魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| URL | 2020-04-08 12:52:22 | 2020-04-08 12:54:24 | 122 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-1 | win7-sp1-x64-shaapp01-1 | KVM | 2020-04-08 12:52:22 | 2020-04-08 12:54:25 |
| 魔盾分数 |
|---|
0.325正常的 |
URL信息
| URL | http://202.108.22.5/ |
|---|---|
| VirusTotal | VirusTotal查询失败 |
特征
魔盾wping.org 域名信誉系统
Greylist: s1.bdstatic.com
运行截图
网络分析
域名解析
| 域名 | 响应 |
|---|---|
| ss.bdimg.com |
CNAME superpagev4.jomodns.com
A 180.163.198.49 |
| www.baidu.com |
CNAME www.a.shifen.com
A 180.101.49.11 A 180.101.49.12 |
| s1.bdstatic.com |
A 180.163.198.40
CNAME wwwbaidu.jomodns.com |
| ss1.bdstatic.com |
A 180.163.198.32
CNAME sslbdstatic.jomodns.com |
| m.baidu.com |
CNAME wap.n.shifen.com
A 180.101.49.19 A 180.101.49.20 |
| dj1.baidu.com |
A 180.101.212.39
CNAME static.n.shifen.com |
| nsclick.baidu.com | |
| eclick.baidu.com |
A 220.181.107.131
CNAME eclick.e.shifen.com |
TCP连接
| IP地址 | 端口 |
|---|---|
| 180.101.212.39 | 80 |
| 180.101.212.39 | 80 |
| 180.101.49.11 | 80 |
| 180.101.49.11 | 80 |
| 180.101.49.11 | 80 |
| 180.101.49.20 | 80 |
| 180.163.198.32 | 443 |
| 180.163.198.40 | 80 |
| 180.163.198.40 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 180.163.198.49 | 80 |
| 202.108.22.5 | 80 |
| 202.108.22.5 | 80 |
| 202.108.22.5 | 80 |
| 220.181.107.131 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://202.108.22.5/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 202.108.22.5 Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/font/iconfont-a37745d6f3.eot? | GET /static/superman/font/iconfont-a37745d6f3.eot? HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/js/sbase-0948aa26f1.js | GET /static/superman/js/sbase-0948aa26f1.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/js/lib/jquery-1-edb203c114.10.2.js | GET /static/superman/js/lib/jquery-1-edb203c114.10.2.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://www.baidu.com/img/baidu_jgylogo3.gif | GET /img/baidu_jgylogo3.gif HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.baidu.com Connection: Keep-Alive |
| http://www.baidu.com/img/dong_d7ee3105570f1673ecf33f5bf2f58c35.gif | GET /img/dong_d7ee3105570f1673ecf33f5bf2f58c35.gif HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.baidu.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/img/icons-441e82fb11.png | GET /static/superman/img/icons-441e82fb11.png HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/img/qrcode/zbios_old-09b6296ee6.png | GET /static/superman/img/qrcode/zbios_old-09b6296ee6.png HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/js/polyfill-ie8-30f98ab294.js | GET /static/superman/js/polyfill-ie8-30f98ab294.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://www.baidu.com/img/baidu_resultlogo@2.png | GET /img/baidu_resultlogo@2.png HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.baidu.com Connection: Keep-Alive |
| http://s1.bdstatic.com/r/www/cache/static/global/js/all_async_search_f2dbc0a.js | GET /r/www/cache/static/global/js/all_async_search_f2dbc0a.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s1.bdstatic.com Connection: Keep-Alive |
| http://s1.bdstatic.com/r/www/cache/static/plugins/every_cookie_4644b13.js | GET /r/www/cache/static/plugins/every_cookie_4644b13.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s1.bdstatic.com Connection: Keep-Alive |
| http://s1.bdstatic.com/r/www/cache/static/home/js/nu_instant_search_efc6d98.js | GET /r/www/cache/static/home/js/nu_instant_search_efc6d98.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s1.bdstatic.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superman/js/min_super-42c1ac872c.js | GET /static/superman/js/min_super-42c1ac872c.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://m.baidu.com/se/static/font/cicon.eot?t=1561460962188 | GET /se/static/font/cicon.eot?t=1561460962188 HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: m.baidu.com Connection: Keep-Alive Cookie: BAIDUID=C9870E027EF6194B0501003DA5640C4C:FG=1 |
