恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp03-1	2022-08-31 20:40:22	2022-08-31 20:45:29	307 秒

魔盾分数

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://scriptcc.cc

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.208.16.93	美国
否	124.239.227.219	中国
否	143.204.130.225	美国
否	144.202.119.80	美国
否	23.64.179.215	美国
否	76.223.26.96	美国
否	96.47.230.68	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
scriptcc.cc	未知	A 96.47.230.68
ww1.scriptcc.cc	未知	CNAME 076789.parkingcrew.net A 76.223.26.96 A 13.248.148.254
d1lxhc4jvstzrp.cloudfront.net	未知	A 143.204.130.227 A 143.204.130.72 A 143.204.130.162 A 143.204.130.225
144.dragonparking.com	未知	A 104.207.153.254 A 144.202.119.80 A 45.77.121.63
7bc5c96aefaf3a514ead509f1bd5c0c9.parkingchina.diandongzhi.com	未知	CNAME all.parkingchina.diandongzhi.com.w.kunlunea.com A 124.239.227.219
r3.i.lencr.org	未知	CNAME crl.root-x1.letsencrypt.org.edgekey.net CNAME e8652.dscx.akamaiedge.net A 23.64.179.215
x1.i.lencr.org	未知
watson.microsoft.com	未知	A 104.208.16.93 CNAME legacywatson.trafficmanager.net CNAME onedsblobprdcus07.centralus.cloudapp.azure.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: REDACTED FOR PRIVACY
Country: REDACTED FOR PRIVACY
State: REDACTED FOR PRIVACY
City: REDACTED FOR PRIVACY
ZIP Code: REDACTED FOR PRIVACY
Address: REDACTED FOR PRIVACY

Orginization: None
Domain Name(s):
    SCRIPTCC.CC
Creation Date:
    2021-01-07 18:08:17
    2021-01-07 18:08:17
Updated Date:
    2022-02-17 05:34:48
    2022-03-04 15:19:04
Expiration Date:
    2023-01-07 18:08:17
    2023-01-07 18:08:17
Email(s):
    abuse@dynadot.com

Registrar(s):
    DYNADOT LLC
Name Server(s):
    NS1.BRAINYDNS.COM
    NS2.BRAINYDNS.COM
    ns1.brainydns.com
    ns2.brainydns.com
Referral URL(s):
    None

