CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-201-1//2016-11-17_win15.pcap 11/17/16 19:09:36 0.2 b10 09/06/75 07:41:30

Flow View


Client Details

IP192.168.1.125
MAC08:00:27:44:99:65
USER-AGENTAppworkWI_26062015_1

Conversations

installer.jdownloader.org    (85.131.130.148:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/wb131213656838239904twoapplication/octet-stream"WebInstaller.exe"200 OKEXE77.9 KB09/06/75 07:41:30
1/rand_13121365696622393651/2434/1/windows/32/__/0/jdownloader2jdownloader2302 Found0.0 B12/04/75 11:26:45
4/version_536/ic/JD2SilentSetup_x86.exeapplication/octet-stream"JDownloader2Setup.exe"200 OK0.0 B01/06/79 20:16:46
25/ic/html/jd2_betatext/htmljd2_beta200 OKHTML177.0 B08/09/30 21:47:37
27/ic/html/img.pngimage/pngimg.png200 OKPNG82.9 KB08/09/30 21:54:17
39/feed_13121365696622393651/2434/windows/0/jdownloader2/OK/00302 Found0.0 B09/16/30 10:58:37
41/feed_13121365696622393651/2434/1/windows/0/jdownloader2/OK/00302 Found0.0 B09/16/30 11:03:37
43/feed_13121365696622393651/2434/windows/7/32/0/jdownloader2/OK/00302 Found0.0 B09/16/30 11:10:57

fetch.jdcdn.org    (148.251.68.18:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/download/dl/forward?rand_13121365696622393651/2434/1/windows/32/__/0/jdownloader2application/octet-stream"JDownloader2Setup.exe"200 OKEXE992.0 KB12/07/75 11:03:29
40/download/dl/feedback?feed_13121365696622393651/2434/windows/0/jdownloader2/OK/0feedback404 Not Found0.0 B09/16/30 11:01:09
42/download/dl/feedback?feed_13121365696622393651/2434/1/windows/0/jdownloader2/OK/0feedback404 Not Found0.0 B09/16/30 11:05:39
44/download/dl/feedback?feed_13121365696622393651/2434/windows/7/32/0/jdownloader2/OK/0feedback404 Not Found0.0 B09/16/30 11:13:00

rp.Dodedore.com    (52.49.115.83:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
3/?v=2.0&subver=6.21&pcrc=1709845518text/html3.html200 OKTEXT4.0 B10/28/78 08:08:53
37/?v=2.0&subver=6.21&pcrc=2058360110text/html37.html200 OKTEXT4.0 B09/16/30 06:47:52
38/?v=2.0&subver=6.21&pcrc=2001962769text/html38.html200 OKTEXT4.0 B09/16/30 08:10:29

os.Dodedore.com    (52.19.5.95:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/JDownloader2/?v=6.0&c=2026208632&t=404551text/plain5.html200 OKBINARY310.1 KB11/29/78 14:45:23

cdneu.jdownloadercdn.com    (46.166.187.59:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
6/ofr/Solululadul/asgnd.cisapplication/octet-streamasgnd.cis200 OK0.0 B01/14/80 02:09:16
7/ofr/Solululadul/osutils.cisapplication/octet-streamosutils.cis200 OK0.0 B01/14/80 02:18:29

cdnus.jdownloadercdn.com    (50.115.122.45:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
8/ofr/Solululadul/osutils.cis(2)application/octet-streamosutils.cis(2)206 Partial ContentBINARY3.9 KB01/19/80 09:08:35
82/ofr/Solululadul/asgnd.cis(2)application/octet-streamasgnd.cis(2)206 Partial ContentBINARY61.3 KB01/19/80 09:00:58

