恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2018-09-19 19:22:41	2018-09-19 19:25:02	141 秒

魔盾分数

1.2

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://www.xuepojie.com/

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	101.89.125.236	未知	中国
否	117.18.237.29	未知	亚洲太平洋地区
否	122.228.95.240	未知	中国
否	14.215.177.87	中国
否	220.181.7.190	未知	中国
否	221.228.219.30	未知	中国
否	221.228.219.32	中国
否	59.56.78.54	未知	中国
否	61.155.221.232	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.xuepojie.com	A 59.56.78.54 CNAME 21b9c635.xuepojie.com.cname.jsd.cc A 183.131.214.62
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29
g.alicdn.com	未知	CNAME g.alicdn.com.danuoyi.alicdn.com A 122.228.95.240 A 122.228.95.250
ocsp.globalsign.com	A 180.101.217.164 CNAME globalsign.com.cdn.dnsv1.com CNAME globalsign.com.s2.cdntip.com A 58.216.107.33 A 221.228.219.30 A 58.216.106.164 A 221.228.219.33 CNAME global.prd.cdn.globalsign.com A 221.228.219.32 A 180.101.217.163 A 180.101.217.160 A 180.101.217.161 A 221.228.218.163 A 58.216.106.163 A 58.216.107.34 A 221.228.218.164
at.alicdn.com	CNAME at.alicdn.com.danuoyi.alicdn.com A 61.155.221.232 A 222.186.183.254 A 222.186.183.253
img.alicdn.com	A 101.89.125.235 CNAME img.alicdn.com.danuoyi.alicdn.com A 101.89.125.236
hm.baidu.com	CNAME hm.e.shifen.com A 220.181.7.190
tag.baidu.com	未知	CNAME pilou.e.shifen.com A 14.215.177.87
cdp1.public-trust.com	CNAME crl3.digicert.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: Zhejiang
City: Hangzhou
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    XUEPOJIE.COM
    xuepojie.com
Creation Date:
    2014-08-31 05:26:57
Updated Date:
    2017-12-16 17:13:16
Expiration Date:
    2024-08-31 05:26:57
Email(s):
    DomainAbuse@service.aliyun.com

Registrar(s):
    Alibaba Cloud Computing (Beijing) Co., Ltd.
Name Server(s):
    DNS10.HICHINA.COM
    DNS9.HICHINA.COM
Referral URL(s):
    None

