CapTipper Report

CapTipper

Analysis Info

PCAP File	Analysis Time	CapTipper Version	Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-266-1//2017-06-24_win5.pcap	06/24/17 21:30:48	0.2 b10	04/11/81 16:44:50

Flow View

Client Details

IP	192.168.1.115
MAC	08:00:27:38:31:62
USER-AGENT	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Conversations

icanhazip.com (104.20.16.242:80)

ID

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

0

/

text/plain

0.html

200 OK

TEXT

13.0 B

04/11/81 16:44:50

Download
SHA256	57df29ad52e9a11b9ab45d544b103247761f2ee244d85b096e80baa59596cf6d
Referer
Magic	Inconclusive. Probably text (TEXT)
Request	GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Host: icanhazip.com
Response Header	HTTP/1.1 200 OK Date: Tue, 13 Jun 2017 17:52:06 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 13 Connection: keep-alive Set-Cookie: __cfduid=d081d6ffc39c8974c4090bbbc8171e5841497376326; expires=Wed, 13-Jun-18 17:52:06 GMT; path=/; domain=.icanhazip.com; HttpOnly X-SECURITY: This site doesn't distribute malware. Get the facts. https://is.gd/1LWdFz X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq and don't abuse the service. X-BECOME-A-RACKER: If you're reading this, apply here: https://www.rackspace.com/talent/ Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Server: cloudflare-nginx CF-RAY: 36e6e6d773fc7bea-PRG
Response Peek (128 B)	147.32.83.56