分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-1 2018-09-15 19:12:49 2018-09-15 19:15:13 144 秒

魔盾分数

1.6

正常的

URL详细信息


登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.110.118.67 中国
101.227.172.62 未知 中国
103.224.249.15 香港
116.211.169.137 中国
117.18.237.29 亚洲太平洋地区
220.181.7.190 未知 中国
23.224.175.54 美国
58.215.145.30 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.wl666.com A 103.224.249.15
t.cn A 116.211.169.137
pv.sohu.com CNAME gdv.a.sohu.com
A 101.227.172.62
CNAME f7sh2v.a.sohu.com
qq.com-v-qq.com CNAME dy.cdn-789.com
A 145.14.132.187
A 103.103.49.229
A 145.14.132.235
A 198.40.54.253
A 103.103.51.206
A 145.14.132.100
A 185.173.225.148
A 145.14.132.251
A 198.40.54.254
A 23.224.175.54
A 103.103.49.230
A 23.224.147.227
A 103.103.49.163
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.7.190
ocsp.globalsign.com CNAME global.prd.cdn.globalsign.com
CNAME globalsign.com.w.kunlunar.com
A 58.215.145.30
cdp1.public-trust.com CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.digicert.com

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: CN
State: None
City: None
ZIP Code: None
Address: None

Orginization: zhibo
Domain Name(s):
    WL666.COM
    wl666.com
Creation Date:
    2013-02-17 15:58:27
Updated Date:
    2018-07-24 03:40:57
    2018-06-07 02:45:36
Expiration Date:
    2019-02-17 15:58:27
Email(s):
    abuse@godaddy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    NS1.DNSDUN.COM
    NS1.DNSDUN.NET
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2592, 上一级进程 PID: 2384

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.110.118.67 中国
101.227.172.62 未知 中国
103.224.249.15 香港
116.211.169.137 中国
117.18.237.29 亚洲太平洋地区
220.181.7.190 未知 中国
23.224.175.54 美国
58.215.145.30 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 63255 101.110.118.67 80
192.168.122.201 49170 101.227.172.62 pv.sohu.com 80
192.168.122.201 49159 103.224.249.15 www.wl666.com 80
192.168.122.201 49164 103.224.249.15 www.wl666.com 80
192.168.122.201 49165 103.224.249.15 www.wl666.com 80
192.168.122.201 49166 103.224.249.15 www.wl666.com 80
192.168.122.201 49167 103.224.249.15 www.wl666.com 80
192.168.122.201 49168 103.224.249.15 www.wl666.com 80
192.168.122.201 49172 103.224.249.15 www.wl666.com 80
192.168.122.201 49173 103.224.249.15 www.wl666.com 80
192.168.122.201 49169 116.211.169.137 t.cn 80
192.168.122.201 63253 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 63256 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 63247 125.56.201.138 80
192.168.122.201 63245 192.168.122.1 53
192.168.122.201 63254 205.197.140.145 80
192.168.122.201 49174 220.181.7.190 hm.baidu.com 443
192.168.122.201 49171 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63249 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63250 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63251 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63248 23.32.241.176 80
192.168.122.201 49175 58.215.145.30 ocsp.globalsign.com 80
192.168.122.201 63246 58.216.106.164 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 50005 192.168.122.1 53
192.168.122.201 50147 192.168.122.1 53
192.168.122.201 51769 192.168.122.1 53
192.168.122.201 53569 192.168.122.1 53
192.168.122.201 53720 192.168.122.1 53
192.168.122.201 54191 192.168.122.1 53
192.168.122.201 54569 192.168.122.1 53
192.168.122.201 58056 192.168.122.1 53
192.168.122.201 60231 192.168.122.1 53
192.168.122.201 60684 192.168.122.1 53
192.168.122.201 61800 192.168.122.1 53
192.168.122.201 64292 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.wl666.com A 103.224.249.15
t.cn A 116.211.169.137
pv.sohu.com CNAME gdv.a.sohu.com
A 101.227.172.62
CNAME f7sh2v.a.sohu.com
qq.com-v-qq.com CNAME dy.cdn-789.com
A 145.14.132.187
A 103.103.49.229
A 145.14.132.235
A 198.40.54.253
A 103.103.51.206
A 145.14.132.100
A 185.173.225.148
A 145.14.132.251
A 198.40.54.254
A 23.224.175.54
A 103.103.49.230
A 23.224.147.227
A 103.103.49.163
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.7.190
ocsp.globalsign.com CNAME global.prd.cdn.globalsign.com
CNAME globalsign.com.w.kunlunar.com
A 58.215.145.30
cdp1.public-trust.com CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.digicert.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 63255 101.110.118.67 80
192.168.122.201 49170 101.227.172.62 pv.sohu.com 80
192.168.122.201 49159 103.224.249.15 www.wl666.com 80
192.168.122.201 49164 103.224.249.15 www.wl666.com 80
192.168.122.201 49165 103.224.249.15 www.wl666.com 80
192.168.122.201 49166 103.224.249.15 www.wl666.com 80
192.168.122.201 49167 103.224.249.15 www.wl666.com 80
192.168.122.201 49168 103.224.249.15 www.wl666.com 80
192.168.122.201 49172 103.224.249.15 www.wl666.com 80
192.168.122.201 49173 103.224.249.15 www.wl666.com 80
192.168.122.201 49169 116.211.169.137 t.cn 80
192.168.122.201 63253 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 63256 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 63247 125.56.201.138 80
192.168.122.201 63245 192.168.122.1 53
192.168.122.201 63254 205.197.140.145 80
192.168.122.201 49174 220.181.7.190 hm.baidu.com 443
192.168.122.201 49171 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63249 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63250 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63251 23.224.175.54 qq.com-v-qq.com 443
192.168.122.201 63248 23.32.241.176 80
192.168.122.201 49175 58.215.145.30 ocsp.globalsign.com 80
192.168.122.201 63246 58.216.106.164 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 50005 192.168.122.1 53
192.168.122.201 50147 192.168.122.1 53
192.168.122.201 51769 192.168.122.1 53
192.168.122.201 53569 192.168.122.1 53
192.168.122.201 53720 192.168.122.1 53
192.168.122.201 54191 192.168.122.1 53
192.168.122.201 54569 192.168.122.1 53
192.168.122.201 58056 192.168.122.1 53
192.168.122.201 60231 192.168.122.1 53
192.168.122.201 60684 192.168.122.1 53
192.168.122.201 61800 192.168.122.1 53
192.168.122.201 64292 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
GET /Play/kangweixialvdierji/Vod-0-5.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/index.css
GET /template/film/images/index.css HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/play.js
GET /bofangqi/play.js HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/logo.gif
GET /template/film/images/logo.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/new1.gif
GET /template/film/images/new1.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/js/wlvod/top-960.js
GET /js/wlvod/top-960.js HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/but1.gif
GET /template/film/images/but1.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/topbg.gif
GET /template/film/images/topbg.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/f4.gif
GET /template/film/images/f4.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/playdata/20/45332.js?41343.93
GET /playdata/20/45332.js?41343.93 HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/ybg.gif
GET /template/film/images/ybg.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/playdata/10/9022.js?ef=2
GET /playdata/10/9022.js?ef=2 HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/player.html
GET /bofangqi/player.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/css.css
GET /bofangqi/css.css HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/bofangqi/player.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/player.js
GET /bofangqi/player.js HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/bofangqi/player.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://t.cn/qcMYa
GET /qcMYa HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: t.cn
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/js/loading.html
GET /js/loading.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.wl666.com/bofangqi/player.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/playload.html
GET /bofangqi/playload.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.wl666.com/bofangqi/player.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/bofangqi/playdy/kuyun.html
GET /bofangqi/playdy/kuyun.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.wl666.com/bofangqi/player.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/pic/vloading.gif
GET /pic/vloading.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/js/loading.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://pv.sohu.com/cityjson
GET /cityjson HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pv.sohu.com

