恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-1	2019-01-14 14:20:55	2019-01-14 14:25:02	247 秒

魔盾分数

0.425

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://www.6vhao.tv

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	112.74.43.220	未知	中国
否	114.80.187.105	未知	中国
否	114.80.187.106	未知	中国
否	122.225.34.185	未知	中国
否	128.14.143.134	未知	美国
否	203.119.129.115	未知	中国
否	218.90.204.29	未知	中国
否	36.97.143.45	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.6vhao.tv	A 36.97.143.45 CNAME a2b3.cm.china-cache.net CNAME 6vhao.tv.cn.xatyds.com
e.goodgz.cn	未知	A 112.74.43.220
s95.cnzz.com	CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com A 114.80.187.106 A 114.80.187.105
img.chenzhanjun007.cn	未知	A 122.225.34.185 CNAME img.chenzhanjun007.cn.w.kunlungr.com
c.cnzz.com
z1.cnzz.com	CNAME z.cnzz.com A 203.119.129.115 CNAME z.gds.cnzz.com
6vvnet.kkcaicai.com	A 218.90.204.29
gg.kkcaicai.com
tu.66vod.net	A 128.1.90.94 A 128.14.143.134
z4.cnzz.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Registration Private
Country: US
State: Arizona
City: Scottsdale
ZIP Code: 85260
Address: DomainsByProxy.com

Orginization: Domains By Proxy, LLC
Domain Name(s):
    6VHAO.TV
    6vhao.tv
Creation Date:
    2015-10-27 14:57:56
    2015-10-27 09:57:56
Updated Date:
    2018-12-20 06:13:49
    2017-01-03 06:05:06
Expiration Date:
    2019-10-27 14:57:56
    2019-10-27 09:57:56
Email(s):
    abuse@godaddy.com
    6vhao.tv@domainsbyproxy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    V1.DNS.COM
    V2.DNS.COM
Referral URL(s):
    None