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2444, 上一级进程 PID: 2180

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.208.16.93	美国
否	124.239.227.219	中国
否	143.204.130.225	美国
否	144.202.119.80	美国
否	23.64.179.215	美国
否	76.223.26.96	美国
否	96.47.230.68	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49166	124.239.227.219 7bc5c96aefaf3a514ead509f1bd5c0c9.parkingchina.diandongzhi.com	443
192.168.122.201	49162	143.204.130.225 d1lxhc4jvstzrp.cloudfront.net	80
192.168.122.201	49165	144.202.119.80 144.dragonparking.com	80
192.168.122.201	49161	184.25.56.131	80
192.168.122.201	49167	23.64.179.215 r3.i.lencr.org	80
192.168.122.201	49168	23.64.179.215 r3.i.lencr.org	80
192.168.122.201	49160	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49163	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49164	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49159	96.47.230.68 scriptcc.cc	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
scriptcc.cc	未知	A 96.47.230.68
ww1.scriptcc.cc	未知	CNAME 076789.parkingcrew.net A 76.223.26.96 A 13.248.148.254
d1lxhc4jvstzrp.cloudfront.net	未知	A 143.204.130.227 A 143.204.130.72 A 143.204.130.162 A 143.204.130.225
144.dragonparking.com	未知	A 104.207.153.254 A 144.202.119.80 A 45.77.121.63
7bc5c96aefaf3a514ead509f1bd5c0c9.parkingchina.diandongzhi.com	未知	CNAME all.parkingchina.diandongzhi.com.w.kunlunea.com A 124.239.227.219
r3.i.lencr.org	未知	CNAME crl.root-x1.letsencrypt.org.edgekey.net CNAME e8652.dscx.akamaiedge.net A 23.64.179.215
x1.i.lencr.org	未知
watson.microsoft.com	未知	A 104.208.16.93 CNAME legacywatson.trafficmanager.net CNAME onedsblobprdcus07.centralus.cloudapp.azure.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49166	124.239.227.219 7bc5c96aefaf3a514ead509f1bd5c0c9.parkingchina.diandongzhi.com	443
192.168.122.201	49162	143.204.130.225 d1lxhc4jvstzrp.cloudfront.net	80
192.168.122.201	49165	144.202.119.80 144.dragonparking.com	80
192.168.122.201	49161	184.25.56.131	80
192.168.122.201	49167	23.64.179.215 r3.i.lencr.org	80
192.168.122.201	49168	23.64.179.215 r3.i.lencr.org	80
192.168.122.201	49160	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49163	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49164	76.223.26.96 ww1.scriptcc.cc	80
192.168.122.201	49159	96.47.230.68 scriptcc.cc	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://scriptcc.cc/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: scriptcc.cc Connection: Keep-Alive
URL专业沙箱检测 -> http://ww1.scriptcc.cc/?subid1=0e15e0e6-292a-11ed-bb35-6b7eede63c31	GET /?subid1=0e15e0e6-292a-11ed-bb35-6b7eede63c31 HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ww1.scriptcc.cc Connection: Keep-Alive Cookie: sid=0e15e0e6-292a-11ed-bb35-6b7eede63c31
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://d1lxhc4jvstzrp.cloudfront.net/scripts/js3.js	GET /scripts/js3.js HTTP/1.1 Accept: / Referer: http://ww1.scriptcc.cc/?subid1=0e15e0e6-292a-11ed-bb35-6b7eede63c31 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: d1lxhc4jvstzrp.cloudfront.net Connection: Keep-Alive
URL专业沙箱检测 -> http://ww1.scriptcc.cc/track.php?domain=scriptcc.cc&toggle=browserjs&uid=MTY2MTk0OTY0NS41MDA3OmJiOTlmNzMxNjhlNmJhNWJlZTMzZTNhNTNjNzZjNTM3NjIzYTVhZWM5NzZjMzE4NWI1OGYxMTRkNTU5M2FlYjc6NjMwZjU2Y2Q3YTNlMQ%3D%3D	GET /track.php?domain=scriptcc.cc&toggle=browserjs&uid=MTY2MTk0OTY0NS41MDA3OmJiOTlmNzMxNjhlNmJhNWJlZTMzZTNhNTNjNzZjNTM3NjIzYTVhZWM5NzZjMzE4NWI1OGYxMTRkNTU5M2FlYjc6NjMwZjU2Y2Q3YTNlMQ%3D%3D HTTP/1.1 Accept: / Accept-Language: zh-cn Referer: http://ww1.scriptcc.cc/?subid1=0e15e0e6-292a-11ed-bb35-6b7eede63c31 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ww1.scriptcc.cc Connection: Keep-Alive Cookie: sid=0e15e0e6-292a-11ed-bb35-6b7eede63c31
URL专业沙箱检测 -> http://ww1.scriptcc.cc/ls.php	POST /ls.php HTTP/1.1 Accept: / Accept-Language: zh-cn Referer: http://ww1.scriptcc.cc/?subid1=0e15e0e6-292a-11ed-bb35-6b7eede63c31 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ww1.scriptcc.cc Content-Length: 2186 Connection: Keep-Alive Cache-Control: no-cache Cookie: sid=0e15e0e6-292a-11ed-bb35-6b7eede63c31
URL专业沙箱检测 -> http://ww1.scriptcc.cc/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ww1.scriptcc.cc Connection: Keep-Alive Cookie: sid=0e15e0e6-292a-11ed-bb35-6b7eede63c31
URL专业沙箱检测 -> http://144.dragonparking.com/?site=scriptcc.cc&t=1661949645&s=d726b6ff13fde4beb8281f705788e72a	GET /?site=scriptcc.cc&t=1661949645&s=d726b6ff13fde4beb8281f705788e72a HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 144.dragonparking.com Connection: Keep-Alive
URL专业沙箱检测 -> http://r3.i.lencr.org/	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: r3.i.lencr.org
URL专业沙箱检测 -> http://x1.i.lencr.org/	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: x1.i.lencr.org

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2022-08-31 20:40:48.199898+0800	192.168.122.201	49166	124.239.227.219	443	TLS 1.2	C=US, O=Let's Encrypt, CN=R3	CN=*.parkingchina.diandongzhi.com	41:6e:49:09:a7:23:cd:86:61:20:21:89:c6:4a:25:90:9c:07:a0:12

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 29.929 seconds )

15.25 NetworkAnalysis
11.78 Suricata
1.78 Static
1.089 VirusTotal
0.019 AnalysisInfo
0.007 BehaviorAnalysis
0.004 Memory

Signatures ( 0.0 seconds )

Reporting ( 0.0 seconds )


Task ID	706521
Mongo ID	630f58107e769a67086c1eea
Cuckoo release	1.4-Maldun