URL专业沙箱检测 -> http://www.wl666.com/js/wlvod/play-2.js
GET /js/wlvod/play-2.js HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/js/wlvod/tongji.js
GET /js/wlvod/tongji.js HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/anquan.gif
GET /template/film/images/anquan.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.wl666.com/template/film/images/new.gif
GET /template/film/images/new.gif HTTP/1.1
Accept: */*
Referer: http://www.wl666.com/Play/kangweixialvdierji/Vod-0-5.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.wl666.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 01 Sep 2018 00:29:03 GMT
If-None-Match: "1480bfa43edc451651e279ba0f6dc69348c58eec"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com

URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 163163
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 26 Aug 2018 23:00:19 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com

URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D HTTP/1.1
Cache-Control: max-age = 163216
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 26 Aug 2018 23:00:19 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com

URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEEUtHCzqfUgKLl%2FmH%2FTAFRs%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEEUtHCzqfUgKLl%2FmH%2FTAFRs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com

URL专业沙箱检测 -> http://cdp1.public-trust.com/CRL/Omniroot2025.crl
GET /CRL/Omniroot2025.crl HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 21 Aug 2018 20:59:15 GMT
If-None-Match: "2057461361"
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com

URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

URL专业沙箱检测 -> http://101.110.118.67/crl.microsoft.com/pki/crl/products/tspca.crl
GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: 101.110.118.67

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172072
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 31 Aug 2018 21:45:22 GMT
If-None-Match: "5b89b6f2-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-09-15 19:13:10.267509+0800 192.168.122.201 49174 220.181.7.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 7e:2f:c8:ca:7c:3e:c3:a7:44:6a:cb:b2:08:56:f3:6d:dd:9b:85:a5
2018-09-15 19:13:12.988054+0800 192.168.122.201 49171 23.224.175.54 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=cn2.okokyun.com 2b:0d:a0:d2:ec:7e:66:7b:08:78:79:68:7c:0d:8c:02:cf:f2:75:1b

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 26.929 seconds )

  • 16.513 NetworkAnalysis
  • 7.653 Suricata
  • 1.33 VirusTotal
  • 1.228 Static
  • 0.199 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 2.265 seconds )

  • 2.158 md_url_bl
  • 0.03 md_domain_bl
  • 0.016 md_bad_drop
  • 0.011 antiav_detectreg
  • 0.005 persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 ie_martian_children

Reporting ( 0.391 seconds )

  • 0.391 ReportHTMLSummary
Task ID 187371
Mongo ID 5b9ce9e3bb7d5755a4cd88cd
Cuckoo release 1.4-Maldun