| http://s1.bdstatic.com/r/www/cache/static/amd_modules/@baidu/search-sug_913fe0a.js | GET /r/www/cache/static/amd_modules/@baidu/search-sug_913fe0a.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s1.bdstatic.com Connection: Keep-Alive |
| http://s1.bdstatic.com/r/www/cache/static/plugins/hotWord_cc828cc.js | GET /r/www/cache/static/plugins/hotWord_cc828cc.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s1.bdstatic.com Connection: Keep-Alive |
| http://dj1.baidu.com/v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=3981030954&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=3981031151&sid=30975_1421_31123_21084_31186_30824_26350_31163&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.9670807750563213 | GET /v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=3981030954&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=3981031151&sid=30975_1421_31123_21084_31186_30824_26350_31163&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.9670807750563213 HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: dj1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=C9870E027EF6194B0501003DA5640C4C:FG=1 |
| http://nsclick.baidu.com/v.gif?pid=201&pj=www&fm=behs&qid=&tab=indexHot&path=http%3A%2F%2F202.108.22.5%2F&wd=&rsv_sid=30975_1421_31123_21084_31186_30824_26350_31163&rsv_did=a34cd11fe12ab6f794d32fd80280813e&t=1586321549470 | GET /v.gif?pid=201&pj=www&fm=behs&qid=&tab=indexHot&path=http%3A%2F%2F202.108.22.5%2F&wd=&rsv_sid=30975_1421_31123_21084_31186_30824_26350_31163&rsv_did=a34cd11fe12ab6f794d32fd80280813e&t=1586321549470 HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: nsclick.baidu.com Connection: Keep-Alive Cookie: BAIDUID=C9870E027EF6194B0501003DA5640C4C:FG=1 |
| http://ss.bdimg.com/static/superman/js/super_load-7ff1c70fa7.js | GET /static/superman/js/super_load-7ff1c70fa7.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://www.baidu.com/cache/fpid/lib_1_0.js?_=1586321548971 | GET /cache/fpid/lib_1_0.js?_=1586321548971 HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=C9870E027EF6194B0501003DA5640C4C:FG=1 |
| http://ss.bdimg.com/static/superman/css/nsguide-a66438b784.css | GET /static/superman/css/nsguide-a66438b784.css HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://202.108.22.5/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 202.108.22.5 Connection: Keep-Alive Cookie: BD_HOME=1; BD_UPN=1123314351 |
| http://202.108.22.5/content-search.xml | GET /content-search.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 202.108.22.5 Connection: Keep-Alive Cookie: BD_UPN=1123314351 |
| http://ss.bdimg.com/static/superman/css/super_ext-76fd36cbf7.css | GET /static/superman/css/super_ext-76fd36cbf7.css HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superui/js/ubase_5a7b0933.js | GET /static/superui/js/ubase_5a7b0933.js HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://ss.bdimg.com/static/superui/css/ubase_9376fdcf.css | GET /static/superui/css/ubase_9376fdcf.css HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ss.bdimg.com Connection: Keep-Alive |
| http://eclick.baidu.com/ps_fp.htm?pid=superman&fp=A60275B9B21A14EFB83B072CF75EAFD8&im=0&wf=0&br=1&qid=3981031151&bi=null | GET /ps_fp.htm?pid=superman&fp=A60275B9B21A14EFB83B072CF75EAFD8&im=0&wf=0&br=1&qid=3981031151&bi=null HTTP/1.1 Accept: */* Referer: http://202.108.22.5/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: eclick.baidu.com Connection: Keep-Alive Cookie: BAIDUID=C9870E027EF6194B0501003DA5640C4C:FG=1 |
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息