img.dodedore.com    (199.58.87.110:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
9/img/Malaromoro/bg2.jpgimage/jpegbg2.jpg200 OKJPG57.8 KB01/25/80 15:56:56
10/img/Tuburera/logo.pngimage/pnglogo.png200 OKPNG8.8 KB04/06/80 02:44:37
11/img/Tuburera/truste.pngimage/pngtruste.png200 OKPNG11.3 KB04/27/80 02:04:23
12/img/Tuburera/bar7.pngimage/pngbar7.png200 OKPNG10.4 KB05/16/80 07:58:15
13/img/Tuburera/logo_b.pngimage/pnglogo_b.png200 OKPNG11.5 KB05/26/80 10:03:54
14/img/Malaromoro/bg1.jpgimage/jpegbg1.jpg200 OKJPG186.3 KB01/14/80 02:31:58
15/img/Rewudaw/BG.jpgimage/jpegBG.jpg200 OKJPG100.5 KB06/16/80 01:05:17
16/img/IE_logo_new.pngimage/pngIE_logo_new.png200 OKPNG5.8 KB09/11/80 13:25:40
17/img/FF_logo_new.pngimage/pngFF_logo_new.png200 OKPNG6.0 KB09/21/80 11:36:18
18/img/CH_logo_new.pngimage/pngCH_logo_new.png200 OKPNG4.7 KB09/29/80 13:47:19
19/img/Cazurazihiz/Cazurazihiz.pngimage/pngCazurazihiz.png200 OKPNG5.8 KB10/09/80 00:35:40
20/img/Rewudaw/BG_FS.jpgimage/jpegBG_FS.jpg200 OKJPG70.8 KB09/07/80 14:53:16
21/img/Fividof/BG.pngimage/pngBG.png200 OKPNG27.1 KB12/16/80 23:24:07
22/img/Fividof/FS_BG.pngimage/pngFS_BG.png200 OKPNG20.4 KB01/26/81 05:46:07
23/img/Nininininon/Nininininon.pngimage/pngNininininon.png200 OKPNG405.9 KB10/18/80 09:42:24

cdneu.jdownloadercdn.com    (146.185.27.45:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
24/ofr/Fividof/Foxit_09Aug16.cisapplication/octet-streamFoxit_09Aug16.cis200 OK0.0 B08/09/30 15:32:32

rp.Dodedore.com    (52.51.40.46:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
26/?v=2.0&subver=6.21&pcrc=1122492873text/html26.html200 OKTEXT4.0 B08/09/30 21:54:01

stats.appwork.org    (148.251.68.18:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
28/jcgi/event/track?Setup%2fjdownloader2%2fic%2fstarted&%7b%22os%22%3a%22WINDOWS_7%22%2c%22setupID%22%3a%22ic%22%2c%22appID%22%3a%22jdownloader2%22%2c%22source%22%3a%22setup2%22%2c%22_id%22%3a%223572d7a44355a7fb7a2709fb2894df26%22%7dapplication/jsontrack200 OKTEXT49.0 B08/10/30 10:37:01
29/jcgi/event/track?Setup%2fjdownloader2%2fic%2fgui&%7b%22os%22%3a%22WINDOWS_7%22%2c%22setupID%22%3a%22ic%22%2c%22appID%22%3a%22jdownloader2%22%2c%22source%22%3a%22setup2%22%2c%22_id%22%3a%22018e992577a3e62f76e48d22eb3b7ffb%22%7dapplication/jsontrack200 OKTEXT49.0 B08/10/30 11:09:18
30/jcgi/event/track?Setup%2fjdownloader2%2fic%2finstalled&%7b%22os%22%3a%22WINDOWS_7%22%2c%22setupID%22%3a%22ic%22%2c%22appID%22%3a%22jdownloader2%22%2c%22source%22%3a%22setup2%22%2c%22_id%22%3a%229344b14b710ac9a486058d142da4bb96%22%7dapplication/jsontrack200 OKTEXT49.0 B08/10/30 16:43:12

update.appwork.org    (176.9.34.43:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
31/jcgi/uid?1478804521359text/plainuid200 OKTEXT110.0 B08/10/30 17:25:11
32/jcgi/pkg?rt=SO&jn=JDownloader.jar&pv=1&uid=1.VOAgbqsaVnB1LGZlSHLRa7zi3ZxFW9HQsKWaCpsjyTD07Mdw7luJLw64TJaEOTslj%2BHJjO2FPLxxrckWowroGbBo8uSxA44jpiBO37EpoRA%3D&pkh=12f1848a883e733ed40fffff0dae2f35&app=JDU&os=WINDOWS&arch=X86&os64=0&jvm64=0&webinstaller=1&reinstall=0&awfcxz=1&eid=&eir=&eip=&dst=-1&lng=en&chlg=0&jdiff=1&rev=-1&1478804522655text/plainpkg200 OKTEXT700.0 B08/10/30 17:28:13
34/jcgi/uid?1478804857487text/plainuid200 OKTEXT110.0 B08/14/30 14:22:40
35/jcgi/pkg?rt=SO&jn=JDownloader.jar&pv=1&uid=1.COUIFmR8YsHtRobjpKyaBMgsSxXhUx1uDU7QXhnEIfZyH77x9o8fK73kRQi%2F9q7P3IJeBFKPU%2BdmWEyUvOep9UYMXp0EY4DqaUfWOqBRTwk%3D&pkh=12f1848a883e733ed40fffff0dae2f35&app=JD&os=WINDOWS&arch=X86&os64=0&jvm64=0&webinstaller=1&reinstall=0&awfcxz=1&eid=&eir=&eip=&dst=-1&lng=en&chlg=0&jdiff=1&rev=-1&1478804857618text/plainpkg200 OKTEXT695.0 B08/14/30 14:24:36

