恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-3	2019-01-14 14:20:56	2019-01-14 14:24:58	242 秒

魔盾分数

2.725

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://www.6vhao.tv

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	112.74.43.220	未知	中国
否	114.80.187.105	未知	中国
否	114.80.187.106	中国
否	122.225.34.185	未知	中国
否	128.1.90.94	美国
否	203.119.129.115	中国
否	218.90.204.29	未知	中国
否	36.97.143.45	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.6vhao.tv	A 36.97.143.45 CNAME a2b3.cm.china-cache.net CNAME 6vhao.tv.cn.xatyds.com
e.goodgz.cn	未知	A 112.74.43.220
s95.cnzz.com	CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com A 114.80.187.106 A 114.80.187.105
img.chenzhanjun007.cn	未知	A 122.225.34.185 CNAME img.chenzhanjun007.cn.w.kunlungr.com
z1.cnzz.com	CNAME z.cnzz.com A 203.119.129.115 CNAME z.gds.cnzz.com
c.cnzz.com
6vvnet.kkcaicai.com	A 218.90.204.29
gg.kkcaicai.com
tu.66vod.net	A 128.1.90.94 A 128.14.143.134
z4.cnzz.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Registration Private
Country: US
State: Arizona
City: Scottsdale
ZIP Code: 85260
Address: DomainsByProxy.com

Orginization: Domains By Proxy, LLC
Domain Name(s):
    6VHAO.TV
    6vhao.tv
Creation Date:
    2015-10-27 14:57:56
    2015-10-27 09:57:56
Updated Date:
    2018-12-20 06:13:49
    2017-01-03 06:05:06
Expiration Date:
    2019-10-27 14:57:56
    2019-10-27 09:57:56
Email(s):
    abuse@godaddy.com
    6vhao.tv@domainsbyproxy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    V1.DNS.COM
    V2.DNS.COM
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2892

搜索
iexplore.exe (2892)