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2688, 上一级进程 PID: 2384

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	101.89.125.236	未知	中国
否	117.18.237.29	未知	亚洲太平洋地区
否	122.228.95.240	未知	中国
否	14.215.177.87	中国
否	220.181.7.190	未知	中国
否	221.228.219.30	未知	中国
否	221.228.219.32	中国
否	59.56.78.54	未知	中国
否	61.155.221.232	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	54450	101.89.125.236 img.alicdn.com	443
192.168.122.201	49160	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	54454	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	54456	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49166	122.228.95.240 g.alicdn.com	443
192.168.122.201	49167	122.228.95.240 g.alicdn.com	443
192.168.122.201	54444	122.228.95.240 g.alicdn.com	443
192.168.122.201	54451	14.215.177.87 tag.baidu.com	443
192.168.122.201	54457	14.215.177.87 tag.baidu.com	443
192.168.122.201	54461	14.215.177.87 tag.baidu.com	443
192.168.122.201	54439	192.168.122.1	53
192.168.122.201	63245	192.168.122.1	53
192.168.122.201	54442	218.94.210.111	80
192.168.122.201	54443	218.94.210.111	80
192.168.122.201	54449	220.181.7.190 hm.baidu.com	443
192.168.122.201	54452	220.181.7.190 hm.baidu.com	443
192.168.122.201	54462	220.181.7.190 hm.baidu.com	443
192.168.122.201	54463	220.181.7.190 hm.baidu.com	443
192.168.122.201	54441	221.228.219.30 ocsp.globalsign.com	80
192.168.122.201	54440	221.228.219.32 ocsp.globalsign.com	80
192.168.122.201	54455	23.46.210.160	80
192.168.122.201	49159	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49161	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49162	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49163	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49164	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49165	59.56.78.54 www.xuepojie.com	443
192.168.122.201	54445	61.155.221.232 at.alicdn.com	443
192.168.122.201	54446	61.155.221.232 at.alicdn.com	443
192.168.122.201	54448	61.155.221.232 at.alicdn.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	50005	192.168.122.1	53
192.168.122.201	50147	192.168.122.1	53
192.168.122.201	51769	192.168.122.1	53
192.168.122.201	53569	192.168.122.1	53
192.168.122.201	53720	192.168.122.1	53
192.168.122.201	54191	192.168.122.1	53
192.168.122.201	54569	192.168.122.1	53
192.168.122.201	58056	192.168.122.1	53
192.168.122.201	60231	192.168.122.1	53
192.168.122.201	60684	192.168.122.1	53
192.168.122.201	61800	192.168.122.1	53
192.168.122.201	64292	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.xuepojie.com	A 59.56.78.54 CNAME 21b9c635.xuepojie.com.cname.jsd.cc A 183.131.214.62
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29
g.alicdn.com	未知	CNAME g.alicdn.com.danuoyi.alicdn.com A 122.228.95.240 A 122.228.95.250
ocsp.globalsign.com	A 180.101.217.164 CNAME globalsign.com.cdn.dnsv1.com CNAME globalsign.com.s2.cdntip.com A 58.216.107.33 A 221.228.219.30 A 58.216.106.164 A 221.228.219.33 CNAME global.prd.cdn.globalsign.com A 221.228.219.32 A 180.101.217.163 A 180.101.217.160 A 180.101.217.161 A 221.228.218.163 A 58.216.106.163 A 58.216.107.34 A 221.228.218.164
at.alicdn.com	CNAME at.alicdn.com.danuoyi.alicdn.com A 61.155.221.232 A 222.186.183.254 A 222.186.183.253
img.alicdn.com	A 101.89.125.235 CNAME img.alicdn.com.danuoyi.alicdn.com A 101.89.125.236
hm.baidu.com	CNAME hm.e.shifen.com A 220.181.7.190
tag.baidu.com	未知	CNAME pilou.e.shifen.com A 14.215.177.87
cdp1.public-trust.com	CNAME crl3.digicert.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	54450	101.89.125.236 img.alicdn.com	443
192.168.122.201	49160	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	54454	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	54456	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49166	122.228.95.240 g.alicdn.com	443
192.168.122.201	49167	122.228.95.240 g.alicdn.com	443
192.168.122.201	54444	122.228.95.240 g.alicdn.com	443
192.168.122.201	54451	14.215.177.87 tag.baidu.com	443
192.168.122.201	54457	14.215.177.87 tag.baidu.com	443
192.168.122.201	54461	14.215.177.87 tag.baidu.com	443
192.168.122.201	54439	192.168.122.1	53
192.168.122.201	63245	192.168.122.1	53
192.168.122.201	54442	218.94.210.111	80
192.168.122.201	54443	218.94.210.111	80
192.168.122.201	54449	220.181.7.190 hm.baidu.com	443
192.168.122.201	54452	220.181.7.190 hm.baidu.com	443
192.168.122.201	54462	220.181.7.190 hm.baidu.com	443
192.168.122.201	54463	220.181.7.190 hm.baidu.com	443
