分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-shaapp03-1 | 2022-06-30 11:01:33 | 2022-06-30 11:03:42 | 129 秒 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 114.80.179.251 | 中国 | |
否 | 114.80.179.252 | 中国 | |
否 | 117.25.133.185 | 中国 | |
否 | 140.205.135.3 | 中国 | |
否 | 140.249.240.186 | 中国 | |
否 | 150.138.252.252 | 中国 | |
否 | 150.139.241.251 | 中国 | |
否 | 20.189.173.20 | 美国 | |
否 | 203.119.211.244 | 中国 | |
否 | 47.99.58.69 | 中国 |
Name: None Country: None State: None City: None ZIP Code: None Address: None Orginization: None Domain Name(s): fengdefeng.cn Creation Date: None Updated Date: None Expiration Date: None Email(s): 1324294463@qq.com Registrar(s): 广西北部湾在线投资控股有限公司 Name Server(s): jm1.dns.com jm2.dns.com Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 114.80.179.251 | 中国 | |
否 | 114.80.179.252 | 中国 | |
否 | 117.25.133.185 | 中国 | |
否 | 140.205.135.3 | 中国 | |
否 | 140.249.240.186 | 中国 | |
否 | 150.138.252.252 | 中国 | |
否 | 150.139.241.251 | 中国 | |
否 | 20.189.173.20 | 美国 | |
否 | 203.119.211.244 | 中国 | |
否 | 47.99.58.69 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 50586 | 104.100.95.27 | 80 |
192.168.122.201 | 50601 | 114.80.179.251 cloud-assets.alicdn.com | 443 |
192.168.122.201 | 50598 | 114.80.179.252 cloud-assets.alicdn.com | 443 |
192.168.122.201 | 50585 | 117.25.133.185 downloads.fengdefeng.cn | 80 |
192.168.122.201 | 50587 | 140.205.135.3 batit.aliyun.com | 80 |
192.168.122.201 | 50600 | 140.249.240.186 img.alicdn.com | 443 |
192.168.122.201 | 50589 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50590 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50591 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50592 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50593 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50594 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50597 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50595 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50596 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50599 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 50588 | 203.119.211.244 www.aliyun.com | 443 |
192.168.122.201 | 50602 | 47.99.58.69 arms-retcode.aliyuncs.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 54135 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 50586 | 104.100.95.27 | 80 |
192.168.122.201 | 50601 | 114.80.179.251 cloud-assets.alicdn.com | 443 |
192.168.122.201 | 50598 | 114.80.179.252 cloud-assets.alicdn.com | 443 |
192.168.122.201 | 50585 | 117.25.133.185 downloads.fengdefeng.cn | 80 |
192.168.122.201 | 50587 | 140.205.135.3 batit.aliyun.com | 80 |
192.168.122.201 | 50600 | 140.249.240.186 img.alicdn.com | 443 |
192.168.122.201 | 50589 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50590 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50591 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50592 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50593 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50594 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50597 | 150.138.252.252 g.alicdn.com | 443 |
192.168.122.201 | 50595 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50596 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50599 | 150.139.241.251 at.alicdn.com | 443 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 50588 | 203.119.211.244 www.aliyun.com | 443 |
192.168.122.201 | 50602 | 47.99.58.69 arms-retcode.aliyuncs.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 54135 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe | GET /AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: downloads.fengdefeng.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://batit.aliyun.com/alww.html?id=2916309547 | GET /alww.html?id=2916309547 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: batit.aliyun.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-06-30 11:01:58.689132+0800 | 192.168.122.201 | 50591 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.642332+0800 | 192.168.122.201 | 50589 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.670378+0800 | 192.168.122.201 | 50594 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.658391+0800 | 192.168.122.201 | 50592 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.660138+0800 | 192.168.122.201 | 50593 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:57.951668+0800 | 192.168.122.201 | 50588 | 203.119.211.244 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com | 20:85:4d:49:f7:f3:60:3e:c8:1f:15:a6:ed:3f:e1:5e:8e:b1:b3:b4 |
2022-06-30 11:01:58.675084+0800 | 192.168.122.201 | 50595 | 150.139.241.251 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.641200+0800 | 192.168.122.201 | 50590 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.683766+0800 | 192.168.122.201 | 50596 | 150.139.241.251 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.859084+0800 | 192.168.122.201 | 50597 | 150.138.252.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:58.951669+0800 | 192.168.122.201 | 50598 | 114.80.179.252 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:59.031372+0800 | 192.168.122.201 | 50599 | 150.139.241.251 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:59.199973+0800 | 192.168.122.201 | 50600 | 140.249.240.186 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:59.191866+0800 | 192.168.122.201 | 50601 | 114.80.179.251 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7 |
2022-06-30 11:01:59.723580+0800 | 192.168.122.201 | 50602 | 47.99.58.69 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.arms.aliyuncs.com | 15:7c:82:46:9d:b7:ab:fb:c4:38:3d:4f:07:ad:b9:a6:0b:ea:d8:1c |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 697390 |
---|---|
Mongo ID | 62bd12d67e769a1eefef504e |
Cuckoo release | 1.4-Maldun |