iexplore.exe, PID: 2892, 上一级进程 PID: 2312

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	112.74.43.220	未知	中国
否	114.80.187.105	未知	中国
否	114.80.187.106	中国
否	122.225.34.185	未知	中国
否	128.1.90.94	美国
否	203.119.129.115	中国
否	218.90.204.29	未知	中国
否	36.97.143.45	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.203	49168	112.74.43.220 e.goodgz.cn	443
192.168.122.203	49170	114.80.187.105 s95.cnzz.com	80
192.168.122.203	49174	114.80.187.106 s95.cnzz.com	80
192.168.122.203	49171	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.203	49172	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.203	49173	122.225.34.185 img.chenzhanjun007.cn	80
192.168.122.203	49181	128.1.90.94 tu.66vod.net	443
192.168.122.203	49182	128.1.90.94 tu.66vod.net	443
192.168.122.203	49183	128.1.90.94 tu.66vod.net	443
192.168.122.203	49184	128.1.90.94 tu.66vod.net	443
192.168.122.203	49185	128.1.90.94 tu.66vod.net	443
192.168.122.203	49186	128.1.90.94 tu.66vod.net	443
192.168.122.203	49187	128.1.90.94 tu.66vod.net	443
192.168.122.203	49188	128.1.90.94 tu.66vod.net	443
192.168.122.203	49189	128.1.90.94 tu.66vod.net	443
192.168.122.203	49190	128.1.90.94 tu.66vod.net	443
192.168.122.203	49191	128.1.90.94 tu.66vod.net	443
192.168.122.203	49192	128.1.90.94 tu.66vod.net	443
192.168.122.203	49194	128.1.90.94 tu.66vod.net	443
192.168.122.203	49195	128.1.90.94 tu.66vod.net	443
192.168.122.203	49196	128.1.90.94 tu.66vod.net	443
192.168.122.203	49197	128.1.90.94 tu.66vod.net	443
192.168.122.203	49198	128.1.90.94 tu.66vod.net	443
192.168.122.203	49199	128.1.90.94 tu.66vod.net	443
192.168.122.203	49200	128.1.90.94 tu.66vod.net	443
192.168.122.203	49201	128.1.90.94 tu.66vod.net	443
192.168.122.203	49175	203.119.129.115 z1.cnzz.com	80
192.168.122.203	49202	203.119.129.115 z1.cnzz.com	80
192.168.122.203	49179	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.203	49180	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.203	49159	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49160	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49161	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49162	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49163	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49164	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49166	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49167	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49176	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49177	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49178	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49203	36.97.143.45 www.6vhao.tv	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.203	49879	192.168.122.1	53
192.168.122.203	55273	192.168.122.1	53
192.168.122.203	55732	192.168.122.1	53
192.168.122.203	56514	192.168.122.1	53
192.168.122.203	56914	192.168.122.1	53
192.168.122.203	58327	192.168.122.1	53
192.168.122.203	58967	192.168.122.1	53
192.168.122.203	59558	192.168.122.1	53
192.168.122.203	61414	192.168.122.1	53
192.168.122.203	64044	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.6vhao.tv	A 36.97.143.45 CNAME a2b3.cm.china-cache.net CNAME 6vhao.tv.cn.xatyds.com
e.goodgz.cn	未知	A 112.74.43.220
s95.cnzz.com	CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com A 114.80.187.106 A 114.80.187.105
img.chenzhanjun007.cn	未知	A 122.225.34.185 CNAME img.chenzhanjun007.cn.w.kunlungr.com
z1.cnzz.com	CNAME z.cnzz.com A 203.119.129.115 CNAME z.gds.cnzz.com
c.cnzz.com
6vvnet.kkcaicai.com	A 218.90.204.29
gg.kkcaicai.com
tu.66vod.net	A 128.1.90.94 A 128.14.143.134
z4.cnzz.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.203	49168	112.74.43.220 e.goodgz.cn	443
192.168.122.203	49170	114.80.187.105 s95.cnzz.com	80
192.168.122.203	49174	114.80.187.106 s95.cnzz.com	80
192.168.122.203	49171	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.203	49172	122.225.34.185 img.chenzhanjun007.cn	443
192.168.122.203	49173	122.225.34.185 img.chenzhanjun007.cn	80
192.168.122.203	49181	128.1.90.94 tu.66vod.net	443
192.168.122.203	49182	128.1.90.94 tu.66vod.net	443
192.168.122.203	49183	128.1.90.94 tu.66vod.net	443
192.168.122.203	49184	128.1.90.94 tu.66vod.net	443
192.168.122.203	49185	128.1.90.94 tu.66vod.net	443
192.168.122.203	49186	128.1.90.94 tu.66vod.net	443
192.168.122.203	49187	128.1.90.94 tu.66vod.net	443
192.168.122.203	49188	128.1.90.94 tu.66vod.net	443
192.168.122.203	49189	128.1.90.94 tu.66vod.net	443
192.168.122.203	49190	128.1.90.94 tu.66vod.net	443
192.168.122.203	49191	128.1.90.94 tu.66vod.net	443
192.168.122.203	49192	128.1.90.94 tu.66vod.net	443
192.168.122.203	49194	128.1.90.94 tu.66vod.net	443
192.168.122.203	49195	128.1.90.94 tu.66vod.net	443
192.168.122.203	49196	128.1.90.94 tu.66vod.net	443
192.168.122.203	49197	128.1.90.94 tu.66vod.net	443
192.168.122.203	49198	128.1.90.94 tu.66vod.net	443
192.168.122.203	49199	128.1.90.94 tu.66vod.net	443
192.168.122.203	49200	128.1.90.94 tu.66vod.net	443
192.168.122.203	49201	128.1.90.94 tu.66vod.net	443
192.168.122.203	49175	203.119.129.115 z1.cnzz.com	80
192.168.122.203	49202	203.119.129.115 z1.cnzz.com	80
192.168.122.203	49179	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.203	49180	218.90.204.29 6vvnet.kkcaicai.com	8080