192.168.122.201	54441	221.228.219.30 ocsp.globalsign.com	80
192.168.122.201	54440	221.228.219.32 ocsp.globalsign.com	80
192.168.122.201	54455	23.46.210.160	80
192.168.122.201	49159	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49161	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49162	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49163	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49164	59.56.78.54 www.xuepojie.com	443
192.168.122.201	49165	59.56.78.54 www.xuepojie.com	443
192.168.122.201	54445	61.155.221.232 at.alicdn.com	443
192.168.122.201	54446	61.155.221.232 at.alicdn.com	443
192.168.122.201	54448	61.155.221.232 at.alicdn.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	50005	192.168.122.1	53
192.168.122.201	50147	192.168.122.1	53
192.168.122.201	51769	192.168.122.1	53
192.168.122.201	53569	192.168.122.1	53
192.168.122.201	53720	192.168.122.1	53
192.168.122.201	54191	192.168.122.1	53
192.168.122.201	54569	192.168.122.1	53
192.168.122.201	58056	192.168.122.1	53
192.168.122.201	60231	192.168.122.1	53
192.168.122.201	60684	192.168.122.1	53
192.168.122.201	61800	192.168.122.1	53
192.168.122.201	64292	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ5rEWLwbJFq%2FmAU80sm7E%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 01 Sep 2018 00:29:03 GMT If-None-Match: "1480bfa43edc451651e279ba0f6dc69348c58eec" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHa4k1DvtfyLdFUxtg%3D%3D	GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHa4k1DvtfyLdFUxtg%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D	GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://cdp1.public-trust.com/CRL/Omniroot2025.crl	GET /CRL/Omniroot2025.crl HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 21 Aug 2018 20:59:15 GMT If-None-Match: "2057461361" User-Agent: Microsoft-CryptoAPI/6.1 Host: cdp1.public-trust.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172072 Connection: Keep-Alive Accept: / If-Modified-Since: Fri, 31 Aug 2018 21:45:22 GMT If-None-Match: "5b89b6f2-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2018-09-19 19:22:56.287100+0800	192.168.122.201	49159	59.56.78.54	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=www.xuepojie.com	94:c2:90:f1:94:23:fe:6e:fb:e0:9c:cd:e9:fa:2e:85:74:9c:1b:b4
2018-09-19 19:23:04.053430+0800	192.168.122.201	49167	122.228.95.240	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:04.046527+0800	192.168.122.201	49166	122.228.95.240	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:06.998721+0800	192.168.122.201	54444	122.228.95.240	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:08.173204+0800	192.168.122.201	54446	61.155.221.232	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:08.173128+0800	192.168.122.201	54445	61.155.221.232	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:09.226187+0800	192.168.122.201	54448	61.155.221.232	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:09.212889+0800	192.168.122.201	54449	220.181.7.190	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	7e:2f:c8:ca:7c:3e:c3:a7:44:6a:cb:b2:08:56:f3:6d:dd:9b:85:a5
2018-09-19 19:23:10.245669+0800	192.168.122.201	54450	101.89.125.236	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	1e:49:16:7b:d7:1d:2d:7d:10:95:84:5c:51:3b:0d:06:49:5c:47:ee
2018-09-19 19:23:11.136874+0800	192.168.122.201	54451	14.215.177.87	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	7e:2f:c8:ca:7c:3e:c3:a7:44:6a:cb:b2:08:56:f3:6d:dd:9b:85:a5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 33.04 seconds )

23.508 NetworkAnalysis
7.384 Suricata
1.928 Static
0.206 AnalysisInfo
0.006 BehaviorAnalysis
0.004 Debug
0.004 Memory

Signatures ( 1.726 seconds )

1.568 md_url_bl
0.04 md_domain_bl
0.019 antiav_detectreg
0.011 persistence_autorun
0.008 antiav_detectfile
0.006 geodo_banking_trojan
0.006 infostealer_ftp
0.005 antianalysis_detectreg
0.005 md_bad_drop
0.005 ransomware_files
0.004 tinba_behavior
0.004 cerber_behavior
0.004 infostealer_bitcoin
0.004 infostealer_im
0.004 ransomware_extensions
0.003 rat_nanocore
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 betabot_behavior
0.002 browser_security
0.002 network_torgateway
0.001 network_tor
0.001 kazybot_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 ursnif_behavior
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 ie_martian_children

Reporting ( 0.0 seconds )


Task ID	188818
Mongo ID	5ba23232bb7d57400ae2fcd9
Cuckoo release	1.4-Maldun