分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-shaapp02-1 | 2022-05-24 20:15:19 | 2022-05-24 20:17:25 | 126 秒 |
URL |
---|
URL专业沙箱检测 -> http://qf18.cc |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 20.205.12.191 | 美国 | |
否 | 220.181.33.11 | 未知 | 中国 |
否 | 27.155.119.140 | 中国 | |
否 | 27.155.119.190 | 未知 | 中国 |
否 | 52.168.117.173 | 美国 |
Name: Registration Private Country: US State: Arizona City: Tempe ZIP Code: 85284 Address: DomainsByProxy.com Orginization: Domains By Proxy, LLC Domain Name(s): QF18.CC qf18.cc Creation Date: 2022-05-23 14:58:28 2022-05-23 09:58:28 Updated Date: 2022-05-23 14:58:29 2022-05-23 09:58:29 Expiration Date: 2023-05-23 14:58:28 2023-05-23 09:58:28 Email(s): abuse@godaddy.com Registrar(s): GoDaddy.com, LLC Name Server(s): NS1.FUNNULLDNS.COM NS2.FUNNULLDNS.COM Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 20.205.12.191 | 美国 | |
否 | 220.181.33.11 | 未知 | 中国 |
否 | 27.155.119.140 | 中国 | |
否 | 27.155.119.190 | 未知 | 中国 |
否 | 52.168.117.173 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 20.205.12.191 qf18.cc | 80 |
192.168.122.201 | 49168 | 220.181.33.11 hm.baidu.com | 443 |
192.168.122.201 | 49161 | 23.62.236.178 | 80 |
192.168.122.201 | 49164 | 27.155.119.140 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49160 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49162 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49163 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49165 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49166 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49167 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 20.205.12.191 qf18.cc | 80 |
192.168.122.201 | 49168 | 220.181.33.11 hm.baidu.com | 443 |
192.168.122.201 | 49161 | 23.62.236.178 | 80 |
192.168.122.201 | 49164 | 27.155.119.140 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49160 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49162 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49163 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49165 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49166 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
192.168.122.201 | 49167 | 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://qf18.cc/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: qf18.cc Connection: Keep-Alive |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-05-24 20:15:40.809365+0800 | 192.168.122.201 | 49160 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.463699+0800 | 192.168.122.201 | 49162 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.466944+0800 | 192.168.122.201 | 49163 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.496913+0800 | 192.168.122.201 | 49164 | 27.155.119.140 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.506246+0800 | 192.168.122.201 | 49166 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.494008+0800 | 192.168.122.201 | 49167 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:41.504076+0800 | 192.168.122.201 | 49165 | 27.155.119.190 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com | 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2 |
2022-05-24 20:15:42.259944+0800 | 192.168.122.201 | 49168 | 220.181.33.11 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | fb:4b:a4:66:e6:0f:38:bb:d2:9d:92:e7:fc:53:5e:31:c5:cd:ef:0c |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 692039 |
---|---|
Mongo ID | 628ccd01dc327b07f30dab31 |
Cuckoo release | 1.4-Maldun |