |
192.168.122.202 | 56664 | 192.168.122.1 | 53 |
192.168.122.202 | 57204 | 192.168.122.1 | 53 |
192.168.122.202 | 57729 | 192.168.122.1 | 53 |
192.168.122.202 | 58578 | 192.168.122.1 | 53 |
192.168.122.202 | 63720 | 192.168.122.1 | 53 |
192.168.122.202 | 64125 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://t.cn/RlIV0wR | GET /RlIV0wR HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CCEQfjVWNmZHhuUG5wYXF5c0RiRGFq&url=http%3A%2F%2Ft.cn%2FRlIV0wR&ei=eGx4aHBhakNSeUp5&usg=AFQjRlNNRWFPWXNuSk1W Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: t.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://sky.geocities.jp/oijhoijio8/fn/?to | GET /oijhoijio8/fn/?to HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CCEQfjVWNmZHhuUG5wYXF5c0RiRGFq&url=http%3A%2F%2Ft.cn%2FRlIV0wR&ei=eGx4aHBhakNSeUp5&usg=AFQjRlNNRWFPWXNuSk1W Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: sky.geocities.jp |
URL专业沙箱检测 -> http://sky.geocities.jp/oijhoijio8/fn/index2.htm | GET /oijhoijio8/fn/index2.htm HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: sky.geocities.jp Connection: Keep-Alive Cookie: BX=2ahojgpd311hv&b=3&s=fv |
URL专业沙箱检测 -> http://sky.geocities.jp/oijhoijio8/fn/img/m4.jpg | GET /oijhoijio8/fn/img/m4.jpg HTTP/1.1 Accept: */* Referer: http://sky.geocities.jp/oijhoijio8/fn/index2.htm Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: sky.geocities.jp Connection: Keep-Alive Cookie: BX=2ahojgpd311hv&b=3&s=fv |
URL专业沙箱检测 -> http://bc-geocities.yahoo.co.jp/js/geov2.js | GET /js/geov2.js HTTP/1.1 Accept: */* Referer: http://sky.geocities.jp/oijhoijio8/fn/index2.htm Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: bc-geocities.yahoo.co.jp Connection: Keep-Alive |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAVDQNCixMyBEfqoN31G4G8%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAVDQNCixMyBEfqoN31G4G8%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
URL专业沙箱检测 -> http://ocsp.cybertrust.ne.jp/OcspServer/MFUwUzBRME8wTTAJBgUrDgMCGgUABBR5QrJnas7nAW1uF6lDsi8LMOggpwQUc6gIUym4FfuZgOXFN9j4OXukEwYCFFIPBect5ph71C1KMN5luzdsJgKy | GET /OcspServer/MFUwUzBRME8wTTAJBgUrDgMCGgUABBR5QrJnas7nAW1uF6lDsi8LMOggpwQUc6gIUym4FfuZgOXFN9j4OXukEwYCFFIPBect5ph71C1KMN5luzdsJgKy HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.cybertrust.ne.jp |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
URL专业沙箱检测 -> http://101.96.10.73/crl.microsoft.com/pki/crl/products/tspca.crl | GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.96.10.73 |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT If-None-Match: "59aa882b-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
URL专业沙箱检测 -> http://sky.geocities.jp/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: sky.geocities.jp Connection: Keep-Alive Cookie: BX=2ahojgpd311hv&b=3&s=fv |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2017-12-13 09:45:44.425511+0800 | 183.136.212.50 | 80 | 192.168.122.202 | 56240 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2017-12-13 09:45:48.244613+0800 | 183.136.212.50 | 80 | 192.168.122.202 | 56247 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2017-12-13 09:45:38.808078+0800 | 192.168.122.202 | 49175 | 182.22.31.252 | 443 | TLS 1.2 | C=JP, O=Cybertrust Japan Co., Ltd., CN=Cybertrust Japan Public CA G3 | C=JP, ST=Tokyo, L=Chiyoda-ku, O=Yahoo Japan Corporation, OU=EDGE_201710, CN=*.yahoo.co.jp | 89:1e:2a:22:04:a1:df:7e:82:18:f3:df:be:0f:da:c3:b0:56:c3:67 |
