分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp03-1 | 2018-05-21 14:18:53 | 2018-05-21 14:21:19 | 146 秒 |
魔盾分数
1.25
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> http://blog.cccyun.cc/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 58.211.137.81 | 未知 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| blog.cccyun.cc | 未知 |
CNAME blog.cccyun.cc.cname.yunjiasu-cdn.net A 58.211.137.81 |
摘要
登录查看详细行为信息WHOIS 信息
Name: Nexperian Holding Limited
Country: CN
State: Zhejiang
City: Hangzhou
ZIP Code: 311121
Address: Le Jia International No.999 Liang Mu Road Yuhang District
Orginization: Nexperian Holding Limited
Domain Name(s):
CCCYUN.CC
cccyun.cc
Creation Date:
2016-03-10 13:01:21
Updated Date:
2017-12-28 12:53:01
Expiration Date:
2019-03-10 12:01:21
Email(s):
DomainAbuse@service.aliyun.com
YuMing@YinSiBaoHu.AliYun.com
Registrar(s):
HiChina Zhicheng Technology Ltd.
Name Server(s):
F1G1NS1.DNSPOD.NET
F1G1NS2.DNSPOD.NET
Referral URL(s):
None
| 防病毒引擎/厂商 | 网站安全分析 |
|---|---|
| CLEAN MX | Clean Site |
| DNS8 | Clean Site |
| MalwarePatrol | Clean Site |
| ZDB Zeus | Clean Site |
| Tencent | Clean Site |
| Netcraft | Unrated Site |
| desenmascara_me | Clean Site |
| Dr_Web | Clean Site |
| PhishLabs | Unrated Site |
| Zerofox | Clean Site |
| K7AntiVirus | Clean Site |
| SecureBrain | Clean Site |
| Virusdie External Site Scan | Clean Site |
| SCUMWARE_org | Clean Site |
| Quttera | Clean Site |
| AegisLab WebGuard | Clean Site |
| MalwareDomainList | Clean Site |
| ZeusTracker | Clean Site |
| zvelo | Clean Site |
| Google Safebrowsing | Clean Site |
| Kaspersky | Unrated Site |
| BitDefender | Clean Site |
| Certly | Clean Site |
| G-Data | Clean Site |
| C-SIRT | Clean Site |
| OpenPhish | Clean Site |
| Malware Domain Blocklist | Clean Site |
| VX Vault | Clean Site |
| Webutation | Clean Site |
| Trustwave | Clean Site |
| Web Security Guard | Clean Site |
| CyRadar | Clean Site |
| ADMINUSLabs | Clean Site |
| Malwarebytes hpHosts | Clean Site |
| Opera | Clean Site |
| AlienVault | Clean Site |
| Emsisoft | Clean Site |
| Malc0de Database | Clean Site |
| Phishtank | Clean Site |
| Malwared | Clean Site |
| Avira | Malware Site |
| CyberCrime | Clean Site |
| Antiy-AVL | Clean Site |
| Forcepoint ThreatSeeker | Malicious Site |
| FraudSense | Clean Site |
| malwares_com URL checker | Clean Site |
| Comodo Site Inspector | Clean Site |
| Malekal | Clean Site |
| ESET | Clean Site |
| Sophos | Unrated Site |
| Yandex Safebrowsing | Clean Site |
| Spam404 | Clean Site |
| Nucleon | Clean Site |
| Sucuri SiteCheck | Clean Site |
| Blueliv | Clean Site |
| ZCloudsec | Clean Site |
| AutoShun | Unrated Site |
| ThreatHive | Clean Site |
| FraudScore | Clean Site |
| Rising | Clean Site |
| URLQuery | Unrated Site |
| StopBadware | Unrated Site |
| Fortinet | Clean Site |
| ZeroCERT | Clean Site |
| Baidu-International | Clean Site |
| securolytics | Clean Site |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 58.211.137.81 | 未知 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 58.211.137.81 blog.cccyun.cc | 80 |
