CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-206-1//2016-12-02_win2.pcap 12/02/16 21:01:39 0.2 b10 06/10/29 00:35:39

Flow View

www.msftncsi.com148.222.113.14476.164.143.107185.117.72.90www.microsoft.commicrosoft.comClient

Client Details

IP192.168.1.112
MAC08:00:27:e1:e3:8a
USER-AGENTMozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Conversations

185.117.72.90    (185.117.72.90:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/upload.phptext/htmlupload.php404 Not FoundHTML287.0 B06/10/29 00:35:39

microsoft.com    (23.96.52.53:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/text/html1.html301 Moved PermanentlyTEXT148.0 B06/11/29 04:27:53

www.microsoft.com    (23.38.83.140:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/(2)(2)302 Moved Temporarily0.0 B06/18/29 04:03:55
3/cs-cz/text/html3.html200 OKTEXT67.0 KB06/20/29 12:32:25
8/(7)(7)302 Moved Temporarily0.0 B03/15/39 13:32:05
13/(12)(12)302 Moved Temporarily0.0 B12/10/48 14:53:38

76.164.143.107    (76.164.143.107:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/(3)(3)TEXT0.0 B06/10/29 00:39:31
5/(4)(4)TEXT0.0 B10/31/31 23:03:26
6/(5)(5)TEXT0.0 B04/27/34 15:41:24
7/(6)(6)TEXT0.0 B10/22/36 08:53:01
9/(8)(8)TEXT0.0 B04/18/39 23:14:03
10/(9)(9)TEXT0.0 B10/13/41 16:27:01
11/(10)(10)TEXT0.0 B04/09/44 09:29:54
12/(11)(11)TEXT0.0 B10/04/46 23:45:08
14/(13)(13)TEXT0.0 B03/31/49 16:51:41
15/(14)(14)TEXT0.0 B09/26/51 10:04:11
16/(15)(15)TEXT0.0 B03/23/54 03:13:10
17/(16)(16)TEXT0.0 B09/16/56 20:20:37
18/(17)(17)TEXT0.0 B03/14/59 13:27:48
19/(18)(18)TEXT0.0 B09/08/61 06:32:07
20/(19)(19)TEXT0.0 B03/04/64 21:04:00
21/(20)(20)TEXT0.0 B08/30/66 15:29:00
22/(21)(21)TEXT0.0 B02/24/69 07:09:53
23/(22)(22)TEXT0.0 B08/22/71 00:30:32
24/(23)(23)TEXT0.0 B02/15/74 17:27:38
25/(24)(24)TEXT0.0 B08/12/76 10:37:21
26/(25)(25)TEXT0.0 B02/07/79 03:40:54
27/(26)(26)TEXT0.0 B08/03/81 18:14:07
28/(27)(27)TEXT0.0 B02/13/84 07:13:22
29/(28)(28)TEXT0.0 B08/14/86 04:40:37
30/(29)(29)TEXT0.0 B02/10/89 16:31:33
31/(30)(30)TEXT0.0 B08/08/91 09:47:10
32/(31)(31)TEXT0.0 B02/02/94 02:51:44
33/(32)(32)TEXT0.0 B07/29/96 19:54:20
34/(33)(33)TEXT0.0 B01/24/99 13:04:13
35/(34)(34)TEXT0.0 B07/22/01 06:17:05

148.222.113.144    (148.222.113.144:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
36/(35)(35)TEXT0.0 B02/10/22 22:25:11
37/(36)(36)TEXT0.0 B05/09/22 07:45:10
38/(37)(37)TEXT0.0 B08/08/22 04:37:05
39/(38)(38)TEXT0.0 B11/07/22 01:15:29
40/(39)(39)TEXT0.0 B02/05/23 22:10:06
41/(40)(40)TEXT0.0 B05/07/23 19:04:30
42/(41)(41)TEXT0.0 B08/06/23 15:59:08
43/(42)(42)TEXT0.0 B11/05/23 12:37:23
44/(43)(43)TEXT0.0 B02/04/24 09:32:08
45/(44)(44)TEXT0.0 B05/05/24 06:27:46
46/(45)(45)TEXT0.0 B08/04/24 03:05:36
47/(46)(46)TEXT0.0 B11/03/24 00:01:09
48/(47)(47)TEXT0.0 B02/01/25 20:55:35
49/(48)(48)TEXT0.0 B05/03/25 17:49:45
50/(49)(49)TEXT0.0 B08/02/25 14:28:10
51/(50)(50)TEXT0.0 B11/01/25 11:23:02
52/(51)(51)TEXT0.0 B01/31/26 08:17:15
53/(52)(52)TEXT0.0 B05/02/26 04:56:29
54/(53)(53)TEXT0.0 B08/01/26 01:51:08
55/(54)(54)TEXT0.0 B10/30/26 22:45:52
56/(55)(55)TEXT0.0 B01/29/27 19:40:37
57/(56)(56)TEXT0.0 B04/30/27 16:18:30
58/(57)(57)TEXT0.0 B07/30/27 13:12:49
59/(58)(58)TEXT0.0 B10/29/27 10:07:53
60/(59)(59)TEXT0.0 B01/28/28 06:45:34
61/(60)(60)TEXT0.0 B04/28/28 03:40:20
62/(61)(61)TEXT0.0 B07/28/28 00:36:05
63/(62)(62)TEXT0.0 B10/26/28 21:30:37
64/(63)(63)TEXT0.0 B01/25/29 18:28:00
65/(64)(64)TEXT0.0 B04/26/29 15:19:33

www.msftncsi.com    (195.113.232.73:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
66/ncsi.txttext/plainncsi.txt200 OKTEXT14.0 B12/13/24 18:49:18