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	112.74.43.220	未知	中国
否	114.80.187.105	未知	中国
否	114.80.187.106	未知	中国
否	122.225.34.185	未知	中国
否	128.14.143.134	未知	美国
否	203.119.129.115	未知	中国
否	218.90.204.29	未知	中国
否	36.97.143.45	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49169	112.74.43.220 e.goodgz.cn	443
192.168.122.201	49170	114.80.187.105 s95.cnzz.com	80
192.168.122.201	49174	114.80.187.106 s95.cnzz.com	80
192.168.122.201	49171	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.201	49172	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.201	49173	122.225.34.185 img.chenzhanjun007.cn	80
192.168.122.201	49182	128.14.143.134 tu.66vod.net	443
192.168.122.201	49183	128.14.143.134 tu.66vod.net	443
192.168.122.201	49184	128.14.143.134 tu.66vod.net	443
192.168.122.201	49185	128.14.143.134 tu.66vod.net	443
192.168.122.201	49186	128.14.143.134 tu.66vod.net	443
192.168.122.201	49187	128.14.143.134 tu.66vod.net	443
192.168.122.201	49188	128.14.143.134 tu.66vod.net	443
192.168.122.201	49189	128.14.143.134 tu.66vod.net	443
192.168.122.201	49190	128.14.143.134 tu.66vod.net	443
192.168.122.201	49191	128.14.143.134 tu.66vod.net	443
192.168.122.201	49192	128.14.143.134 tu.66vod.net	443
192.168.122.201	49193	128.14.143.134 tu.66vod.net	443
192.168.122.201	49194	128.14.143.134 tu.66vod.net	443
192.168.122.201	49195	128.14.143.134 tu.66vod.net	443
192.168.122.201	49196	128.14.143.134 tu.66vod.net	443
192.168.122.201	49197	128.14.143.134 tu.66vod.net	443
192.168.122.201	49198	128.14.143.134 tu.66vod.net	443
192.168.122.201	49199	128.14.143.134 tu.66vod.net	443
192.168.122.201	49200	128.14.143.134 tu.66vod.net	443
192.168.122.201	49201	128.14.143.134 tu.66vod.net	443
192.168.122.201	49175	203.119.129.115 z1.cnzz.com	80
192.168.122.201	49203	203.119.129.115 z1.cnzz.com	80
192.168.122.201	49178	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.201	49181	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.201	49159	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49160	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49161	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49162	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49163	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49164	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49166	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49167	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49176	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49177	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49179	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49204	36.97.143.45 www.6vhao.tv	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52453	192.168.122.1	53
192.168.122.201	53863	192.168.122.1	53
192.168.122.201	53932	192.168.122.1	53
192.168.122.201	57570	192.168.122.1	53
192.168.122.201	58181	192.168.122.1	53
192.168.122.201	58463	192.168.122.1	53
192.168.122.201	60192	192.168.122.1	53
192.168.122.201	61698	192.168.122.1	53
192.168.122.201	62233	192.168.122.1	53
192.168.122.201	65422	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.6vhao.tv	A 36.97.143.45 CNAME a2b3.cm.china-cache.net CNAME 6vhao.tv.cn.xatyds.com
e.goodgz.cn	未知	A 112.74.43.220
s95.cnzz.com	CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com A 114.80.187.106 A 114.80.187.105
img.chenzhanjun007.cn	未知	A 122.225.34.185 CNAME img.chenzhanjun007.cn.w.kunlungr.com
c.cnzz.com
z1.cnzz.com	CNAME z.cnzz.com A 203.119.129.115 CNAME z.gds.cnzz.com
6vvnet.kkcaicai.com	A 218.90.204.29
gg.kkcaicai.com
tu.66vod.net	A 128.1.90.94 A 128.14.143.134
z4.cnzz.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49169	112.74.43.220 e.goodgz.cn	443
192.168.122.201	49170	114.80.187.105 s95.cnzz.com	80
192.168.122.201	49174	114.80.187.106 s95.cnzz.com	80
192.168.122.201	49171	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.201	49172	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.201	49173	122.225.34.185 img.chenzhanjun007.cn	80
192.168.122.201	49182	128.14.143.134 tu.66vod.net	443
192.168.122.201	49183	128.14.143.134 tu.66vod.net	443
192.168.122.201	49184	128.14.143.134 tu.66vod.net	443
192.168.122.201	49185	128.14.143.134 tu.66vod.net	443
192.168.122.201	49186	128.14.143.134 tu.66vod.net	443
192.168.122.201	49187	128.14.143.134 tu.66vod.net	443
192.168.122.201	49188	128.14.143.134 tu.66vod.net	443
192.168.122.201	49189	128.14.143.134 tu.66vod.net	443
192.168.122.201	49190	128.14.143.134 tu.66vod.net	443
192.168.122.201	49191	128.14.143.134 tu.66vod.net	443
192.168.122.201	49192	128.14.143.134 tu.66vod.net	443
192.168.122.201	49193	128.14.143.134 tu.66vod.net	443
192.168.122.201	49194	128.14.143.134 tu.66vod.net	443
192.168.122.201	49195	128.14.143.134 tu.66vod.net	443
192.168.122.201	49196	128.14.143.134 tu.66vod.net	443
192.168.122.201	49197	128.14.143.134 tu.66vod.net	443
192.168.122.201	49198	128.14.143.134 tu.66vod.net	443
192.168.122.201	49199	128.14.143.134 tu.66vod.net	443
192.168.122.201	49200	128.14.143.134 tu.66vod.net	443
192.168.122.201	49201	128.14.143.134 tu.66vod.net	443
192.168.122.201	49175	203.119.129.115 z1.cnzz.com	80
192.168.122.201	49203	203.119.129.115 z1.cnzz.com	80
192.168.122.201	49178	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.201	49181	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.201	49159	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49160	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49161	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49162	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49163	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49164	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49166	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49167	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49176	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49177	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49179	36.97.143.45 www.6vhao.tv	80
192.168.122.201	49204	36.97.143.45 www.6vhao.tv	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52453	192.168.122.1	53
192.168.122.201	53863	192.168.122.1	53
192.168.122.201	53932	192.168.122.1	53
192.168.122.201	57570	192.168.122.1	53
192.168.122.201	58181	192.168.122.1	53
192.168.122.201	58463	192.168.122.1	53
192.168.122.201	60192	192.168.122.1	53
192.168.122.201	61698	192.168.122.1	53
192.168.122.201	62233	192.168.122.1	53
192.168.122.201	65422	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.6vhao.tv/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/js/function.js	GET /js/function.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/js/acmsd/w2.js	GET /d/js/acmsd/w2.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3003.js	GET /d/3003.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/js/common.js	GET /js/common.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3002.js	GET /d/3002.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/js/acmsd/w3.js	GET /d/js/acmsd/w3.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3001.js	GET /d/3001.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/style.css	GET /template/default1/images/style.css HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/pic/logo.png	GET /pic/logo.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/inc/timingacquisition.asp	GET /inc/timingacquisition.asp HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://s95.cnzz.com/z_stat.php?id=1274657986	GET /z_stat.php?id=1274657986 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s95.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://img.chenzhanjun007.cn/Images/20181019100822.gif	GET /Images/20181019100822.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.chenzhanjun007.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1274657986&t=z	GET /core.php?web_id=1274657986&t=z HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: c.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://z1.cnzz.com/stat.htm?id=1274657986&r=&lg=zh-cn&ntime=none&cnzz_eid=1553220269-1547444832-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c&h=1&rnd=570955957	GET /stat.htm?id=1274657986&r=&lg=zh-cn&ntime=none&cnzz_eid=1553220269-1547444832-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c&h=1&rnd=570955957 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: z1.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://6vvnet.kkcaicai.com:8080/960x90.js	GET /960x90.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 6vvnet.kkcaicai.com:8080 Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/menu_libg.gif	GET /template/default1/images/menu_libg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/menbg.gif	GET /template/default1/images/menbg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/hitbg.gif	GET /template/default1/images/hitbg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/h3.png	GET /template/default1/images/h3.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://www.6vhao.tv/d/tj.js	GET /d/tj.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/list_ico.png	GET /template/default1/images/list_ico.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://gg.kkcaicai.com:8080/960-90-1.gif	GET /960-90-1.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: gg.kkcaicai.com:8080 Connection: Keep-Alive
URL专业沙箱检测 -> http://s95.cnzz.com/z_stat.php?id=1260799993&web_id=1260799993	GET /z_stat.php?id=1260799993&web_id=1260799993 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s95.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1260799993&t=z	GET /core.php?web_id=1260799993&t=z HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: c.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://z4.cnzz.com/stat.htm?id=1260799993&r=&lg=zh-cn&ntime=none&cnzz_eid=124183791-1547447056-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c&h=1&rnd=382366423	GET /stat.htm?id=1260799993&r=&lg=zh-cn&ntime=none&cnzz_eid=124183791-1547447056-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c&h=1&rnd=382366423 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: z4.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b06879f97c-064d06b60d72cb8-26596859-75300-1684b0687ae124c; CNZZDATA1274657986=1553220269-1547444832-%7C1547444832; adClass0803=1; CNZZDATA1260799993=124183791-1547447056-%7C1547447056

