分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp02-1 2022-05-24 20:15:19 2022-05-24 20:17:25 126 秒

魔盾分数

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://qf18.cc

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
20.205.12.191 美国
220.181.33.11 未知 中国
27.155.119.140 中国
27.155.119.190 未知 中国
52.168.117.173 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
qf18.cc CNAME v8c2qwks-u.funnullv26.com
CNAME va4bd9ms.n.funnullv27.com
A 20.239.91.10
A 20.205.12.191
A 104.208.87.223
A 20.239.164.75
A 207.46.132.60
A 20.187.96.180
A 20.187.89.37
A 104.208.78.201
aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com A 175.6.91.156
A 27.155.119.152
A 27.155.119.189
A 27.155.119.187
A 27.155.119.190
A 27.155.119.148
A 175.6.91.141
CNAME gz.file.myqcloud.com
A 27.155.119.140
A 175.6.91.155
source-1310860841.cos.ap-guangzhou.myqcloud.com
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.33.11
watson.microsoft.com CNAME onedsblobprdeus16.eastus.cloudapp.azure.com
CNAME legacywatson.trafficmanager.net
A 52.168.117.173

摘要

登录查看详细行为信息

WHOIS 信息

Name: Registration Private
Country: US
State: Arizona
City: Tempe
ZIP Code: 85284
Address: DomainsByProxy.com

Orginization: Domains By Proxy, LLC
Domain Name(s):
    QF18.CC
    qf18.cc
Creation Date:
    2022-05-23 14:58:28
    2022-05-23 09:58:28
Updated Date:
    2022-05-23 14:58:29
    2022-05-23 09:58:29
Expiration Date:
    2023-05-23 14:58:28
    2023-05-23 09:58:28
Email(s):
    abuse@godaddy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    NS1.FUNNULLDNS.COM
    NS2.FUNNULLDNS.COM
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2456, 上一级进程 PID: 2216

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
20.205.12.191 美国
220.181.33.11 未知 中国
27.155.119.140 中国
27.155.119.190 未知 中国
52.168.117.173 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 20.205.12.191 qf18.cc 80
192.168.122.201 49168 220.181.33.11 hm.baidu.com 443
192.168.122.201 49161 23.62.236.178 80
192.168.122.201 49164 27.155.119.140 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49160 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49162 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49163 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49165 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49166 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49167 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 53947 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 60155 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53
192.168.122.201 63472 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
qf18.cc CNAME v8c2qwks-u.funnullv26.com
CNAME va4bd9ms.n.funnullv27.com
A 20.239.91.10
A 20.205.12.191
A 104.208.87.223
A 20.239.164.75
A 207.46.132.60
A 20.187.96.180
A 20.187.89.37
A 104.208.78.201
aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com A 175.6.91.156
A 27.155.119.152
A 27.155.119.189
A 27.155.119.187
A 27.155.119.190
A 27.155.119.148
A 175.6.91.141
CNAME gz.file.myqcloud.com
A 27.155.119.140
A 175.6.91.155
source-1310860841.cos.ap-guangzhou.myqcloud.com
hm.baidu.com CNAME hm.e.shifen.com
A 220.181.33.11
watson.microsoft.com CNAME onedsblobprdeus16.eastus.cloudapp.azure.com
CNAME legacywatson.trafficmanager.net
A 52.168.117.173

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 20.205.12.191 qf18.cc 80
192.168.122.201 49168 220.181.33.11 hm.baidu.com 443
192.168.122.201 49161 23.62.236.178 80
192.168.122.201 49164 27.155.119.140 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49160 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49162 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49163 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49165 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49166 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443
192.168.122.201 49167 27.155.119.190 aq123478915-2-1306271951.cos.ap-guangzhou.myqcloud.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 53947 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 60155 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53
192.168.122.201 63472 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://qf18.cc/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qf18.cc
Connection: Keep-Alive

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-05-24 20:15:40.809365+0800 192.168.122.201 49160 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.463699+0800 192.168.122.201 49162 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.466944+0800 192.168.122.201 49163 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.496913+0800 192.168.122.201 49164 27.155.119.140 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.506246+0800 192.168.122.201 49166 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.494008+0800 192.168.122.201 49167 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:41.504076+0800 192.168.122.201 49165 27.155.119.190 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.cos.ap-guangzhou.myqcloud.com 22:0d:bc:69:ff:b4:e9:db:a2:53:e6:90:89:62:00:e4:8f:05:0d:e2
2022-05-24 20:15:42.259944+0800 192.168.122.201 49168 220.181.33.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fb:4b:a4:66:e6:0f:38:bb:d2:9d:92:e7:fc:53:5e:31:c5:cd:ef:0c

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 31.423 seconds )

  • 17.761 NetworkAnalysis
  • 11.377 Suricata
  • 2.265 Static
  • 0.014 AnalysisInfo
  • 0.004 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 0.0 seconds )

Reporting ( 0.0 seconds )

Task ID 692039
Mongo ID 628ccd01dc327b07f30dab31
Cuckoo release 1.4-Maldun