| 192.168.122.201 | 49161 | 58.211.137.81 blog.cccyun.cc | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49651 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52308 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| blog.cccyun.cc | 未知 |
CNAME blog.cccyun.cc.cname.yunjiasu-cdn.net A 58.211.137.81 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 58.211.137.81 blog.cccyun.cc | 80 |
| 192.168.122.201 | 49161 | 58.211.137.81 blog.cccyun.cc | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49651 | 192.168.122.1 | 53 |
| 192.168.122.201 | 52308 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://blog.cccyun.cc/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=30&ved=0CCEQfjSFFIbHZ0RXdlcWhMalhpb0V5dEpL&url=http%3A%2F%2Fblog.cccyun.cc%2F&ei=RllnTG1IT0lGdW9F&usg=AFQjVGtZdGRTQmpoUWF3 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: blog.cccyun.cc Connection: Keep-Alive |
| URL专业沙箱检测 -> http://blog.cccyun.cc/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: blog.cccyun.cc Connection: Keep-Alive Cookie: __cfduid=d964436321420c524eae3ae37c835c29e1526883551 |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052120180522\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 7bd59ad2931d1bb5035f71a1df013de8 |
| SHA1 | 136cba3e84c9f3d338c48933e53b362f8ecc5f31 |
| SHA256 | bb82d0aa16ab1a2bfd6c605e2466ffaf82a0f9bc66f7755516db5e47a1a9f1e9 |
| CRC32 | 02832945 |
| Ssdeep | 6:qjyxXKLF53X8YJjgFuGfUWlJrVGhO4Iy3X8aXFuGfUWl3ECGhO4I:qjRLf3X8kEbUiJrVsh3X8MbUi3Js |
| 下载 提交魔盾安全分析 |
| 文件名 | {D48F2264-5CBE-11E8-91CC-525400E1D82E}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D48F2264-5CBE-11E8-91CC-525400E1D82E}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 6222c058b37835b78cee80d8991c5235 |
| SHA1 | 3c72d19ef57932ccd952b9aac46b774bf6883d7e |
| SHA256 | 7e2f9dddb9fffbf5be9b170b90ad0877cf84fe43c1c6183ce2cc03f76284f9be |
| CRC32 | E660470A |
| Ssdeep | 12:rlfFvrEgmfR16FJLDrEgmfJ1qjNlYfOo4NlA89obtQ:rTGgGMNljo4Nlpo6 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0ee0d92f5ad9cd4d354a120734ae8e5e |
| SHA1 | a3d2338356b933a1240f053b89efe7f1b5e63353 |
| SHA256 | bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771 |
| CRC32 | 36F430F7 |
| Ssdeep | 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg |
| 下载 提交魔盾安全分析 |
| 文件名 | test@cccyun[1].txt |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@cccyun[1].txt
|
| 文件大小 | 110 字节 |
| 文件类型 | ASCII text |
| MD5 | aa1900f800352da836eb2f0b60dc0329 |
| SHA1 | 189ff7ff0d325809730faf08c760d93467f0adb7 |
| SHA256 | 8e1ca45cbc7371450e01d27f50442d1cf283d340a18eedfeb94197f9930dfc0f |
| CRC32 | 4D3322EA |
| Ssdeep | 3:GmM/ik8SWWpsdJAZRdxe7OdvjjjFXvRBPcMkNTGn:XM/SSWWScxe7OdRvaNCn |
| 下载 提交魔盾安全分析 显示文本 | |
__cfduid d964436321420c524eae3ae37c835c29e1526883551 cccyun.cc/ 9216 448420224 30740381 4013936064 30666966 * |
|
| 文件名 | favicon[1].ico |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].ico
|
| 文件大小 | 4286 字节 |
| 文件类型 | MS Windows icon resource - 1 icon, 32x32 |
| MD5 | b2f169c1eca5321eadc6576b300feb94 |
| SHA1 | a903a8fbc1c82970988f218b95fab07d8f0efe92 |
| SHA256 | e5cb139296d058a5a28384db36afce9e193282532242a7d292177f15c1a70fce |
| CRC32 | 82B50B92 |
| Ssdeep | 96:nolQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQT/: |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
