CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-197-1//2016-11-4_win10.pcap 11/04/16 21:55:36 0.2 b10 11/08/79 22:42:04

Flow View

cdnus.rudepedexe.comcdn.castplatform.comd.nadel56.uscdn.nadel56.usic-dc.townpackagecentral.comcdneu.rudepedexe.comos.rudepedexe.comrp.rudepedexe.comClient

Client Details

IP192.168.1.120
MAC08:00:27:82:ad:f3
USER-AGENTMozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)

Conversations

rp.rudepedexe.com    (52.49.115.83:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/?v=2.0&subver=6.21&pcrc=1985148332text/html0.html200 OKTEXT4.0 B11/08/79 22:42:04
3/?v=2.0&subver=6.21&pcrc=1501112100text/html3.html200 OKTEXT4.0 B12/28/80 07:47:10

os.rudepedexe.com    (54.229.133.176:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/FusionCDBurnerXP/?v=6.0&c=1030847298&t=867156text/plain1.html200 OKBINARY142.8 KB11/08/79 22:47:18

cdneu.rudepedexe.com    (46.166.187.59:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/ofr/Solululadul/asgnd.cisapplication/octet-streamasgnd.cis200 OK0.0 B03/25/80 21:44:28

ic-dc.townpackagecentral.com    (54.192.46.116:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/typ.htmltext/htmltyp.html200 OKHTML1.9 KB11/27/81 12:13:46
5/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/css/style.csstext/cssstyle.css200 OKTEXT2.0 KB12/05/81 05:36:25
6/pr/public/js/functions.jsapplication/javascriptfunctions.js200 OKTEXT372.0 B12/05/81 05:39:48
7/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/img/bullet.pngimage/pngbullet.png200 OKPNG800.0 B12/31/81 20:23:47
13/pr/1cf3bb64-91be-4b8b-9f56-acbf139b414f/assets/img/banner.pngimage/pngbanner.png200 OKPNG177.5 KB12/31/81 20:18:54

cdn.nadel56.us    (198.232.125.32:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
8/scripts/1/adnl.min.jstext/javascriptadnl.min.js200 OKTEXT58.7 KB01/20/82 21:41:24
10/layouts/native_800x440.js?v=4.4.29text/javascriptnative_800x440.js200 OKTEXT9.0 KB02/19/82 03:59:32

d.nadel56.us    (40.127.174.50:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
9/api/vv/1?callback=cb_1476890339513&ts=1476890339493&sessionId=plgVQ&rfr=&siteId=208154&aus=8954,1,0text/javascript1200 OKTEXT1.3 KB02/13/82 08:22:34
11/api/vp/1?clk=FghqCb-X1U4OOpNHCgbW_8L-40w0SJXJZJgw26OvevS1cce0NWPytjtMZoKA3_AqRiD24IMaWPtWsccdYaSVRQLgHEWyXpHqcx6H2I-Vb0JYbD_wXEgM-JplD8QjvRHL7K2Dyf4M3g0r2nAgqv75dMOG-ZG3R3fT_nK4nkju5GqaCIgAQajh8PIuLCozNJLOxd5ry3H6MOwmakHkP9_GqOWE9fZr87PRFWcG5dPhMx3YMr5W9ylh75T9F5tKGhL_uzkxVr7H35olsLjQC4D4kR8R7zRKb5LFFBtw2GsFqsPcyuwXgOhxQXTtUiGDEsoNBlncnAvcgPqm9mO0mJ0b3XreAay6S5HiYWg1Mg-4op2ib3NSMClY8jKdgB84nnL6hB_rMd2YtInz5dLzK0718xpUw3sEjz3VuszsIFTny20-ERJ8k7-p9OEKqIDytbOkITQ6Az45Sd1NHs-bsofqP1bMsFvkXo8Xl0AXEG_DvZE&rfr=image/gif1200 OKGIF43.0 B03/16/82 14:50:52

cdn.castplatform.com    (198.232.124.20:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
12/images/e7a4e4d2-ba80-4d3a-aa5a-077d077dfa84.gifimage/gife7a4e4d2-ba80-4d3a-aa5a-077d077dfa84.gif200 OKGIF6.3 KB03/17/82 13:03:12

cdnus.rudepedexe.com    (50.115.122.45:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
14/ofr/Solululadul/asgnd.cis(2)application/octet-streamasgnd.cis(2)206 Partial ContentBINARY57.0 KB03/28/80 05:14:28