192.168.122.203	49159	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49160	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49161	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49162	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49163	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49164	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49166	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49167	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49176	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49177	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49178	36.97.143.45 www.6vhao.tv	80
192.168.122.203	49203	36.97.143.45 www.6vhao.tv	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.203	49879	192.168.122.1	53
192.168.122.203	55273	192.168.122.1	53
192.168.122.203	55732	192.168.122.1	53
192.168.122.203	56514	192.168.122.1	53
192.168.122.203	56914	192.168.122.1	53
192.168.122.203	58327	192.168.122.1	53
192.168.122.203	58967	192.168.122.1	53
192.168.122.203	59558	192.168.122.1	53
192.168.122.203	61414	192.168.122.1	53
192.168.122.203	64044	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.6vhao.tv/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/style.css	GET /template/default1/images/style.css HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/js/common.js	GET /js/common.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/js/acmsd/w2.js	GET /d/js/acmsd/w2.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3001.js	GET /d/3001.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3003.js	GET /d/3003.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/js/acmsd/w3.js	GET /d/js/acmsd/w3.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/d/3002.js	GET /d/3002.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/js/function.js	GET /js/function.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/inc/timingacquisition.asp	GET /inc/timingacquisition.asp HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/pic/logo.png	GET /pic/logo.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive
URL专业沙箱检测 -> http://s95.cnzz.com/z_stat.php?id=1274657986	GET /z_stat.php?id=1274657986 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s95.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://img.chenzhanjun007.cn/Images/20181128154958.gif	GET /Images/20181128154958.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.chenzhanjun007.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1274657986&t=z	GET /core.php?web_id=1274657986&t=z HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: c.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://z1.cnzz.com/stat.htm?id=1274657986&r=&lg=zh-cn&ntime=none&cnzz_eid=1850612836-1547444832-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef&h=1&rnd=70394091	GET /stat.htm?id=1274657986&r=&lg=zh-cn&ntime=none&cnzz_eid=1850612836-1547444832-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef&h=1&rnd=70394091 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: z1.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://6vvnet.kkcaicai.com:8080/960x90.js	GET /960x90.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 6vvnet.kkcaicai.com:8080 Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/menbg.gif	GET /template/default1/images/menbg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/menu_libg.gif	GET /template/default1/images/menu_libg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/hitbg.gif	GET /template/default1/images/hitbg.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/h3.png	GET /template/default1/images/h3.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://www.6vhao.tv/d/tj.js	GET /d/tj.js HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://www.6vhao.tv/template/default1/images/list_ico.png	GET /template/default1/images/list_ico.png HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832; adClass0803=1
URL专业沙箱检测 -> http://gg.kkcaicai.com:8080/960-90-1.gif	GET /960-90-1.gif HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: gg.kkcaicai.com:8080 Connection: Keep-Alive
URL专业沙箱检测 -> http://s95.cnzz.com/z_stat.php?id=1260799993&web_id=1260799993	GET /z_stat.php?id=1260799993&web_id=1260799993 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s95.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1260799993&t=z	GET /core.php?web_id=1260799993&t=z HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: c.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://z4.cnzz.com/stat.htm?id=1260799993&r=&lg=zh-cn&ntime=none&cnzz_eid=1975245012-1547447056-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef&h=1&rnd=1639940845	GET /stat.htm?id=1260799993&r=&lg=zh-cn&ntime=none&cnzz_eid=1975245012-1547447056-&showp=800x600&t=6v%E7%94%B5%E5%BD%B1%E7%BD%91%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E5%BD%B1%EF%BC%8C%E6%9C%80%E6%96%B0%E7%94%B5%E8%A7%86%E5%89%A7%EF%BC%8C%E5%85%8D%E8%B4%B9%E7%94%B5%E5%BD%B1%E4%B8%8B%E8%BD%BD%EF%BC%8C%E7%94%B5%E8%A7%86%E5%89%A7%E4%B8%8B%E8%BD%BD%EF%BC%8C%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD&umuuid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef&h=1&rnd=1639940845 HTTP/1.1 Accept: / Referer: http://www.6vhao.tv/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: z4.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.6vhao.tv/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.6vhao.tv Connection: Keep-Alive Cookie: UM_distinctid=1684b0653a4191-057a7edc45315a4-26596859-75300-1684b0653b412ef; CNZZDATA1274657986=1850612836-1547444832-%7C1547444832; adClass0803=1; CNZZDATA1260799993=1975245012-1547447056-%7C1547447056

