分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp03-1 2018-09-17 22:00:25 2018-09-17 22:02:50 145 秒

魔盾分数

1.2

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://v.xiandus.com

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.110.118.67 中国
117.18.237.29 亚洲太平洋地区
117.50.31.228 未知 中国
220.181.7.190 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
v.xiandus.com A 117.50.31.228
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.7.190
ocsp.globalsign.com CNAME globalsign.com.cdn.dnsv1.com
A 122.228.251.33
CNAME globalsign.com.s2.cdntip.com
A 122.228.251.32
CNAME global.prd.cdn.globalsign.com
A 122.246.10.30
A 180.153.100.147
cdp1.public-trust.com CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.digicert.com

摘要

登录查看详细行为信息

WHOIS 信息

Name: Zeng Ying
Country: CN
State: guangdongsheng
City: zhanjiangshi
ZIP Code: 524200
Address: Guang Dong Sheng Lei Zhou Shi

Orginization: Zeng Ying
Domain Name(s):
    XIANDUS.COM
    xiandus.com
Creation Date:
    2018-04-26 09:40:08
    2018-04-26 09:40:08
Updated Date:
    2018-05-23 23:37:29
    2018-05-23 23:37:29
Expiration Date:
    2019-04-26 09:40:08
    2019-04-26 09:40:08
Email(s):
    supervision@xinnet.com
    879929381@qq.com

Registrar(s):
    XINNET TECHNOLOGY CORPORATION
Name Server(s):
    NS1.ALIDNS.COM
    NS2.ALIDNS.COM
    ns1.alidns.com
    ns2.alidns.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2684, 上一级进程 PID: 2380

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.110.118.67 中国
117.18.237.29 亚洲太平洋地区
117.50.31.228 未知 中国
220.181.7.190 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49186 101.110.118.67 80
192.168.122.201 49184 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 49187 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 49159 117.50.31.228 v.xiandus.com 80
192.168.122.201 49160 117.50.31.228 v.xiandus.com 80
192.168.122.201 49161 117.50.31.228 v.xiandus.com 80
192.168.122.201 49162 117.50.31.228 v.xiandus.com 80
192.168.122.201 49163 117.50.31.228 v.xiandus.com 80
192.168.122.201 49164 117.50.31.228 v.xiandus.com 80
192.168.122.201 49166 117.50.31.228 v.xiandus.com 80
192.168.122.201 49169 117.50.31.228 v.xiandus.com 80
192.168.122.201 49170 117.50.31.228 v.xiandus.com 80
192.168.122.201 49172 117.50.31.228 v.xiandus.com 80
192.168.122.201 49173 117.50.31.228 v.xiandus.com 80
192.168.122.201 49174 117.50.31.228 v.xiandus.com 80
192.168.122.201 49175 117.50.31.228 v.xiandus.com 80
192.168.122.201 49176 117.50.31.228 v.xiandus.com 80
192.168.122.201 49179 117.50.31.228 v.xiandus.com 80
192.168.122.201 49180 117.50.31.228 v.xiandus.com 80
192.168.122.201 49181 117.50.31.228 v.xiandus.com 80
192.168.122.201 49182 117.50.31.228 v.xiandus.com 80
192.168.122.201 49167 122.246.10.30 ocsp.globalsign.com 80
192.168.122.201 49168 122.246.10.30 ocsp.globalsign.com 80
192.168.122.201 49165 220.181.7.190 hm.baidu.com 443
192.168.122.201 49171 220.181.7.190 hm.baidu.com 443
192.168.122.201 49177 220.181.7.190 hm.baidu.com 443
192.168.122.201 49185 23.48.32.88 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49929 192.168.122.1 53
192.168.122.201 54786 192.168.122.1 53
192.168.122.201 59694 192.168.122.1 53
192.168.122.201 61941 192.168.122.1 53
192.168.122.201 62244 192.168.122.1 53
192.168.122.201 62434 192.168.122.1 53
192.168.122.201 64099 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
v.xiandus.com A 117.50.31.228
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.7.190
ocsp.globalsign.com CNAME globalsign.com.cdn.dnsv1.com
A 122.228.251.33
CNAME globalsign.com.s2.cdntip.com
A 122.228.251.32
CNAME global.prd.cdn.globalsign.com
A 122.246.10.30
A 180.153.100.147
cdp1.public-trust.com CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.digicert.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49186 101.110.118.67 80
192.168.122.201 49184 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 49187 117.18.237.29 cdp1.public-trust.com 80
192.168.122.201 49159 117.50.31.228 v.xiandus.com 80
192.168.122.201 49160 117.50.31.228 v.xiandus.com 80
192.168.122.201 49161 117.50.31.228 v.xiandus.com 80
192.168.122.201 49162 117.50.31.228 v.xiandus.com 80
192.168.122.201 49163 117.50.31.228 v.xiandus.com 80
192.168.122.201 49164 117.50.31.228 v.xiandus.com 80
192.168.122.201 49166 117.50.31.228 v.xiandus.com 80
192.168.122.201 49169 117.50.31.228 v.xiandus.com 80
192.168.122.201 49170 117.50.31.228 v.xiandus.com 80
192.168.122.201 49172 117.50.31.228 v.xiandus.com 80
192.168.122.201 49173 117.50.31.228 v.xiandus.com 80
192.168.122.201 49174 117.50.31.228 v.xiandus.com 80
192.168.122.201 49175 117.50.31.228 v.xiandus.com 80
192.168.122.201 49176 117.50.31.228 v.xiandus.com 80
192.168.122.201 49179 117.50.31.228 v.xiandus.com 80
192.168.122.201 49180 117.50.31.228 v.xiandus.com 80
192.168.122.201 49181 117.50.31.228 v.xiandus.com 80
192.168.122.201 49182 117.50.31.228 v.xiandus.com 80
192.168.122.201 49167 122.246.10.30 ocsp.globalsign.com 80
192.168.122.201 49168 122.246.10.30 ocsp.globalsign.com 80
192.168.122.201 49165 220.181.7.190 hm.baidu.com 443
192.168.122.201 49171 220.181.7.190 hm.baidu.com 443
192.168.122.201 49177 220.181.7.190 hm.baidu.com 443
192.168.122.201 49185 23.48.32.88 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49929 192.168.122.1 53
192.168.122.201 54786 192.168.122.1 53
192.168.122.201 59694 192.168.122.1 53
192.168.122.201 61941 192.168.122.1 53
192.168.122.201 62244 192.168.122.1 53
192.168.122.201 62434 192.168.122.1 53
192.168.122.201 64099 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://v.xiandus.com/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/css/blues.css
GET /template/vfed/asset/css/blues.css HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/css/style.css?v=3.0.6
GET /template/vfed/asset/css/style.css?v=3.0.6 HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/js/global.js?v=3.0.6
GET /template/vfed/asset/js/global.js?v=3.0.6 HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/js/jquery.js?v=3.0.6
GET /template/vfed/asset/js/jquery.js?v=3.0.6 HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/img/logo.png
GET /template/vfed/asset/img/logo.png HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 01 Sep 2018 00:29:03 GMT
If-None-Match: "1480bfa43edc451651e279ba0f6dc69348c58eec"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com

URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/fed/create.php?id=key
POST /template/vfed/asset/fed/create.php?id=key HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Content-Length: 15
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/fed/create.php?id=hot
GET /template/vfed/asset/fed/create.php?id=hot HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://v.xiandus.com/index.php/vod/index.html
GET /index.php/vod/index.html HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/fed/create.php?id=sha
POST /template/vfed/asset/fed/create.php?id=sha HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Content-Length: 25
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/index.php/voddetail-88300.html
GET /index.php/voddetail-88300.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://v.xiandus.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/js/sidebar.js
GET /template/vfed/asset/js/sidebar.js HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/js/qrcode.js
GET /template/vfed/asset/js/qrcode.js HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/index.php/ajax/hits?mid=1&id=88300&type=update
GET /index.php/ajax/hits?mid=1&id=88300&type=update HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192838; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/index.php/comment/ajax?rid=88300&mid=1&page=1
GET /index.php/comment/ajax?rid=88300&mid=1&page=1 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192838; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/index.php/verify/index.html
GET /index.php/verify/index.html HTTP/1.1
Accept: */*
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: v.xiandus.com
Connection: Keep-Alive
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192838; mac_random=357088645168

URL专业沙箱检测 -> http://v.xiandus.com/template/vfed/asset/fed/create.php?id=sha
POST /template/vfed/asset/fed/create.php?id=sha HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://v.xiandus.com/index.php/voddetail-88300.html
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: v.xiandus.com
Content-Length: 55
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: Hm_lvt_a3a5e1307aa95818f0fcc2962857be86=1537192834; Hm_lpvt_a3a5e1307aa95818f0fcc2962857be86=1537192838; mac_random=357088645168

URL专业沙箱检测 -> http://cdp1.public-trust.com/CRL/Omniroot2025.crl
GET /CRL/Omniroot2025.crl HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 21 Aug 2018 20:59:15 GMT
If-None-Match: "2057461361"
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com

URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

URL专业沙箱检测 -> http://101.110.118.67/crl.microsoft.com/pki/crl/products/tspca.crl
GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: 101.110.118.67

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172072
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 31 Aug 2018 21:45:22 GMT
If-None-Match: "5b89b6f2-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-09-17 22:00:48.369033+0800 192.168.122.201 49165 220.181.7.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 7e:2f:c8:ca:7c:3e:c3:a7:44:6a:cb:b2:08:56:f3:6d:dd:9b:85:a5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 22.437 seconds )

  • 12.653 NetworkAnalysis
  • 8.688 Suricata
  • 0.725 Static
  • 0.341 AnalysisInfo
  • 0.019 Debug
  • 0.007 BehaviorAnalysis
  • 0.004 Memory

Signatures ( 2.151 seconds )

  • 1.866 md_url_bl
  • 0.148 md_bad_drop
  • 0.026 md_domain_bl
  • 0.019 antiav_detectreg
  • 0.01 persistence_autorun
  • 0.009 antiav_detectfile
  • 0.006 geodo_banking_trojan
  • 0.006 infostealer_ftp
  • 0.005 antianalysis_detectreg
  • 0.004 tinba_behavior
  • 0.004 cerber_behavior
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.004 ransomware_files
  • 0.003 rat_nanocore
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 ransomware_extensions
  • 0.002 betabot_behavior
  • 0.002 browser_security
  • 0.002 network_torgateway
  • 0.001 network_tor
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 ursnif_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 188094
Mongo ID 5b9fb42aa093ef245c83b54d
Cuckoo release 1.4-Maldun