CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-336-1//2018-02-23_win10.pcap 02/23/18 19:59:55 0.3 b13 10/26/82 01:51:25

Flow View


Client Details

IP192.168.1.120
MAC08:00:27:82:ad:f3
USER-AGENTNSIS_Inetc (Mozilla)

Conversations

get.ytddownloader.com    (5.79.67.111:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/kits/ytdd/YTDSetup-1956525952.exeapplication/octet-streamYTDSetup.exe200 OKEXE9.8 MB10/26/82 01:51:25
1/kits/ytdd/YTDSetup-1955524512.exeapplication/octet-streamYTDSetup.exe200 OKEXE9.8 MB11/07/82 08:52:05

www.youtubedownloadersite.com    (95.211.187.107:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/images/pixel.gif?action=install&point=start&version=5.9.4&cid=4c324cfd25c9f8f276b682acab85a973&isn=7F26529199DE48FE8FE441861CCA5DD0&kt=ytdd<=0text/htmlpixel.gif200 OK0.0 B03/06/09 02:17:08
3/getcountry.htmltext/htmlgetcountry.html200 OKTEXT2.0 B03/08/09 01:47:19
8/images/pixel.gif?action=install&point=finish&oldver=&version=5.9.4&cid=4c324cfd25c9f8f276b682acab85a973&isn=7F26529199DE48FE8FE441861CCA5DD0&kt=ytdd&br=1<=0text/htmlpixel.gif200 OK0.0 B05/13/77 16:39:12
10/ads/vday/vday-win-bg.gifimage/gifvday-win-bg.gif200 OKGIF7.2 KB08/28/77 08:02:42
11/ads/vday/x.gifimage/gifx.gif200 OKGIF1.1 KB08/28/77 08:05:52
12/ads/vday/vday-win-btn-new.pngimage/pngvday-win-btn-new.png200 OKPNG2.2 KB08/28/77 08:09:22
14/ads/vday/renew.pngimage/pngrenew.png200 OKPNG1.4 KB09/01/77 05:14:58
17/nag/vday/offer_vday.php?av=5.9.4&inst=20180213&kt=ytdd<=30831&ver=5.9.4text/htmloffer_vday.php200 OKHTML4.1 KB09/17/77 03:50:43
18/js/util.jsapplication/x-javascriptutil.js200 OKTEXT7.6 KB09/20/77 00:28:41
23/nag/vday/vday-bg-win.gifimage/gifvday-bg-win.gif200 OKGIF18.9 KB10/08/77 22:11:31

update.freecloudnetwork.com    (174.37.208.213:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/kits/ebres/eb.zip?cnid=107072&kt=ytdd&v=1application/zipeb.zip200 OKEXE649.8 KB03/10/09 08:42:49

www.freecloudnetwork.com    (174.37.208.213:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/kits/EasyBundlingDLL/107072/so.xml?kt=ytdd&wv=6.1&gci=0&rsv=4&dbrw=IEtext/xmlso.xml200 OKTEXT75.0 B12/17/10 22:53:12
6/images/pixel.gif?ct=ebd2.15&ies=1&eo=&cnid=107072&kt=ytdd&isn=12111DD7D84F418B905545C2A4123F53&mv=0image/gifpixel.gif200 OKGIF1.1 KB12/21/10 05:06:47

www.ytddownloader.com    (5.79.67.111:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
7/images/pixel.gif?src=stub&version=5.9.2.1&kt=ytdd&event=run&exit=2text/htmlpixel.gif301 Moved PermanentlyHTML178.0 B09/11/50 10:44:22
9/images/pixel.gif?src=stub&version=5.9.2.1&kt=ytdd&event=run&exit=0text/htmlpixel.gif301 Moved PermanentlyHTML178.0 B06/24/77 19:25:15
15/thankyou.html?isn=7F26529199DE48FE8FE441861CCA5DD0&lang=1033&cid=4c324cfd25c9f8f276b682acab85a973&oldVer=&newVer=5.9.4&kt=ytdd&pv=0text/htmlthankyou.html301 Moved PermanentlyHTML178.0 B09/01/77 14:21:42

www.google-analytics.com    (216.58.201.78:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
13/ga.jstext/javascriptga.js200 OKTEXT16.8 KB08/29/77 16:08:24
25/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=200120918&utmhn=download.ytddownloader.com&utmcs=utf-8&utmsr=819x583&utmvp=763x340&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r22&utmdt=YTD%20Video%20Converter&utmhid=1544129766&utmr=-&utmp=%2Fthankyou.html%3Fisn%3D7F26529199DE48FE8FE441861CCA5DD0%26lang%3D1033%26cid%3D4c324cfd25c9f8f276b682acab85a973%26oldVer%3D%26newVer%3D5.9.4%26kt%3Dytdd%26pv%3D0&utmht=1518539636421&utmac=UA-25210420-2&utmcc=__utma%3D205907846.741798549.1518539636.1518539636.1518539636.1%3B%2B__utmz%3D205907846.1518539636.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1444835398&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~image/gif__utm.gif200 OKGIF35.0 B11/13/77 19:17:52

download.ytddownloader.com    (5.79.67.111:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
16/thankyou.html?isn=7F26529199DE48FE8FE441861CCA5DD0&lang=1033&cid=4c324cfd25c9f8f276b682acab85a973&oldVer=&newVer=5.9.4&kt=ytdd&pv=0text/htmlthankyou.html200 OKHTML4.9 KB09/17/77 03:45:04
20/styles.csstext/cssstyles.css200 OKTEXT29.5 KB09/21/77 16:21:26
22/images/sprite.pngimage/pngsprite.png200 OKPNG222.1 KB10/02/77 13:12:05
24/js/main.jsapplication/x-javascriptmain.js200 OKTEXT2.6 KB11/04/77 11:11:52
28/favicon.icoimage/x-iconfavicon.ico200 OKICO22.0 KB06/10/78 10:39:56

ajax.googleapis.com    (172.217.23.202:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
19/ajax/libs/jquery/1.3.2/jquery.min.jstext/javascriptjquery.min.js200 OKTEXT19.5 KB09/21/77 03:24:31
21/ajax/libs/jquery/1.9.1/jquery.min.jstext/javascriptjquery.min.js200 OKTEXT32.2 KB10/01/77 21:44:53

connect.facebook.net    (31.13.91.6:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
26/en_US/all.jsapplication/x-javascriptall.js200 OKTEXT63.3 KB11/15/77 12:36:29

staticxx.facebook.com    (31.13.91.6:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
27/connect/xd_arbiter/r/lY4eZXm_YWu.js?version=42text/htmllY4eZXm_YWu.js200 OKHTML13.9 KB01/19/78 01:59:35