CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-333-1//2017-08-30_capture-win3.pcap 02/14/18 16:28:48 0.3 b13 07/12/70 20:09:41

Flow View


Client Details

IP192.168.1.113
MAC08:00:27:11:4e:fa
USER-AGENTMicrosoft NCSI

Conversations

www.msftncsi.com    (195.113.232.75:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/ncsi.txttext/plainncsi.txt200 OKTEXT14.0 B07/12/70 20:09:41

dlg-configs.buzzrin.de    (23.102.60.206:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/text/html1.html200 OK0.0 B07/05/86 05:30:56
2/config-from-productiontext/plainconfig-from-production200 OKTEXT8.2 KB07/06/86 22:45:10

dlg-messages.buzzrin.de    (104.45.146.238:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
3/1/dg/3text/html3200 OK0.0 B07/10/86 18:58:38

az687722.vo.msecnd.net    (93.184.221.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/base.zipapplication/octet-streambase.zip200 OKZIP33.7 KB07/11/86 09:58:42
5/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/chip-eu-flow-5-text-en-us.zipapplication/octet-streamchip-eu-flow-5-text-en-us.zip200 OKZIP46.1 KB07/11/86 12:08:24
6/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/progress.zipapplication/octet-streamprogress.zip200 OKZIP83.8 KB07/12/86 06:58:15
7/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/my-pc-backup-single-avira-en-us.zipapplication/octet-streammy-pc-backup-single-avira-en-us.zip200 OKZIP44.4 KB07/12/86 15:10:52
8/public-source/downloadguide/chip-eu/1.0/cz/campaigns/product+website/ui/last.zipapplication/octet-streamlast.zip200 OKZIP37.0 KB07/13/86 00:26:57

random.backupcdn.com    (94.31.29.41:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
9/aff_setup.exeapplication/octet-streamaff_setup.exe200 OKEXE146.3 KB09/16/86 21:26:15

track.backupgrid.net    (107.178.241.106:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
10/?partner_id=1&hash=e05ef70d&tid=none&dl=MyPCBackup_ppi_Setup.exetext/html10.html302 FoundTEXT2.0 B09/23/86 07:08:29

link.mypcbackup.com    (107.178.247.140:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
11/55ef21d7a2fe9/download_ppi/none?installer=MyPCBackup_ppi_Setup.exetext/htmlnone301 Moved PermanentlyHTML444.0 B09/29/86 02:20:33

cdn.backupgrid.net    (94.31.29.41:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
12/MyPCBackup_ppi_Setup.exeapplication/octet-streamMyPCBackup_ppi_Setup.exe200 OKEXE2.0 MB10/01/86 09:51:17

ceu-hosting.upload.de    (148.251.236.184:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
13/2/8/7/6/5/4/ftppad.exeapplication/octet-streamftppad.exe200 OKEXE570.1 KB12/01/86 19:32:10

download.chip.eu    (148.251.236.185:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
14/thank-you/text/html14.html301 Moved PermanentlyHTML178.0 B06/12/87 05:16:32

loadion.com    (148.251.236.185:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
15/thank-you/text/html15.html200 OKTEXT2.1 KB06/15/87 21:42:49
16/thank-you/css/bootstrap.min.csstext/cssbootstrap.min.css200 OKTEXT18.3 KB06/21/87 18:50:57
17/thank-you/fonts/glyphicons-halflings-regular.eot?application/vnd.ms-fontobjectglyphicons-halflings-regular.eot200 OKBINARY19.9 KB06/29/87 01:20:54
20/thank-you/img/logo.gifimage/giflogo.gif200 OKGIF2.1 KB10/30/88 14:23:16
24/thank-you/js/bootstrap.min.jsapplication/javascriptbootstrap.min.js200 OKTEXT9.2 KB11/09/88 13:10:00
27/favicon.icoimage/vnd.microsoft.iconfavicon.ico200 OKICO1.1 KB12/07/88 07:45:50

pagead2.googlesyndication.com    (172.217.23.226:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
18/pagead/show_ads.jstext/javascript"f.txt"200 OKTEXT17.3 KB07/01/87 09:01:47

www.download.windowsupdate.com    (13.107.4.50:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
19/msdownload/update/v3/static/trustedr/en/authrootstl.cabapplication/octet-streamauthrootstl.cab200 OKCAB51.7 KB10/24/88 02:50:15

www.google-analytics.com    (216.58.201.78:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
21/analytics.jstext/javascriptanalytics.js200 OKTEXT13.2 KB10/31/88 20:45:39
23/r/collect?v=1&_v=j60&a=893381501&t=pageview&_s=1&dl=http%3A%2F%2Floadion.com%2Fthank-you%2F&ul=en-us&de=utf-8&dt=Thank%20you%20-%20Chip%20eu&sd=32-bit&sr=819x583&vp=798x385&je=0&fl=10.0%20r22&_u=IEBAAEAAI~&jid=460389671&gjid=2035003036&cid=1631908147.1504097171&tid=UA-5933463-18&_gid=1057807712.1504097171&_r=1&z=2048598531text/htmlcollect302 FoundHTML419.0 B11/09/88 02:03:07
26/collect?v=1&_v=j60&a=1022892489&t=pageview&_s=1&dl=http%3A%2F%2Floadion.com%2Fthank-you%2F&ul=en-us&de=utf-8&dt=Thank%20you%20-%20Chip%20eu&sd=32-bit&sr=819x583&vp=780x380&je=0&fl=10.0%20r22&_u=AACAAEAAI~&jid=&gjid=&cid=1631908147.1504097171&tid=UA-5933463-18&_gid=1057807712.1504097171&z=1822708757image/gifcollect200 OKGIF35.0 B11/20/88 11:08:41

pagead2.googlesyndication.com    (216.58.201.66:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
22/pagead/js/r20170828/r20170110/show_ads_impl.jstext/javascript"f.txt"200 OKTEXT69.2 KB11/03/88 08:47:34

www.googleadservices.com    (216.58.201.66:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
25/pagead/conversion.jstext/javascript"f.txt"200 OKTEXT5.1 KB11/12/88 16:47:17

192.168.1.168:8008    (192.168.1.168:8008)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
28/ssdp/device-desc.xmlapplication/xmldevice-desc.xml200 OKXML1.1 KB08/12/28 02:54:18

192.168.1.173    (192.168.1.173:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
29/text/html29.html200 OKHTML104.0 B06/06/34 09:27:22
30/favicon.icotext/htmlfavicon.ico200 OKHTML104.0 B06/08/34 22:00:23
31/eyvktext/xmleyvk207 Multi-Status0.0 B08/21/34 06:26:53