魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
URL	2020-01-16 17:52:34	2020-01-16 17:54:45	131 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-hpdapp01-1	win7-sp1-x64-hpdapp01-1	KVM	2020-01-16 17:52:34	2020-01-16 17:54:46

魔盾分数
0.325 正常的

URL	http://173.208.243.3
VirusTotal	VirusTotal无域名信息

网络分析

域名解析

域名	响应
go.microsoft.com	CNAME go.microsoft.com.edgekey.net CNAME e11290.dspg.akamaiedge.net A 184.84.5.99
www.iis.net	A 40.118.185.161 CNAME iis-umbraco.azurewebsites.net CNAME waws-prod-bay-029.sip.azurewebsites.windows.net
www-iis.azureedge.net	CNAME cs9.wpc.v0cdn.net CNAME www-iis.ec.azureedge.net A 117.18.232.200
www.google-analytics.com	A 203.208.50.66 A 203.208.50.73 A 203.208.50.78 A 203.208.50.65 A 203.208.50.72 A 203.208.50.71 A 203.208.50.70 A 203.208.50.68 A 203.208.50.67 A 203.208.50.69 CNAME www-google-analytics.l.google.com A 203.208.50.64

TCP连接

IP地址	端口
117.18.232.200	443
117.18.232.200	443
117.18.232.200	443
173.208.243.3	80
184.84.5.99	80
203.208.50.66	443
40.118.185.161	443
40.118.185.161	443

UDP连接

IP地址	端口
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://173.208.243.3/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 173.208.243.3 Connection: Keep-Alive
http://173.208.243.3/welcome.png	GET /welcome.png HTTP/1.1 Accept: / Referer: http://173.208.243.3/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 173.208.243.3 Connection: Keep-Alive
http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409	GET /fwlink/?linkid=66138&clcid=0x409 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: http://173.208.243.3/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: go.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

URL

HTTP数据

http://173.208.243.3/

GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 173.208.243.3
Connection: Keep-Alive

http://173.208.243.3/welcome.png

GET /welcome.png HTTP/1.1
Accept: */*
Referer: http://173.208.243.3/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 173.208.243.3
Connection: Keep-Alive

http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409

GET /fwlink/?linkid=66138&clcid=0x409 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://173.208.243.3/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: go.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

魔盾安全分析报告

0.325

正常的

URL信息

特征

运行截图

网络分析

域名解析

TCP连接

UDP连接

HTTP请求

投放文件

行为分析

进程

iexplore.exe PID: 2632, 上一级进程 PID: 2336