恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2018-09-20 22:17:48	2018-09-20 22:20:12	144 秒

魔盾分数

3.2

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	109.232.217.234	土耳其
否	172.217.31.234	美国
否	216.58.199.10	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
isttp.org	A 109.232.217.234
ajax.googleapis.com	A 172.217.24.202 CNAME googleapis.l.google.com A 216.58.200.10 A 172.217.31.234 A 172.217.25.10 A 216.58.199.10 A 172.217.161.138

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Ihsan Toy
Country: TR
State: None
City: Istanbul
ZIP Code: 00000
Address: Halicilar Cd. No:100 Fatih

Orginization: Ihsan Toy
Domain Name(s):
    ISTTP.ORG
Creation Date:
    2010-01-27 14:00:12
Updated Date:
    2018-01-30 15:01:57
    2018-01-30 15:01:49
Expiration Date:
    2019-01-27 14:00:12
Email(s):
    abuse-contact@publicdomainregistry.com
    caricare@msn.com

Registrar(s):
    PDR Ltd. d/b/a PublicDomainRegistry.com
Name Server(s):
    CPNS1.TURHOST.COM
    CPNS2.TURHOST.COM
    cpns1.turhost.com
    cpns2.turhost.com
Referral URL(s):
    None

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2664, 上一级进程 PID: 2384

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	109.232.217.234	土耳其
否	172.217.31.234	美国
否	216.58.199.10	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49159	109.232.217.234 isttp.org	80
192.168.122.201	49160	109.232.217.234 isttp.org	80
192.168.122.201	49162	109.232.217.234 isttp.org	80
192.168.122.201	49163	109.232.217.234 isttp.org	80
192.168.122.201	49164	109.232.217.234 isttp.org	80
192.168.122.201	49165	109.232.217.234 isttp.org	80
192.168.122.201	49168	172.217.31.234 ajax.googleapis.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	54569	192.168.122.1	53
192.168.122.201	60231	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
isttp.org	A 109.232.217.234
ajax.googleapis.com	A 172.217.24.202 CNAME googleapis.l.google.com A 216.58.200.10 A 172.217.31.234 A 172.217.25.10 A 216.58.199.10 A 172.217.161.138

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49159	109.232.217.234 isttp.org	80
192.168.122.201	49160	109.232.217.234 isttp.org	80
192.168.122.201	49162	109.232.217.234 isttp.org	80
192.168.122.201	49163	109.232.217.234 isttp.org	80
192.168.122.201	49164	109.232.217.234 isttp.org	80
192.168.122.201	49165	109.232.217.234 isttp.org	80
192.168.122.201	49168	172.217.31.234 ajax.googleapis.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	54569	192.168.122.1	53
192.168.122.201	60231	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/ HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/newdir.php	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/newdir.php HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69 HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/ HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/Up-dating.php?country.x=CN-China&ACCT.x=ID-PPL=PA324101.81.247.144=ScrPg=d8649a9a9bb139a368c1a232a910ddb6b6ec340eba1ec47339bd484913c3e8b7S=$1$n0Le7nRK$hLC0TK3iv2jGTOAFYTarH1iSLt7NrY4QhHFgXf3ZqwGJBz5kUeCbpjcAml9Kan8PxV6sOTvWy2d1REouDI0My5Ktub7YOUrshdlFx8HkvJcRGIDZQn3BXfjMaoLTpWA19Smiwe0CEq6V2Pg4zN29254521417	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/Up-dating.php?country.x=CN-China&ACCT.x=ID-PPL=PA324101.81.247.144=ScrPg=d8649a9a9bb139a368c1a232a910ddb6b6ec340eba1ec47339bd484913c3e8b7S=$1$n0Le7nRK$hLC0TK3iv2jGTOAFYTarH1iSLt7NrY4QhHFgXf3ZqwGJBz5kUeCbpjcAml9Kan8PxV6sOTvWy2d1REouDI0My5Ktub7YOUrshdlFx8HkvJcRGIDZQn3BXfjMaoLTpWA19Smiwe0CEq6V2Pg4zN29254521417 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/imcs_files/jquery.maskedinput.js	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/imcs_files/jquery.maskedinput.js HTTP/1.1 Accept: / Referer: http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/Up-dating.php?country.x=CN-China&ACCT.x=ID-PPL=PA324101.81.247.144=ScrPg=d8649a9a9bb139a368c1a232a910ddb6b6ec340eba1ec47339bd484913c3e8b7S=$1$n0Le7nRK$hLC0TK3iv2jGTOAFYTarH1iSLt7NrY4QhHFgXf3ZqwGJBz5kUeCbpjcAml9Kan8PxV6sOTvWy2d1REouDI0My5Ktub7YOUrshdlFx8HkvJcRGIDZQn3BXfjMaoLTpWA19Smiwe0CEq6V2Pg4zN29254521417 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5
URL专业沙箱检测 -> http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/imcs_files/appSuperBowl.css	GET /plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/imcs_files/appSuperBowl.css HTTP/1.1 Accept: / Referer: http://isttp.org/plugins/editors/tinymce/templates/Sigin/Account/Verfication/Customer/c03695ac04569894215feae2fe2f3e69/Up-dating.php?country.x=CN-China&ACCT.x=ID-PPL=PA324101.81.247.144=ScrPg=d8649a9a9bb139a368c1a232a910ddb6b6ec340eba1ec47339bd484913c3e8b7S=$1$n0Le7nRK$hLC0TK3iv2jGTOAFYTarH1iSLt7NrY4QhHFgXf3ZqwGJBz5kUeCbpjcAml9Kan8PxV6sOTvWy2d1REouDI0My5Ktub7YOUrshdlFx8HkvJcRGIDZQn3BXfjMaoLTpWA19Smiwe0CEq6V2Pg4zN29254521417 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: isttp.org Connection: Keep-Alive Cookie: PHPSESSID=j7df6evusdv5mukl4gcj5knav5

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 22.638 seconds )

12.256 NetworkAnalysis
7.405 Suricata
2.77 Static
0.197 AnalysisInfo
0.004 BehaviorAnalysis
0.003 Debug
0.003 Memory

Signatures ( 1.547 seconds )

1.468 md_url_bl
0.011 antiav_detectreg
0.011 md_domain_bl
0.006 persistence_autorun
0.005 infostealer_ftp
0.004 antiav_detectfile
0.004 geodo_banking_trojan
0.004 md_bad_drop
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 infostealer_mail
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 network_torgateway
0.001 betabot_behavior
0.001 cerber_behavior
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 ie_martian_children

Reporting ( 0.0 seconds )


Task ID	189238
Mongo ID	5ba3acb5bb7d573ffee300bb
Cuckoo release	1.4-Maldun