分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp01-2 | 2018-08-29 00:43:34 | 2018-08-29 00:46:43 | 189 秒 |
URL |
---|
URL专业沙箱检测 -> https://www.91wqp.com/dxy |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 132.232.145.53 | 英国 |
域名 | 安全评级 | 响应 |
---|---|---|
www.91wqp.com | A 132.232.145.53 | |
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
|
ocsp2.digicert.com |
Name: None Country: None State: si chuan City: cheng du shi ZIP Code: None Address: None Orginization: None Domain Name(s): 91WQP.COM 91wqp.com Creation Date: 2016-06-20 01:34:49 Updated Date: 2018-06-13 04:45:12 Expiration Date: 2019-06-20 01:34:49 Email(s): DomainAbuse@service.aliyun.com Registrar(s): Alibaba Cloud Computing (Beijing) Co., Ltd. Name Server(s): F1G1NS1.DNSPOD.NET F1G1NS2.DNSPOD.NET Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 132.232.145.53 | 英国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49162 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49163 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49161 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49167 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49168 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49169 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49170 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49171 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49174 | 23.46.211.136 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 62207 | 192.168.122.1 | 53 |
192.168.122.202 | 64548 | 192.168.122.1 | 53 |
192.168.122.202 | 64974 | 192.168.122.1 | 53 |
192.168.122.202 | 65069 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.91wqp.com | A 132.232.145.53 | |
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
|
ocsp2.digicert.com |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49162 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49163 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49161 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49167 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49168 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49169 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49170 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49171 | 132.232.145.53 www.91wqp.com | 443 |
192.168.122.202 | 49174 | 23.46.211.136 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 62207 | 192.168.122.1 | 53 |
192.168.122.202 | 64548 | 192.168.122.1 | 53 |
192.168.122.202 | 64974 | 192.168.122.1 | 53 |
192.168.122.202 | 65069 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAc%2FyaR7BgIY9uCoaun8Pjs%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAc%2FyaR7BgIY9uCoaun8Pjs%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
URL专业沙箱检测 -> http://ocsp2.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSogLCHz7apMi2guQoYXFYAsgBqRgQUEoZEZiYIVCaPZTeyKU4mIeCTvtsCEA%2BeJAMuYtoLiuCuLsXl5j4%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSogLCHz7apMi2guQoYXFYAsgBqRgQUEoZEZiYIVCaPZTeyKU4mIeCTvtsCEA%2BeJAMuYtoLiuCuLsXl5j4%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.digicert.com |
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-08-29 00:44:49.275278+0800 | 132.232.145.53 | 443 | 192.168.122.202 | 49161 | TCP | 2400008 | ET DROP Spamhaus DROP Listed Traffic Inbound group 9 | Misc Attack |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2018-08-29 00:44:49.404286+0800 | 192.168.122.202 | 49161 | 132.232.145.53 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS ECC CA | CN=www.91wqp.com | f5:8e:71:8d:ad:80:ed:e5:b9:9a:c2:ae:5d:8c:ea:7c:6d:9c:63:3c |
No Suricata HTTP
文件名 | RecoveryStore.{85B39B03-AAE1-11E8-A8AC-52540024C8FE}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85B39B03-AAE1-11E8-A8AC-52540024C8FE}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 88ef8c32153c2fc07350779625d3aab1 |
SHA1 | 81ff211ddb7615528accf17da65e6e8dd0fd2968 |
SHA256 | 3c688e7e5c0edbd2cb5803eaebb9c1682a75f0f9e351783a674155873c48470c |
