CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-232-1//2017-02-27_win18.pcap 03/13/17 20:38:08 0.2 b10 12/09/73 04:30:24

Flow View


Client Details

IP192.168.1.128
MAC08:00:27:71:a0:14
USER-AGENTInstaller Doctor/1.0 (Windows)

Conversations

www.uc123.com    (195.27.31.253:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/pcbrowser_i18n/downloader.php?pid=4601&version=1.0.0.0&os=win&arch=x86text/htmldownloader.php200 OKTEXT609.0 B12/09/73 04:30:24
6/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601&mid=6177f69460fced6f14822eaec740597f&midex=12401edcd32856c16746d16d5f4b2e89v0000002a04b026atext/htmlinstall_blacklist.php200 OK0.0 B04/13/11 07:54:25
8/common/i18n-guide.php?old_ver=¤t_ver=6.0.1308.1016&lang=en-UStext/htmli18n-guide.php200 OKTEXT101.0 B10/03/15 06:22:12

down2.uc.cn    (123.150.188.19:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/pcbrowser_i18n/down.php?id=101&type=md5&pid=4601text/htmldown.php302 Moved Temporarily0.0 B12/30/73 22:22:43
3/pcbrowser_i18n/down.php?id=101&type=zip&pid=4601text/htmldown.php302 Moved Temporarily0.0 B01/31/74 07:55:20

umcdnpc.ucweb.com    (80.231.122.135:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/down/i18n/35151/4601/UCBrowser_V6.0.1308.1016_4601_(Build1701181900)_(en-us).exe.md5application/octet-streamUCBrowser_V6.0.1308.1016_4601_(Build1701181900)_(en-us).exe.md5200 OKTEXT68.0 B01/24/74 13:47:51

umcdnpc.ucweb.com    (195.113.232.90:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/down/i18n/35151/4601/UCBrowser_V6.0.1308.1016_4601_(Build1701181900)_(en-us).exe.zipapplication/zipUCBrowser_V6.0.1308.1016_4601_(Build1701181900)_(en-us).exe.zip206 Partial ContentBINARY8.3 MB04/16/88 19:00:03

ucip.uc.cn    (168.235.193.157:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/get_ip_attr?type=1&format=0&caller=gj_pcbrowser&key=097a6150b0c772f7952807c0cb48fb86text/htmlget_ip_attr200 OKTEXT119.0 B04/04/11 03:22:12

gj.track.uc.cn:9080    (168.235.193.141:9080)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
7/collect?pg=newtabpv<=event&appid=2796a51d9ed0&fr=PC&ver=6.0.1308.1016&uuid=12401edcd32856c16746d16d5f4b2e89v0000002a04b026a&firstpid=4601&bid=35151&lang=en-US&reload=0text/plaincollect200 OKTEXT33.0 B09/27/15 06:16:25

ip.taobao.com    (42.120.226.92:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
9/service/getIpInfo.php?ip=myiptext/htmlgetIpInfo.php200 OKTEXT203.0 B09/24/15 17:21:19

image.uc.cn    (195.27.31.253:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
10/s/brpc/g/newtab_rect_en/s.click.aliexpress.com.jpgimage/jpegs.click.aliexpress.com.jpg404 Not FoundTEXT1.0 B10/03/15 06:07:05
13/s/brpc/g/newtab2_en/s.click.aliexpress.com.pngimage/pngs.click.aliexpress.com.png404 Not FoundTEXT1.0 B01/07/16 16:46:24
14/s/brpc/g/newtab_rect_en/facebook.com.jpgimage/jpegfacebook.com.jpg200 OKJPG9.6 KB01/14/16 15:03:46
16/s/brpc/g/newtab2_en/facebook.com.pngimage/pngfacebook.com.png200 OKPNG5.5 KB01/30/16 04:46:13
17/s/brpc/g/newtab_rect_en/google.com.jpgimage/jpeggoogle.com.jpg200 OKJPG11.4 KB02/09/16 00:16:18
18/s/brpc/g/newtab2_en/google.com.pngimage/pnggoogle.com.png200 OKPNG4.9 KB02/25/16 15:55:51
20/s/brpc/g/newtab_rect_en/youtube.com.jpgimage/jpegyoutube.com.jpg200 OKJPG12.8 KB03/05/16 15:20:33
21/s/brpc/g/newtab2_en/youtube.com.pngimage/pngyoutube.com.png200 OKPNG7.1 KB03/17/16 19:28:33
24/s/brpc/g/newtab_rect_en/gmail.com.jpgimage/jpeggmail.com.jpg200 OKJPG10.7 KB04/03/16 21:07:48
25/s/brpc/g/newtab2_en/gmail.com.pngimage/pnggmail.com.png200 OKPNG4.5 KB06/04/16 05:45:31
26/s/brpc/g/newtab_rect_en/amazon.com.jpgimage/jpegamazon.com.jpg200 OKJPG8.2 KB06/10/16 20:17:59
27/s/brpc/g/newtab2_en/amazon.com.pngimage/pngamazon.com.png200 OKPNG3.9 KB06/26/16 04:31:19
28/s/brpc/g/newtab_rect_en/twitter.com.jpgimage/jpegtwitter.com.jpg200 OKJPG11.3 KB07/01/16 04:59:37
29/s/brpc/g/newtab2_en/twitter.com.pngimage/pngtwitter.com.png200 OKPNG3.8 KB07/19/16 11:12:25
30/s/brpc/g/newtab_rect_en/yahoo.com.jpgimage/jpegyahoo.com.jpg200 OKJPG8.1 KB07/22/16 05:44:14
31/s/brpc/g/newtab2_en/yahoo.com.pngimage/pngyahoo.com.png200 OKPNG2.1 KB07/31/16 00:21:39
32/s/brpc/g/newtabsearch/google.com.hk.pngimage/pnggoogle.com.hk.png200 OKPNG457.0 B07/30/16 00:41:56
33/s/brpc/g/newtab_rect_en/wikipedia.org.jpgimage/jpegwikipedia.org.jpg200 OKJPG9.7 KB07/31/16 18:34:12
34/s/brpc/g/newtab2_en/wikipedia.org.pngimage/pngwikipedia.org.png200 OKPNG7.3 KB08/16/16 17:48:00
35/s/brpc/g/newtab_rect_en/blogger.com.jpgimage/jpegblogger.com.jpg200 OKJPG10.0 KB08/28/16 22:40:11
36/s/brpc/g/newtab2_en/blogger.com.pngimage/pngblogger.com.png200 OKPNG3.1 KB09/06/16 18:37:41
37/s/brpc/g/newtab_rect_en/pinterest.com.jpgimage/jpegpinterest.com.jpg200 OKJPG14.9 KB09/07/16 16:30:01
38/s/brpc/g/newtab2_en/pinterest.com.pngimage/pngpinterest.com.png200 OKPNG4.5 KB10/04/16 08:03:54
39/s/brpc/g/newtab_rect_en/aliexpress.com.jpgimage/jpegaliexpress.com.jpg200 OKJPG10.8 KB10/10/16 01:03:51
40/s/brpc/g/newtab2_en/aliexpress.com.pngimage/pngaliexpress.com.png200 OKPNG4.6 KB10/13/16 14:14:18