2017-12-13 09:45:45.426232+0800 | 192.168.122.202 | 56242 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-13 09:45:50.481701+0800 | 192.168.122.202 | 56251 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-13 09:45:51.567590+0800 | 192.168.122.202 | 56252 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-13 09:45:49.434441+0800 | 192.168.122.202 | 56250 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-13 09:45:47.465484+0800 | 192.168.122.202 | 56245 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2017-12-13 09:45:52.547584+0800 | 192.168.122.202 | 56253 | 65.55.5.170 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
No Suricata HTTP
文件名 | RecoveryStore.{4692CDC3-DFA7-11E7-97F6-525400819FEB}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4692CDC3-DFA7-11E7-97F6-525400819FEB}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 7613224852aeb06cf54826f42988606c |
SHA1 | 4b8a1344781e024be793c1e29cacbae6e37efec3 |
SHA256 | a9319a9013766b23d43fbe03424d3f79972376784168cbfb698b280f1ca93629 |
CRC32 | 542DCCCF |
Ssdeep | 12:rl0YmGF2JrEg5+IaCrI017+FyuEDrEgmf+IaCy8qgQNlTqoe3muimhm:rIJ5/DuQGv/TQNlWo2ziG |
下载 提交魔盾安全分析 |
文件名 | test@geocities[1].txt |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@geocities[1].txt
|
文件大小 | 85 字节 |
文件类型 | ASCII text |
MD5 | 7b007e8f45356b0d16431466c838c218 |
SHA1 | d428caf379e45bdcc3afa9546a2f644498aab9a3 |
SHA256 | d1095cdb8a7ae70fda1ecf98d7396d56b0a3c30103ed5743872f503102fb888d |
CRC32 | E651CC56 |
Ssdeep | 3:NXEdYKWDXBVqWvSF0qMdSUWDYIFX:+GtXBVzqLD7X |
下载 提交魔盾安全分析 显示文本 | |
BX 2ahojgpd311hv&b=3&s=fv geocities.jp/ 1024 764004736 30781984 108713264 30635016 * |
文件名 | m4[1].jpg |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\m4[1].jpg
|
文件大小 | 32613 字节 |
文件类型 | JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 288x512, frames 3 |
MD5 | ce535cff2482b331a506728931f52b30 |
SHA1 | 246f8630215b11e85298cf932d242989c54fcf7a |
SHA256 | 7740ba7a7e23c10c911ea1b37def7c0d229349318a35573c6cd05a2230b18935 |
CRC32 | B37F5A86 |
Ssdeep | 768:VT23P1AJJJ8Toww6zlHUaTWmtQfP7oVzFrrYcrHA9xdHAM6fMGN:VTytX9x0a6meP7GWzHm0GN |
下载 提交魔盾安全分析 |
文件名 | 6BADA8974A10C4BD62CC921D13E43B18_10B2ED6A055C98951F429CD0FD943BBD |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_10B2ED6A055C98951F429CD0FD943BBD
|
文件大小 | 471 字节 |
文件类型 | data |
MD5 | 20214821c5dfb4383c9c335a78e6a99b |
SHA1 | a6e139c4c3cd8c653114d0eac1b8898334d1f7f2 |
SHA256 | a23689578586cc9bbc433435adbc0cc6988de394f1bedc20896913ca5351dfa9 |
CRC32 | CFC7EF24 |
Ssdeep | 12:JBD85x+Jx2S01JFSWteECaAu751UZpbZ94/5tzHQE2ggS+:Jp8Sr0TFjCm751YLUPzV2ggS+ |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
文件大小 | 262144 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
CRC32 | E94B92FD |
Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | DB54F96ED16ED8D59E7B53BE0AA76F5C_27A832DF2078D1B5963105430ECDEAAE |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DB54F96ED16ED8D59E7B53BE0AA76F5C_27A832DF2078D1B5963105430ECDEAAE
|
文件大小 | 430 字节 |
文件类型 | data |
MD5 | 0ea3f1f1411df6bac89a1bb41bcd46ec |
SHA1 | e308c18b02261b797691cb978bca72c8a5e99028 |
SHA256 | 1243a67af78b19047721287c66d63d63e2a81a8a382429c656c71024f5f0e639 |
CRC32 | 275E77EE |
Ssdeep | 6:kK5FxKGW4LBSpNUifuqLhClroF9M4IMp4qICQgyGZwwapjSSPG5be6ial/:Bq3KAnuqL8sFJxp4nC/yewwaQUGwHal/ |
下载 提交魔盾安全分析 |
文件名 | {4692CDC4-DFA7-11E7-97F6-525400819FEB}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4692CDC4-DFA7-11E7-97F6-525400819FEB}.dat
|