CRC32 | C7358DB8 |
Ssdeep | 12:rl0YmGF2CrEg5+IaCrI017+FaG/lsDrEgmf+IaCy8qgQNlTqoxk:rIC5/OlYGv/TQNlWoxk |
下载 提交魔盾安全分析 |
文件名 | D6BFFC0376182436FD02102800A91CAA |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D6BFFC0376182436FD02102800A91CAA
|
文件大小 | 279 字节 |
文件类型 | data |
MD5 | 23ca0963a72286a54cd91f767a4ee18b |
SHA1 | 4072be01af23889bb218e00770baba5d6607aeeb |
SHA256 | 26bc33ba4c9719db52c91856f368e9381b4b779717975c2890b72b93050e393f |
CRC32 | 4D588F86 |
Ssdeep | 6:J0kkTbDsV+X5o7RIDh3gSV+9MALixM/owZmn5N9:JTkQV+5IlmiMA2AorL9 |
下载 提交魔盾安全分析 |
文件名 | download[1].css |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\download[1].css
|
文件大小 | 43623 字节 |
文件类型 | ASCII text, with very long lines, with no line terminators |
MD5 | 527494803eb04ab24fd444ce99031972 |
SHA1 | c78d18dc42c42c998a9aedeac8bbae77d015b7e4 |
SHA256 | 219049aed3a0abed00980e8438b87b95991aae731671521ccf2ce359b1784af0 |
CRC32 | 640D78E2 |
Ssdeep | 768:W3Oee0pCmicAU24LazBCOcGiArQQtu4HBaa2i:Wu5PU24LazBCOcGiYQQtu4Hz |
下载 提交魔盾安全分析 显示文本 | |
a,button{cursor:pointer}.out-container,.pattern{-webkit-transition:all .5s}.main,.out-container{display:block;height:100%}*,.wechat-tips{box-sizing:border-box}@font-face{font-weight:300;font-style:normal;font-family:'Roboto Slab';src:local("Roboto Slab Light"),local("RobotoSlab-Light"),url(roboto-slab-300.woff2) format("woff2");unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215,U+E0FF,U+EFFD,U+F000}@font-face{font-weight:400;font-style:normal;font-family:'Roboto Slab';src:local("Roboto Slab Regular"),local("RobotoSlab-Regular"),url(roboto-slab-400.woff2) format("woff2");unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215,U+E0FF,U+EFFD,U+F000}@font-face{font-weight:700;font-style:normal;font-family:'Roboto Slab';src:local("Roboto Slab Bold"),local("RobotoSlab-Bold"),url(roboto-slab-700.woff2) format("woff2");unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2212,U+2215,U+E0FF,U+EFFD,U+F000}@font-face{font-family:'Open Sans';font-style:normal;font-weight:300;src:local("Open Sans Light"),local("OpenSans-Light"),url(DXI1ORHCpsQm3Vp6mXoaTQ7aC6SjiAOpAWOKfJDfVRY.woff2) format("woff2");unicode-range:U+0460-052F,U+20B4,U+2DE0-2DFF,U+A640-A69F}@font-face{font-family:'Open Sans';font-style:normal;font-weight:300;src:local("Open Sans Light"),local("OpenSans-Light"),url(DXI1ORHCpsQm3Vp6mXoaTRdwxCXfZpKo5kWAx_74bHs.woff2) format("woff2");unicode-range:U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:'Open Sans';font-style:normal;font-weight:300;src:local("Open Sans Light"),local("OpenSans-Light"),url(DXI1ORHCpsQm3Vp6mXoaTZ6vnaPZw6nYDxM4SVEMFKg.woff2) format("woff2");unicode-range:U+1F00-1FFF}@font-face{font-family:'Open Sans';font-style:normal;font-weight:300;src:local("Open Sans Light"),local("OpenSans-Light"),url(DXI1ORHCpsQm3Vp6mXoaTfy1_HTwRwgtl1cPga3Fy3Y.woff2) format("woff2");unicode-range:U+0370-03FF}@font-face{font-family:'Open Sans';font-style:normal;fo <truncated> |
文件名 | {85B39B04-AAE1-11E8-A8AC-52540024C8FE}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85B39B04-AAE1-11E8-A8AC-52540024C8FE}.dat
|
文件大小 | 4608 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | efde3f66467f7b3092849571f5e00455 |
SHA1 | d7992f310df63b46d6371b68155511f1d75cdbe4 |
SHA256 | d661f8398637ce2453b1cfc0da439edf9e569d52715cc0fbb4b13c7758d30a31 |
CRC32 | 958C524D |
Ssdeep | 12:rlfFZ/rrEgmfR16FGlYrEgmfF1qjNlYfOo3+/NlX9oiD+X:rpGplYGoNljowNlNo4 |
下载 提交魔盾安全分析 |
文件名 | 3-1534618255[1].png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\3-1534618255[1].png
|
文件大小 | 8260 字节 |
文件类型 | PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced |
MD5 | ee2c6bf39d862146017e4e5f579c6e13 |
SHA1 | 0e6e9bbfbacd421a419be00855f099aa9e389503 |
SHA256 | e2b200ff6f66b003dc8a2e7cc43996ba76ea2713523598f6a9913df2cc9270de |
CRC32 | DEDE56F8 |
Ssdeep | 192:pSIsrs5pyAbamUKkhWrsd03d3hI+FfNCvnGMly:Qfr61rUK2K370NA |
下载 提交魔盾安全分析 |
文件名 | D6BFFC0376182436FD02102800A91CAA |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D6BFFC0376182436FD02102800A91CAA
