CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-120-1//2015-04-22_capture-win4.pcap 06/01/15 20:07:28 0.2 b10 02/03/08 02:07:38

Flow View


Client Details

IP10.0.2.104
MAC08:00:27:62:20:12
USER-AGENTMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Conversations

mail.google.com    (173.194.122.22:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/text/html0.html200 OKHTML232.0 B02/03/08 02:07:38
1/mail/text/html1.html302 Moved TemporarilyHTML174.0 B02/06/08 13:02:30

mail.yahoo.com    (188.125.80.138:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/(2)text/html(2)302 FoundTEXT82.0 B01/01/95 06:46:10
14/(3)text/html(3)302 FoundTEXT82.0 B05/21/95 00:44:05

www.bing.com    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
3/sa/simg/sw_mg_l_4d_orange.pngimage/pngsw_mg_l_4d_orange.png200 OKPNG5.7 KB01/07/95 17:41:13
4/search?q=mail.yahoo.com&src=IE-SearchBox&FORM=IE8SRCtext/htmlsearch200 OKHTML62.3 KB01/05/95 14:04:02
5/rms/Shared.Bundle/jc/37b37add/d66d89c6.js?bu=rms+serp+Shared%24shared_c.source%2cShared%24env_c.source%2cShared%24event.custom_c.source%2cShared%24event.native_c.source%2cShared%24onHTML_c.source%2cShared%24dom_c.source%2cShared%24cookies_c.source%2cShared%24rms_c.source%2cShared%24clientinst_c.source%2cShared%24replay_c.source%2cAnimation_c.source%2cfadeAnimation_c.source%2cShared%24framework_c.sourceapplication/x-javascriptd66d89c6.js200 OKTEXT10.3 KB01/11/95 17:19:23
6/rms/Framework/jc/6669efd0/5f66eff0.js?bu=rms+answers+BoxModel+config%2crules%24rulesBHead2%2ccore%2cmodules%24scroll%2cmodules%24resize%2cmodules%24state%2cmodules%24mutation%2cmodules%24error%2cmodules%24network%2cmodules%24cursor%2cmodules%24keyboardapplication/x-javascript5f66eff0.js200 OKTEXT13.5 KB01/11/95 22:51:16
7/fd/ls/l?IG=da9212daa593434a9afad306c6cc94fd&Type=Event.CPT&DATA={"pp":{"S":"L","FC":90,"BC":290,"H":290,"BP":400,"CT":430,"IL":1}}&P=SERP&DA=DB4image/gifl200 OKGIF42.0 B01/11/95 15:56:47
8/rms/rms%20answers%20Identity%20Blue$BlueIdentityDropdownBootStrap/jc/afd2a963/04592351.jsapplication/x-javascript04592351.js200 OKTEXT1.2 KB01/11/95 23:32:01
9/rms/rms%20answers%20Identity%20Blue$BlueIdentityHeader/jc/6874c2cd/37eb3cec.jsapplication/x-javascript37eb3cec.js200 OKTEXT707.0 B01/11/95 23:36:06
10/rms/rms%20answers%20Identity%20SnrWindowsLiveConnectBootstrap/jc/8e462492/c76620da.jsapplication/x-javascriptc76620da.js200 OKTEXT257.0 B01/23/95 13:15:48
11/rms/rms%20serp%20blue$WebResultToolbox.source/jc/6a46ec81/bcf861d0.jsapplication/x-javascriptbcf861d0.js200 OKTEXT3.7 KB01/23/95 13:12:50
12/sa/8_01_1_3872466/UpdateDefaults.jsapplication/x-javascriptUpdateDefaults.js200 OKTEXT656.0 B01/26/95 22:29:05
13/fd/ls/GLinkPing.aspx?IG=da9212daa593434a9afad306c6cc94fd&&ID=SERP,5111.1image/gifGLinkPing.aspx200 OKGIF42.0 B05/18/95 20:43:30
15/(4)text/html(4)200 OKHTML54.7 KB11/09/95 04:00:54
16/s/a/hpc12.pngimage/pnghpc12.png200 OKPNG5.4 KB11/10/95 05:48:20
17/fd/ls/lsp.aspxlsp.aspx204 No Content0.0 B04/17/95 17:54:07
18/fd/ls/l?IG=9a6ed0141362479a9dedcd59248916ff&Type=Event.CPT&DATA={"pp":{"S":"L","FC":-1,"BC":-1,"H":491,"BP":501,"CT":541,"IL":1}}&P=SERP&DA=PRG01v2image/gifl200 OKGIF42.0 B11/16/95 09:13:07
19/rms/rms%20answers%20Identity%20FacebookConnect/jc/4cfbb990/3114c30f.jsapplication/x-javascript3114c30f.js200 OKTEXT320.0 B11/16/95 16:21:58
20/rms/Framework/jc/9b8b7b5d/1246c254.js?bu=rms+answers+BoxModel+config%2crules%24rulesHP%2ccore%2cmodules%24scroll%2cmodules%24resize%2cmodules%24state%2cmodules%24mutation%2cmodules%24error%2cmodules%24network%2cmodules%24cursor%2cmodules%24keyboardapplication/x-javascript1246c254.js200 OKTEXT13.4 KB11/23/95 20:33:31
21/sa/8_01_1_3872466/homepageImgViewer_c.jsapplication/x-javascripthomepageImgViewer_c.js200 OKTEXT11.7 KB11/24/95 03:23:54
22/fd/fb/r?v=9_00_0_3865645&sId=6r404 Not Found0.0 B11/25/95 08:08:15
23/az/hprichbg/rb/FrogSibs_ROW11059594614_1366x768.jpgimage/jpegFrogSibs_ROW11059594614_1366x768.jpg200 OKJPG133.2 KB11/24/95 03:13:54
24/HPImageArchive.aspx?format=js&idx=0&n=1&nc=1428685012605&pid=hpapplication/jsonHPImageArchive.aspx200 OKTEXT666.0 B12/01/95 15:54:14
25/rms/AutoSugBasicBlue/jc/1b20cee7/9dd82884.js?bu=rms+answers+AutoSuggest+Modules%24Service%2cApi%2cDataProviders%24GenericDataProvider%2cAutoSuggestCanvas_r%2cAutoSuggestLayoutBlue_r%2cAutoSuggestSearchForm_r%2cAutoSuggestInit_rapplication/x-javascript9dd82884.js200 OKTEXT33.6 KB11/24/95 03:19:15
26/notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22SERP.2000%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=9a6ed0141362479a9dedcd59248916ff&IID=SERP.2000text/htmlrender200 OK0.0 B12/01/95 14:08:24
27/s/a/hp_officemenu_sprite.pngimage/pnghp_officemenu_sprite.png200 OKPNG4.1 KB12/14/95 13:30:54
28/fd/ls/l?IG=9a6ed0141362479a9dedcd59248916ff&Type=Event.PPT&DATA={"S":0,"E":3004,"T":0,"I":0,"N":{"H":{"S":1182,"E":2904,"T":10}},"M":{}}&P=SERP&DA=PRG01v2image/gifl200 OKGIF42.0 B12/15/95 06:29:03
30/az/hprichbg/rb/GivernyGardenSpring_ROW10900280284_1366x768.jpgimage/jpegGivernyGardenSpring_ROW10900280284_1366x768.jpg200 OKJPG176.3 KB12/14/95 00:17:26