cdn6.appwork.org    (176.9.43.113:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
33/JDU/8931/19419947444069d8c58aab3413158ac360edafa115ea49-0text/html19419947444069d8c58aab3413158ac360edafa115ea49-0502 Bad GatewayHTML166.0 B08/10/30 18:01:22

cdn8.appwork.org    (85.131.130.147:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
36/JD/8906/19436936912d243d53fc0a629fe2b7b15d2da6f5d94e83-0application/octet-stream19436936912d243d53fc0a629fe2b7b15d2da6f5d94e83-0200 OKBINARY31.2 MB08/14/30 14:38:34

jdownloader.org    (5.135.151.225:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
45/thankyoutext/htmlthankyou200 OKHTML13.2 KB09/16/30 12:34:05
46/lib/exe/css.php?s=print&t=arctictext/csscss.php200 OKTEXT13.6 KB09/16/30 13:16:21
48/lib/exe/css.php?t=arctictext/csscss.php200 OKTEXT54.5 KB09/16/30 13:16:21
49/lib/exe/css.php?s=all&t=arctictext/csscss.php200 OKTEXT2.9 KB09/16/30 13:16:21
51/lib/tpl/arctic/jdstyle.css?10text/cssjdstyle.css200 OKTEXT4.3 KB09/16/30 13:32:57
53/lib/exe/js.php?edit=0&write=0text/javascriptjs.php200 OKTEXT44.2 KB09/16/30 13:16:21
55/lib/plugins/indexmenu/indexmenu.jstext/javascriptindexmenu.js200 OKTEXT16.8 KB09/16/30 13:32:57
56/lib/scripts/cookieWarner.js?10text/javascriptcookieWarner.js200 OKTEXT8.4 KB09/16/30 13:32:57
57/lib/plugins/indexmenu/jsmenu/menu.jstext/javascriptmenu.js200 OKTEXT2.1 KB09/16/30 13:32:56
59/lib/tpl/arctic/images/logo.pngimage/pnglogo.png200 OKPNG23.4 KB09/16/30 15:25:55
61/lib/tpl/arctic/images/tool-login.pngimage/pngtool-login.png200 OKPNG650.0 B09/16/30 17:07:12
63/lib/tpl/arctic/images/privacy.pngimage/pngprivacy.png200 OKPNG277.0 B09/16/30 17:04:07
65/lib/plugins/gallery/images/expand.gifimage/gifexpand.gif200 OKGIF209.0 B09/16/30 17:11:41
66/lib/tpl/arctic/images/button-rss.pngimage/pngbutton-rss.png200 OKPNG280.0 B09/16/30 17:20:44
67/lib/plugins/gallery/images/close.gifimage/gifclose.gif200 OKGIF99.0 B09/16/30 17:11:41
68/lib/plugins/gallery/images/prev.gifimage/gifprev.gif200 OKGIF94.0 B09/16/30 17:11:42
69/lib/tpl/arctic/images/tool-index.pngimage/pngtool-index.png200 OKPNG935.0 B09/16/30 17:07:12
70/lib/plugins/gallery/images/loading.gifimage/gifloading.gif200 OKGIF2.2 KB09/16/30 17:11:41
71/lib/tpl/arctic/images/button-chimeric-de.pngimage/pngbutton-chimeric-de.png200 OKPNG296.0 B09/16/30 17:04:07
72/lib/tpl/arctic/images/button-cc.gifimage/gifbutton-cc.gif200 OKGIF1.2 KB09/16/30 17:04:07
74/lib/plugins/gallery/images/next.gifimage/gifnext.gif200 OKGIF93.0 B09/16/30 17:11:41
76/lib/exe/indexer.php?id=thankyou&1478807700image/gifindexer.php200 OKGIF42.0 B09/16/30 17:20:43
77/lib/plugins/gallery/images/overlay.pngimage/pngoverlay.png200 OKPNG406.0 B09/16/30 17:56:00
80/lib/exe/opensearch.phpapplication/opensearchdescription+xmlopensearch.php200 OKXML507.0 B09/17/30 01:30:20
81/lib/tpl/arctic/images/favicon.icoapplication/octet-streamfavicon.ico200 OKICO14.7 KB09/17/30 01:34:03