|
文件大小 | 432 字节 |
文件类型 | data |
MD5 | 545a5042071afa28e3b6429ce8fe5227 |
SHA1 | 209990f1f5ca8345b964c410a1dc885934fe2c52 |
SHA256 | 13974ed22f0c7f4f33f6edc73a3693222887f41e296c558b9c82772df88cc6e7 |
CRC32 | B103D6A7 |
Ssdeep | 12:u3yh1QxMiv8sFeWEqfQhmDwaYTdcsOWRm:myPQxxvQOfQhKwaYTuMM |
下载 提交魔盾安全分析 |
文件名 | B398B80134F72209547439DB21AB308D_DB858BAF37417FB2524E7EB9F080713F |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_DB858BAF37417FB2524E7EB9F080713F
|
文件大小 | 471 字节 |
文件类型 | data |
MD5 | 58255b53dfd9b8fe9f1c998d1cbfdbd9 |
SHA1 | 1929dedf259db6b27042bbc8b63c77611dbb9acb |
SHA256 | 59adcf94e75934da24af346cade754ad70ea1aeb670cd269cb7010abdb04dc8c |
CRC32 | 26A96C86 |
Ssdeep | 12:JD2+5VUUG5J72+n4513rcU0g0o7Z11f2yJUmhCb8xya:JD2+5qtf72+Ayg0o7Lt2ymmhhya |
下载 提交魔盾安全分析 |
文件名 | favicon[1].ico |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
|
文件大小 | 16958 字节 |
文件类型 | MS Windows icon resource - 1 icon, 64x64 |
MD5 | ee149343b5a2ebe0c6f0a8ac072cd3e5 |
SHA1 | fa6557bfdb50dd3f9ebb7c36929ceb2a13d0efd7 |
SHA256 | 5009d0eeabf2d3fcca66eb85c5df51c917a6b6bba2234c01521b4d820494c4b9 |
CRC32 | F31F24C9 |
Ssdeep | 192:1DW+VL/iXcs4t2AXvOynFXVvT7Ac92O0TozmT:hhVKc9kAX3kPThT |
下载 提交魔盾安全分析 |
文件名 | qrcode[1].png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qrcode[1].png
|
文件大小 | 300 字节 |
文件类型 | PNG image data, 99 x 99, 1-bit colormap, non-interlaced |
MD5 | bbe9f6811805d68c0f948e69f539e4de |
SHA1 | 28b24f89cd42a7b6c710a8e6cad6b4c062d580f5 |
SHA256 | eee0a879d997753b82b6860ccce9df0637a14ac17405dec4087efa3b17608bd6 |
CRC32 | 87237A5E |
Ssdeep | 6:6v/lhPFJ+wQ3a1ajErJxXmIcSZVWA9gs33hzc4PTB5vO1qMdnvjp:6v/7dJH1aAbfyAWaJPTDveqMBvN |
下载 提交魔盾安全分析 |
文件名 | left[1].png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\left[1].png
|
文件大小 | 20820 字节 |
文件类型 | PNG image data, 311 x 1001, 8-bit/color RGBA, non-interlaced |
MD5 | 5243159a489c013aaf434429d7fed591 |
SHA1 | 08c92da07245f7544021cf4d9cab584661fc30fe |
SHA256 | 0f52294d3c76b5dcd928379c94194d079acd5f15a1f5db96d38d79e45da0012e |
CRC32 | F01792A0 |
Ssdeep | 384:Z3viVPzqEUWJzaq+VRNpzDDvOBDAPonHUrFwNCKD8YmVKw2oeNDVJmU7/VSgdmup:9viVPeEU80RzfOBDQ2HUW/3n7/Iglp |
下载 提交魔盾安全分析 |
文件名 | B398B80134F72209547439DB21AB308D_DB858BAF37417FB2524E7EB9F080713F |
---|---|
相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_DB858BAF37417FB2524E7EB9F080713F
|
文件大小 | 434 字节 |
文件类型 | data |
MD5 | 2fa2f249dda21bc0e6a75f41e9db969f |
SHA1 | c35ff7ec7330f6388a1411350882cc43c4fa07d6 |
SHA256 | 47062b2f134125b556d21b876a78507e0927a2e20f6d924da588835a825815ea |
CRC32 | 7281D1B8 |
Ssdeep | 12:XzYIu511mxMiv8sFbq0yNYmc3Q2Blc4Q6tfji:XzYII11mxxvummO/W4QUfji |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018082920180830\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 1ef4f62ed1ef1fee8dfe2515cb4aa75a |
SHA1 | 310883feaf69c6ffc6f97a0ba126a259b04d69d1 |
SHA256 | dba898fa94512305ddcdb6cc4ec9b0d9eaf4ee6648df96a7e52cdc545712a4b3 |
CRC32 | 12A540F7 |
Ssdeep | 6:qjyxXKHR2o3QGnjlnFdv2dWvl2OLIIIKzU3QGnVFdv2dWvlTIII:qjRHAo3QI3x992uIH3QIvx99sI |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0ee0d92f5ad9cd4d354a120734ae8e5e |
SHA1 | a3d2338356b933a1240f053b89efe7f1b5e63353 |
SHA256 | bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771 |
CRC32 | 36F430F7 |
Ssdeep | 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg |
下载 提交魔盾安全分析 |
文件名 | right[1].png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\right[1].png
|
文件大小 | 35824 字节 |
文件类型 | PNG image data, 311 x 1001, 8-bit/color RGBA, non-interlaced |
MD5 | f792b597b0a14c7d17940dd0b7e12d00 |
SHA1 | 36bcfadcafab05cfcca35d221bbed563cadd068a |
SHA256 | a878fe7f0c657ef56c8d15ba2a719cb57bb3f5baccc2df0827c34653641b7b00 |
CRC32 | D295C444 |
Ssdeep | 384:FPtM/30n6Di67P+ubAtVn30Sfszikqq+Qf2SL7eJB/7ANd5EFW2Fa:5tNnsZDytR05zVN+QfD7u7AzYA |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 181096 |
---|---|
Mongo ID | 5b857cd72e06337e0696f74a |
Cuckoo release | 1.4-Maldun |