文件大小 | 5120 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 38cc344ea58e34f29f2de42cc6750cc3 |
SHA1 | 2781f3115fcac30048eae3aa7a1a5d3812843bed |
SHA256 | e32bd0d0b31a0543c397958d6d1f714d14d1ea7a2dbcf63f74ec6f45a7f20442 |
CRC32 | EF7C8940 |
Ssdeep | 24:rKpU1fHNldoV6P/KEHdWYKeL1R121HQNldoV6P/KEHd:roKNoV6nKEHkYKeBTCWoV6nKEH |
下载 提交魔盾安全分析 |
文件名 | DB54F96ED16ED8D59E7B53BE0AA76F5C_27A832DF2078D1B5963105430ECDEAAE |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DB54F96ED16ED8D59E7B53BE0AA76F5C_27A832DF2078D1B5963105430ECDEAAE
|
文件大小 | 2586 字节 |
文件类型 | data |
MD5 | 1bc8a1f15e710839ced0800e09349c6d |
SHA1 | 77c615cf068102bfc1b75b04516b2b9163863d58 |
SHA256 | ddc626c9b83f621fb79200298b2147c0e9193c93c417e3d5596e15133eb35f5c |
CRC32 | 37D43F73 |
Ssdeep | 48:e0Y8qIDHVhYkrN/ibpMfCgsOikbquA5w8HHenUphmOa2XHUXTJC2tRQHrGVWQrmu:eT81AOiACgXiIqZ7Hen68BY2tqrxA8kn |
下载 提交魔盾安全分析 |
文件名 | geov2[1].js |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\geov2[1].js
|
文件大小 | 4467 字节 |
文件类型 | ASCII text, with very long lines |
MD5 | 63def7a0e498323464cb1036b40310a9 |
SHA1 | 9eb29b4679920b90d6c120b37d84360c12579717 |
SHA256 | 83897856079f0b528ee89ecbbc0e67aa865f58d9acf6d21bf3fce9186a1acab6 |
CRC32 | 19B212A3 |
Ssdeep | 96:2idTh9q7qf09BBAbQ8MUSSoy54N3eJxASQY6H:D9q7y09DAbQ/USSP5yuMSEH |
Yara |
|
下载 提交魔盾安全分析 显示文本 | |
var geovisitFlg; var onloadFlg; var url = 'http://' + document.domain+location.pathname; var ref = document.referrer; var siteHeight = 0; function canUseGetBoundingClientRect() { var ua = window.navigator.userAgent.toLowerCase(); var ver = window.navigator.appVersion.toLowerCase(); if (ua.indexOf("msie") != -1) { if (ver.indexOf("msie 7.") != -1) { return false } else if (ver.indexOf("msie 8.") != -1) { return false } else if (ver.indexOf("msie 9.") != -1) { return false } } return true; } /* exec */ function geovisit() { if (geovisitFlg) { return; } geovisitFlg = true; if (adFlg === 'gg') { writeUAd(); } } if (window.addEventListener) { window.addEventListener("load", execWriteUadOnload, false); } else if (window.attachEvent) { window.attachEvent("onload", execWriteUadOnload); } else { window.onload = execWriteUadOnload; } function execWriteUadOnload() { if (onloadFlg) { return; } onloadFlg = true; if (adFlg === 'sq') { writeUAd(); } } function checkUad() { var ua = window.navigator.userAgent.toLowerCase(); var ver = window.navigator.appVersion.toLowerCase(); if (ua.indexOf("msie") != -1) { if (ver.indexOf("msie 7.") != -1 && ver.indexOf("trident") == -1) { return false; } } var adElement = document.getElementById("y_gc_div_adcntr"); if (adElement == null) { return false; } var adFrame = adElement.getElementsByTagName("iFrame"); if (adFrame.length == 0) { return false; } if (adFrame.item(0).width == 0 && adFrame.item(0).height == 0) { return false; } return true; } /* writeAd */ //uad function writeUAd() { if (!checkUad()) { return; } var doubleMdRecWrapper = document.createElement('div'); doubleMdRecWrapper.id = 'ydn-double-md-rec-wrapper'; doubleMdRecWrapper.style.textAlign = 'center'; doubleMdRecWrapper.style.width = '100%'; doubleMdRecWrapper.style.left = '0'; if (adFlg === 'sq') { measureSiteHeight(); // siteHeight var sqHeight = getSqBottomHeight(); if (siteHeight < sqHeight) { siteHeight = sqHeight } doubleMdRecWrapper.style.position = 'absolute'; doubleMdRecWrapper.style.top = siteHeight + 'px'; } var uadWrapper = document.createElement('div'); uadWrapper.id = 