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-01-14 14:24:02.860236+0800	192.168.122.203	49168	112.74.43.220	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=e.goodgz.cn	a8:c4:e0:23:1d:b6:da:d1:78:46:ce:53:50:14:67:4a:6f:a2:0a:ad
2019-01-14 14:24:12.033144+0800	192.168.122.203	49171	122.225.34.185	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=img.chenzhanjun007.cn	3b:b9:d9:3c:bb:c1:20:6f:9d:6b:e5:ad:be:73:3b:12:88:b0:0d:3d
2019-01-14 14:24:12.032846+0800	192.168.122.203	49172	122.225.34.185	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	CN=img.chenzhanjun007.cn	3b:b9:d9:3c:bb:c1:20:6f:9d:6b:e5:ad:be:73:3b:12:88:b0:0d:3d
2019-01-14 14:24:19.210227+0800	192.168.122.203	49184	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.199166+0800	192.168.122.203	49186	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.256424+0800	192.168.122.203	49182	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.201444+0800	192.168.122.203	49181	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.263490+0800	192.168.122.203	49185	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.252088+0800	192.168.122.203	49183	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.840239+0800	192.168.122.203	49189	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.827683+0800	192.168.122.203	49187	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.839851+0800	192.168.122.203	49188	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.932447+0800	192.168.122.203	49191	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.935489+0800	192.168.122.203	49192	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.285563+0800	192.168.122.203	49194	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:19.995097+0800	192.168.122.203	49190	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.539915+0800	192.168.122.203	49196	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.560814+0800	192.168.122.203	49199	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.517885+0800	192.168.122.203	49195	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.550440+0800	192.168.122.203	49197	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e
2019-01-14 14:24:24.529648+0800	192.168.122.203	49198	128.1.90.94	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA	OU=Domain Control Validated, OU=PositiveSSL, CN=tu.66vod.net	84:ff:30:93:95:85:0f:9e:99:ef:dd:bb:7e:96:e9:2a:e9:f6:d7:7e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 39.496 seconds )

21.835 NetworkAnalysis
15.443 Suricata
1.496 Static
0.714 AnalysisInfo
0.005 BehaviorAnalysis
0.003 Memory

Signatures ( 3.415 seconds )

2.763 md_url_bl
0.483 md_bad_drop
0.049 md_domain_bl
0.019 antiav_detectreg
0.012 anomaly_persistence_autorun
0.009 antiav_detectfile
0.008 infostealer_ftp
0.007 geodo_banking_trojan
0.006 ransomware_files
0.005 infostealer_bitcoin
0.005 infostealer_im
0.005 ransomware_extensions
0.004 tinba_behavior
0.004 network_torgateway
0.003 rat_nanocore
0.003 cerber_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.002 betabot_behavior
0.002 bot_drive
0.002 browser_security
0.001 network_tor
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 maldun_blacklist
0.001 stealth_modify_uac_prompt
0.001 whois_create

Reporting ( 1.201 seconds )

1.201 ReportHTMLSummary


Task ID	229773
Mongo ID	5c3c2b712f8f2e7419ba3cb6
Cuckoo release	1.4-Maldun