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-01-14 14:24:28.460333+0800	192.168.122.201	49169	112.74.43.220	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=e.goodgz.cn	a8:c4:e0:23:1d:b6:da:d1:78:46:ce:53:50:14:67:4a:6f:a2:0a:ad
2019-01-14 14:24:35.767107+0800	192.168.122.201	49172	122.225.34.185	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=img.chenzhanjun007.cn	3b:b9:d9:3c:bb:c1:20:6f:9d:6b:e5:ad:be:73:3b:12:88:b0:0d:3d
2019-01-14 14:24:35.767966+0800	192.168.122.201	49171	122.225.34.185	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=img.chenzhanjun007.cn	3b:b9:d9:3c:bb:c1:20:6f:9d:6b:e5:ad:be:73:3b:12:88:b0:0d:3d
2019-01-14 14:24:41.893490+0800	192.168.122.201	49184	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:41.868997+0800	192.168.122.201	49187	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:41.855879+0800	192.168.122.201	49182	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:41.873870+0800	192.168.122.201	49186	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:41.860268+0800	192.168.122.201	49185	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:43.042989+0800	192.168.122.201	49193	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:42.983991+0800	192.168.122.201	49191	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:41.895570+0800	192.168.122.201	49183	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:43.037874+0800	192.168.122.201	49194	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:43.031565+0800	192.168.122.201	49192	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:43.074144+0800	192.168.122.201	49195	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:43.079122+0800	192.168.122.201	49196	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:44.205760+0800	192.168.122.201	49200	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:44.165822+0800	192.168.122.201	49197	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:44.170744+0800	192.168.122.201	49199	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:44.209007+0800	192.168.122.201	49201	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:44.328579+0800	192.168.122.201	49198	128.14.143.134	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 38.978 seconds )

22.093 NetworkAnalysis
15.54 Suricata
1.166 Static
0.173 AnalysisInfo
0.003 BehaviorAnalysis
0.003 Memory

Signatures ( 3.249 seconds )

2.795 md_url_bl
0.313 md_bad_drop
0.035 md_domain_bl
0.017 antiav_detectreg
0.008 anomaly_persistence_autorun
0.008 infostealer_ftp
0.007 antiav_detectfile
0.007 geodo_banking_trojan
0.006 ransomware_files
0.005 infostealer_bitcoin
0.005 infostealer_im
0.005 ransomware_extensions
0.004 network_torgateway
0.003 tinba_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 rat_nanocore
0.002 cerber_behavior
0.002 bot_drive
0.002 browser_security
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 stealth_modify_uac_prompt
0.001 whois_create

Reporting ( 0.9 seconds )

0.9 ReportHTMLSummary


Task ID	229772
Mongo ID	5c3c2b712f8f2e741aba3a47
Cuckoo release	1.4-Maldun