魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| URL | 2018-09-15 19:39:13 | 2018-09-15 19:41:37 | 144 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp01-4 | win7-sp1-x64-shaapp01-4 | KVM | 2018-09-15 19:39:13 | 2018-09-15 19:41:36 |
| 魔盾分数 |
|---|
0.0正常的 |
URL信息
| URL | http://www.bandaoyy.com/dongman/ |
|---|---|
| VirusTotal | VirusTotal无域名信息 |
特征
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 是 | 101.110.118.67 | China |
| 否 | 107.150.10.226 | United States |
| 否 | 114.80.174.21 | China |
| 否 | 117.18.237.29 | Asia/Pacific Region |
| 否 | 183.134.101.248 | China |
| 否 | 220.181.7.190 | China |
| 否 | 43.241.48.155 | China |
域名解析
| 域名 | 响应 |
|---|---|
| www.bandaoyy.com |
A 107.150.10.226
A 107.150.10.233 |
| www.bestore.cc | A 43.241.48.155 |
| hm.baidu.com |
CNAME hm.e.shifen.com
A 220.181.7.190 |
| img3.doubanio.com |
CNAME img3.doubanio.com.w.alikunlun.com
A 101.226.181.248 A 101.226.181.249 A 114.80.174.21 A 101.226.181.251 A 101.226.181.250 A 101.226.181.253 A 101.226.181.252 A 114.80.174.117 A 101.226.181.254 |
| img1.doubanio.com |
A 183.134.101.248
A 183.134.101.250 A 58.222.18.2 A 183.131.24.55 CNAME img1-doubanio-com.b0.aicdn.com CNAME vm.ctn.aicdn.com A 58.222.18.27 |
| ocsp.globalsign.com |
CNAME globalsign.com.cdn.dnsv1.com
A 122.228.251.33 CNAME globalsign.com.s2.cdntip.com A 122.228.251.32 CNAME global.prd.cdn.globalsign.com A 122.246.10.30 A 180.153.100.147 |
| cdp1.public-trust.com |
CNAME crl3.digicert.com
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
| ocsp.digicert.com |
TCP连接
| IP地址 | 端口 |
|---|---|
| 101.110.118.67 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 107.150.10.226 | 80 |
| 114.80.174.21 | 80 |
| 114.80.174.21 | 80 |
| 117.18.237.29 | 80 |
| 117.18.237.29 | 80 |
| 122.228.251.32 | 80 |
| 122.246.10.30 | 80 |
| 183.134.101.248 | 80 |
| 220.181.7.190 | 443 |
| 23.46.211.136 | 80 |
| 43.241.48.155 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://www.bandaoyy.com/dongman/ | GET /dongman/ HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/css/style.css | GET /template/97zy/css/style.css HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/jquery-1.4.4.min.js | GET /template/97zy/js/jquery-1.4.4.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/function.js | GET /template/97zy/js/function.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/html5shiv.min.js | GET /template/97zy/js/html5shiv.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/jquery.lazyload.js | GET /template/97zy/js/jquery.lazyload.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/paody/ads/sydh.js | GET /template/paody/ads/sydh.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/respond.min.js | GET /template/97zy/js/respond.min.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/js/common.js | GET /template/97zy/js/common.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bestore.cc/bandaoyy.js | GET /bandaoyy.js HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bestore.cc Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/search.png | GET /template/97zy/Images/search.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/logo.png | GET /template/97zy/Images/logo.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/load.gif | GET /template/97zy/Images/load.gif HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/p.png | GET /template/97zy/Images/p.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://www.bandaoyy.com/template/97zy/Images/duomi-bg.png | GET /template/97zy/Images/duomi-bg.png HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.bandaoyy.com Connection: Keep-Alive |
| http://img3.doubanio.com/view/photo/s_ratio_poster/public/p2516588813.jpg | GET /view/photo/s_ratio_poster/public/p2516588813.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img3.doubanio.com Connection: Keep-Alive |
| http://img3.doubanio.com/view/photo/s_ratio_poster/public/p1948151693.jpg | GET /view/photo/s_ratio_poster/public/p1948151693.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img3.doubanio.com Connection: Keep-Alive |
| http://img1.doubanio.com/view/photo/s_ratio_poster/public/p2524380057.jpg | GET /view/photo/s_ratio_poster/public/p2524380057.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img1.doubanio.com Connection: Keep-Alive |
| http://img3.doubanio.com/view/photo/s_ratio_poster/public/p2516725095.jpg | GET /view/photo/s_ratio_poster/public/p2516725095.jpg HTTP/1.1 Accept: */* Referer: http://www.bandaoyy.com/dongman/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img3.doubanio.com Connection: Keep-Alive |
| http://www.bandaoyy.com/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.bandaoyy.com Connection: Keep-Alive |
| http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH | GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 01 Sep 2018 00:29:03 GMT If-None-Match: "1480bfa43edc451651e279ba0f6dc69348c58eec" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com |
| http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D | GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHFB6lHS315kGvj29g%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com |
| http://cdp1.public-trust.com/CRL/Omniroot2025.crl | GET /CRL/Omniroot2025.crl HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 21 Aug 2018 20:59:15 GMT If-None-Match: "2057461361" User-Agent: Microsoft-CryptoAPI/6.1 Host: cdp1.public-trust.com |
| http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
| http://101.110.118.67/crl.microsoft.com/pki/crl/products/tspca.crl | GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.110.118.67 |
| http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172072 Connection: Keep-Alive Accept: */* If-Modified-Since: Fri, 31 Aug 2018 21:45:22 GMT If-None-Match: "5b89b6f2-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
iexplore.exe PID: 2708, 上一级进程 PID: 2420
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息