wow.uc.cn    (195.27.31.253:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
11/wow/config/3/visualized_bookmark.jsonapplication/jsonvisualized_bookmark.json200 OKTEXT377.0 B10/17/15 04:35:36
42/biz-data/extensions/uc-nexus/uc-nexus.crxapplication/octet-streamuc-nexus.crx200 OKBINARY774.2 KB05/22/17 07:58:36

uc.ucweb.com    (168.235.194.6:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
12/application/octet-stream12.html200 OKBINARY154.0 B10/27/15 05:35:55

browser.taobao.com    (140.205.164.47:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
15/extensions/update.htm?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=&prodversion=50.0.2661.102&lang=en-US&x=id%3Dhkmogefbfdmboplojeicpibfpcndjjbm%26v%3D0.0.0.0%26uctext/htmlupdate.htm301 Moved PermanentlyHTML286.0 B01/16/16 21:04:53

extensions.uc.cn    (140.205.29.235:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
19/extensions/update.htm?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=&prodversion=50.0.2661.102&lang=en-US&x=id%3Dhdgdpmpallofembldhflnlkcfappghhc%26v%3D0.0.0.0%26uctext/xmlupdate.htm200 OKXML300.0 B02/21/16 20:07:37

wow.ucweb.com    (195.27.31.253:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
22/biz-data/extensions/uc-nexus/update.xml?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=&prodversion=50.0.2661.102&lang=en-US&x=id%3Dpogijhnlcfmcppgimcaccdkmbedjkmhi%26v%3D0.0.0.0%26uctext/xmlupdate.xml200 OKTEXT237.0 B03/28/16 10:05:06
45/i18n/safe_browsing_db/SafeBrowsingDataBase.wowapplication/octet-streamSafeBrowsingDataBase.wow200 OKZIP13.8 MB04/07/16 16:14:12

www.aliexpress.com    (23.38.91.94:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
23/favicon.icoimage/x-iconfavicon.ico200 OKICO1.1 KB05/22/16 10:32:19

img02.taobaocdn.com    (188.254.86.240:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
41/tfscom/TB1XaMbOpXXXXcbXXXXkt0bFXXX.crxtext/plainTB1XaMbOpXXXXcbXXXXkt0bFXXX.crx200 OKBINARY56.5 KB02/05/17 15:53:35

www.download.windowsupdate.com    (13.107.4.50:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
43/msdownload/update/v3/static/trustedr/en/authrootstl.cabapplication/vnd.ms-cab-compressedauthrootstl.cab200 OKCAB49.7 KB04/14/24 02:04:42

tce.alicdn.com    (213.244.178.240:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
44/api/data.htm?ids=243132text/htmldata.htm200 OKTEXT2.3 KB06/19/24 11:30:30

down.up1.uc.cn    (195.27.31.250:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
46/biz-data/extensions/uc-nexus/update.xml?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=&prodversion=50.0.2661.102&lang=en-US&x=id%3Dpogijhnlcfmcppgimcaccdkmbedjkmhi%26v%3D0.7.4%26uctext/xmlupdate.xml200 OKTEXT237.0 B08/20/47 10:35:20

down.up1.uc.cn    (195.27.31.240:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
47/biz-data/extensions/uc-nexus/update.xml?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=&prodversion=50.0.2661.102&lang=en-US&x=id%3Dpogijhnlcfmcppgimcaccdkmbedjkmhi%26v%3D0.7.7%26uctext/xmlupdate.xml200 OKTEXT237.0 B10/10/25 09:36:49