魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| URL | 2018-09-15 19:38:52 | 2018-09-15 19:41:25 | 153 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-2 | win7-sp1-x64-shaapp01-2 | KVM | 2018-09-15 19:38:52 | 2018-09-15 19:41:24 |
| 魔盾分数 |
|---|
1.2正常的 |
URL信息
| URL | http://www.bandaoyy.com/dianying/ |
|---|---|
| VirusTotal | VirusTotal无域名信息 |
特征
魔盾wping.org 域名信誉系统
Greylist: www.bestore.cc
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 107.150.10.233 | United States |
| 否 | 114.80.174.21 | China |
| 否 | 115.238.244.82 | China |
| 否 | 117.18.237.29 | Asia/Pacific Region |
| 否 | 183.131.110.74 | China |
| 否 | 220.181.7.190 | China |
| 否 | 43.241.48.155 | China |
| 否 | 58.218.215.144 | China |
| 否 | 58.222.18.2 | China |
域名解析
| 域名 | 响应 |
|---|---|
| www.bandaoyy.com |
A 107.150.10.226
A 107.150.10.233 |
| www.bestore.cc | A 43.241.48.155 |
| cacaca.0571yy.com | A 115.238.244.82 |
| hm.baidu.com |
CNAME hm.e.shifen.com
A 220.181.7.190 |
| img1.doubanio.com |
A 183.134.101.248
A 183.134.101.250 A 58.222.18.2 A 183.131.24.55 CNAME img1-doubanio-com.b0.aicdn.com CNAME vm.ctn.aicdn.com A 58.222.18.27 |
| img3.doubanio.com |
CNAME img3.doubanio.com.w.alikunlun.com
A 101.226.181.248 A 101.226.181.249 A 114.80.174.21 A 101.226.181.251 A 101.226.181.250 A 101.226.181.253 A 101.226.181.252 A 114.80.174.117 A 101.226.181.254 |
| p2.qhimg.com |
A 183.131.110.85
A 183.131.110.86 A 183.131.110.74 A 183.131.110.80 CNAME upichq.v.qingcdn.com A 183.131.110.81 CNAME p2.qhimg.com.qingcdn.com A 183.131.110.82 A 183.131.110.83 A 183.131.110.71 A 183.131.110.73 A 183.131.110.84 |
| ocsp.globalsign.com |
A 58.218.215.144
CNAME global.prd.cdn.globalsign.com CNAME globalsign.com.w.kunlunar.com |
| cdp1.public-trust.com |
CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
| ocsp.digicert.com |
TCP连接
| IP地址 | 端口 |
|---|---|
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 107.150.10.233 | 80 |
| 114.80.174.21 | 80 |
| 115.238.244.82 | 80 |
| 117.18.237.29 | 80 |
| 117.18.237.29 | 80 |
| 122.228.251.33 | 80 |
| 183.131.110.74 | 80 |
| 220.181.7.190 | 443 |
| 23.46.211.136 | 80 |
| 43.241.48.155 | 80 |
| 58.218.215.144 | 80 |
| 58.222.18.2 | 80 |
| 58.222.18.2 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://www.bandaoyy.com/dianying/ | GET /dianying/ HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/css/style.css | GET /template/97zy/css/style.css HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/function.js | GET /template/97zy/js/function.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/jquery-1.4.4.min.js | GET /template/97zy/js/jquery-1.4.4.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/jquery.lazyload.js | GET /template/97zy/js/jquery.lazyload.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/html5shiv.min.js | GET /template/97zy/js/html5shiv.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/paody/ads/sydh.js | GET /template/paody/ads/sydh.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/common.js | GET /template/97zy/js/common.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/respond.min.js | GET /template/97zy/js/respond.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bestore.cc/bandaoyy.js | GET /bandaoyy.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bestore.cc Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/logo.png | GET /template/97zy/Images/logo.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/search.png | GET /template/97zy/Images/search.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/duomi-bg.png | GET /template/97zy/Images/duomi-bg.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://cacaca.0571yy.com/?id=6735 | GET /?id=6735 HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: cacaca.0571yy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/load.gif | GET /template/97zy/Images/load.gif HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/p.png | GET /template/97zy/Images/p.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.bandaoyy.com Connection: Keep-Alive |
| http://img3.doubanio.com/view/photo/s_ratio_poster/public/p2529136453.jpg | GET /view/photo/s_ratio_poster/public/p2529136453.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img3.doubanio.com Connection: Keep-Alive |
| http://img1.doubanio.com/view/photo/s_ratio_poster/public/p2529410377.jpg | GET /view/photo/s_ratio_poster/public/p2529410377.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img1.doubanio.com Connection: Keep-Alive |
| http://img1.doubanio.com/view/photo/s_ratio_poster/public/p2516612917.jpg | GET /view/photo/s_ratio_poster/public/p2516612917.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img1.doubanio.com Connection: Keep-Alive |
| http://p2.qhimg.com/d/dy_ba3121b3eeebe2abf3b675ae20872ce7.jpg | GET /d/dy_ba3121b3eeebe2abf3b675ae20872ce7.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dianying/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: p2.qhimg.com Connection: Keep-Alive |
| http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH | GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 01 Sep 2018 00:29:03 GMT If-None-Match: "1480bfa43edc451651e279ba0f6dc69348c58eec" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com |
| http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D | GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com |
| http://cdp1.public-trust.com/CRL/Omniroot2025.crl | GET /CRL/Omniroot2025.crl HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 21 Aug 2018 20:59:15 GMT If-None-Match: "2057461361" User-Agent: Microsoft-CryptoAPI/6.1 Host: cdp1.public-trust.com |
| http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
| http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172072 Connection: Keep-Alive Accept: */* If-Modified-Since: Fri, 31 Aug 2018 21:45:22 GMT If-None-Match: "5b89b6f2-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
iexplore.exe PID: 2588, 上一级进程 PID: 2356
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息