'y_gc_div_uad_wrapper'; document.body.appendChild(doubleMdRecWrapper); doubleMdRecWrapper.appendChild(uadWrapper); var uadElement = getUAd(); uadWrapper.appendChild(uadElement); } function getUAd() { var element = document.createElement('div'); element.id = 'y_gc_div_uadcntr'; element.style.visibility = "visible"; element.style.position = "relative"; element.style.zIndex = 2147483647; element.style.clear = "both"; var ifrmHeight = 480; var shpAdFlg = 0; var shpRate = 20; if (Math.random() * 100 <= shpRate) { shpAdFlg = 1; ifrmHeight = 590; } element.innerHTML = "<center><iframe style=\"border:none;\" src=\"https://bc-geocities.yahoo.co.jp/bc/uad?i=" + jps + "&u=" + encodeURIComponent(url) + '&ref=' + encodeURIComponent(ref) + '&ad=' + encodeURIComponent(adFlg)+ '&shp=' + encodeURIComponent(shpAdFlg) + "\" width=615 height=" + ifrmHeight + " border=0 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no allowtransparency=\"true\"></iframe></center>"; return element; } function getSqBottomHeight() { var divAu1 = document.getElementById("y_gc_div_au1"); if (divAu1) { var sqRect = divAu1.getBoundingClientRect(); var sqbottomHeight = sqRect.top + sqRect.height; } var scrollTop = document.body.scrollTop || document.documentElement.scrollTop; sqbottomHeight += scrollTop; return sqbottomHeight; } function measureSiteHeight() { if (!canUseGetBoundingClientRect()) { var bodyHeight = Math.max.apply( null, [document.body.clientHeight, document.body.scrollHeight, document.documentElement.scrollHeight, document.documentElement.clientHeight]); if ( siteHeight < bodyHeight ) { siteHeight = bodyHeight; } } else { getSiteHeightFromElem(document.body); var scrollTop = document.body.scrollTop || document.documentElement.scrollTop; siteHeight += scrollTop; } } function getSiteHeightFromElem(elem) { if (elem.getBoundingClientRect) { var children = elem.children; for (var i = 0; i < children.length; i++) { var bottomY = 0; var rect = children[i].getBoundingClientRect(); bottomY = rect.top + rect.height; if ( siteHeight < bottomY ) { siteHeight = bottomY; } getSiteHeightFromElem(children[i]); } } } |
文件名 | MSIMGSIZ.DAT |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
文件大小 | 16384 字节 |
文件类型 | data |
MD5 | 133feee5310e20e4ba94e459bae8b3e4 |
SHA1 | 3683dd609fb29ed26d3f41f0f943914d29b6ffae |
SHA256 | 7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6 |
CRC32 | 4F400BC6 |
Ssdeep | 48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76 |
下载 提交魔盾安全分析 |
文件名 | 6BADA8974A10C4BD62CC921D13E43B18_10B2ED6A055C98951F429CD0FD943BBD |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_10B2ED6A055C98951F429CD0FD943BBD
|
文件大小 | 434 字节 |
文件类型 | data |
MD5 | 147a59313a5a67574310c1a6e124866f |
SHA1 | cdae2a64620a9fa52b1a18a10687a822592b4810 |
SHA256 | 546b1610776e28a971873cc60b5bceba050ed6607b589ae6a150bb4adbb5a871 |
CRC32 | AB594C49 |
Ssdeep | 6:kK3vWMZg/D2D87zbXlRNfOAUMivhClroFluSaZH0lwKa2lWlAJ3yOsWDSG9a64qu:mMZgC85mxMiv8sFluSEIM63t2/Ii |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121320171214\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 02177b5b438ab2469578c94cd7af565e |
SHA1 | 4a66bb9cbf70d765d92950a8f7ee51f9427c524b |
SHA256 | ec4b6b27f44c7cfd9583a96067c99e4a2fd5d97ca24d23212f03388e83310627 |
CRC32 | B90DBF89 |
Ssdeep | 6:qjyxXKG//B3O4qNdF5X4jjF+PiK20rEt83O4qBF5X4j3+1O:qjRG//B3UHl4jdD03Ol4j+ |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 122369 |
---|---|
Mongo ID | 5a3086e6bb7d5720df1243f8 |
Cuckoo release | 1.4-Maldun |