| 文件大小 | 262144 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
| SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
| SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
| CRC32 | E94B92FD |
| Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{D48F2263-5CBE-11E8-91CC-525400E1D82E}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D48F2263-5CBE-11E8-91CC-525400E1D82E}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 79c820e7fc7d0e9925732d223942d079 |
| SHA1 | d416cce743e4b0a4a44bc267346ce84e8e537b2f |
| SHA256 | 7ad28b00d9bb7d3970bb5fedf796dc61e0752b1383e089f4a81cc9008cca76f6 |
| CRC32 | FD9BCDC0 |
| Ssdeep | 12:rl0YmGF2brEg5+IaCrI017+FWDrEgmf+IaCy8qgQNlTqozmBlhBlpBl:rIb5/ZGv/TQNlWoz |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 32.845 seconds )
- 20.783 NetworkAnalysis
- 7.906 Suricata
- 1.47 Static
- 1.218 VirusTotal
- 0.995 BehaviorAnalysis
- 0.348 AnalysisInfo
- 0.062 Dropped
- 0.061 Debug
- 0.002 Memory
Signatures ( 2.434 seconds )
- 1.394 md_url_bl
- 0.434 md_bad_drop
- 0.132 antiav_detectreg
- 0.05 stealth_timeout
- 0.048 infostealer_ftp
- 0.036 api_spamming
- 0.029 antivm_generic_scsi
- 0.027 antianalysis_detectreg
- 0.027 infostealer_im
- 0.016 md_domain_bl
- 0.015 stealth_file
- 0.015 infostealer_mail
- 0.014 antivm_generic_services
- 0.008 mimics_filetime
- 0.008 antivm_generic_disk
- 0.008 antiav_detectfile
- 0.008 geodo_banking_trojan
- 0.007 betabot_behavior
- 0.007 kibex_behavior
- 0.007 vawtrak_behavior
- 0.006 persistence_autorun
- 0.006 antivm_parallels_keys
- 0.006 antivm_xen_keys
- 0.006 darkcomet_regkeys
- 0.006 infostealer_bitcoin
- 0.005 antiemu_wine_func
- 0.005 bootkit
- 0.005 virus
- 0.004 infostealer_browser_password
- 0.004 antidbg_windows
- 0.004 kovter_behavior
- 0.004 antivm_generic_diskreg
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.004 recon_fingerprint
- 0.003 andromeda_behavior
- 0.003 hancitor_behavior
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.002 tinba_behavior
- 0.002 rat_nanocore
- 0.002 dridex_behavior
- 0.002 injection_createremotethread
- 0.002 Locky_behavior
- 0.002 antivm_vbox_libs
- 0.002 antisandbox_productid
- 0.002 antivm_xen_keys
- 0.002 antivm_hyperv_keys
- 0.002 antivm_vbox_acpi
- 0.002 antivm_vbox_keys
- 0.002 antivm_vmware_keys
- 0.002 antivm_vpc_keys
- 0.002 browser_security
- 0.002 bypass_firewall
- 0.002 network_torgateway
- 0.002 packer_armadillo_regkey
- 0.001 network_tor
- 0.001 antiav_avast_libs
- 0.001 rat_luminosity
- 0.001 stack_pivot
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 dyre_behavior
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antivm_vmware_events
- 0.001 cerber_behavior
- 0.001 injection_runpe
- 0.001 cryptowall_behavior
- 0.001 antidbg_devices
- 0.001 antivm_generic_bios
- 0.001 antivm_generic_cpu
- 0.001 antivm_generic_system
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 ie_martian_children
- 0.001 modify_uac_prompt
- 0.001 rat_pcclient
- 0.001 recon_programs
Reporting ( 0.496 seconds )
- 0.496 ReportHTMLSummary
| Task ID | 162237 |
|---|---|
| Mongo ID | 5b02658ea093ef799b132cd4 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号