api.flattr.com    (104.27.166.108:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
47/button/load.jsapplication/javascriptload.js200 OKTEXT7.8 KB09/16/30 13:18:51

www.google.de    (172.217.23.227:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
50/coop/cse/brand?form=cse-search-box&lang=entext/htmlbrand302 FoundHTML265.0 B09/16/30 13:35:27

pagead2.googlesyndication.com    (216.58.201.98:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
52/pagead/show_ads.jstext/javascript"f.txt"200 OKTEXT11.1 KB09/16/30 13:18:51
54/pagead/js/adsbygoogle.jstext/javascript"f.txt"200 OKTEXT17.4 KB09/16/30 13:29:28
62/pagead/js/r20161031/r20161108/show_ads_impl.jstext/javascript"f.txt"200 OKTEXT65.7 KB09/16/30 15:25:54

www.google-analytics.com    (172.217.23.238:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
58/ga.jstext/javascriptga.js200 OKTEXT15.6 KB09/16/30 15:19:44
60/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=575208114&utmhn=jdownloader.org&utmcs=utf-8&utmsr=819x583&utmvp=798x368&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r22&utmdt=JDownloader.org%20-%20Official%20Homepage&utmhid=1826248731&utmr=-&utmp=%2Fthankyou&utmht=1478807717870&utmac=UA-6767463-3&utmcc=__utma%3D61684019.1131694319.1478807715.1478807715.1478807715.1%3B%2B__utmz%3D61684019.1478807715.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=840366557&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~image/gif__utm.gif200 OKGIF35.0 B09/16/30 16:55:59
64/__utm.gif?utmwv=5.6.7&utms=1&utmn=2040696807&utmhn=jdownloader.org&utmcs=utf-8&utmsr=819x583&utmvp=798x368&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r22&utmdt=JDownloader.org%20-%20Official%20Homepage&utmhid=1826248731&utmr=-&utmp=%2Fthankyou&utmht=1478807718391&utmac=UA-6767463-2&utmcc=__utma%3D30312164.958603305.1478807718.1478807718.1478807718.1%3B%2B__utmz%3D30312164.1478807718.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=&utmmt=1&utmu=rBAAAAAAAAAAAAAAAAAAAAgE~image/gif__utm.gif200 OKGIF35.0 B09/16/30 17:04:07

connect.facebook.net    (31.13.69.203:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
73/de_DE/sdk.jsapplication/x-javascriptsdk.js200 OKTEXT57.6 KB09/16/30 15:26:01

button.flattr.com    (104.27.167.108:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
75/view/?e=1&url=http%3A%2F%2Fjdownloader.org&button=compact&text/html75.html200 OKHTML2.0 KB09/16/30 17:19:19

staticxx.facebook.com    (31.13.69.203:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
78/connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42text/htmlfTmIQU3LxvB.js200 OKHTML11.0 KB09/16/30 18:12:18

ajax.cloudflare.com    (198.41.214.68:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
79/cdn-cgi/nexp/dok3v=088620b277/cloudflare.min.jstext/javascriptcloudflare.min.js200 OKTEXT59.2 KB09/16/30 18:09:05

cdnus.jdownloadercdn.com    (199.58.87.151:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
83/ofr/Fividof/Foxit_09Aug16.cis(2)Foxit_09Aug16.cis(2)0.0 B08/09/30 16:15:21
84/ofr/Fividof/Foxit_09Aug16.cis(3)Foxit_09Aug16.cis(3)0.0 B08/09/30 17:22:35