CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-349-1//2018-05-03_win12.pcap 05/03/18 20:34:11 0.3 b13 03/25/91 01:40:56

Flow View

search.hmyemailsignin.comwww.download.windowsupdate.comwww.proinstall-download.comimp.hmyemailsignin.comwww.easy-download.coClient

Client Details

IP192.168.1.122
MAC08:00:27:12:45:de
USER-AGENTWinWrapper32

Conversations

www.easy-download.co    (174.37.232.236:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/advplatform/api.cgi?act=getConfig&appid=0&pnid=4&proto=2application/jsonapi.cgi200 OKTEXT1.5 KB03/25/91 01:40:56
1/advplatform/4/IES.zipapplication/zipIES.zip200 OKZIP14.1 KB03/31/91 00:01:56
2/advplatform/4/Finish.zipapplication/zipFinish.zip200 OKZIP41.6 KB04/11/91 20:27:12
14/advplatform/api.cgi?act=postStat&proto=2&pnid=4text/plainapi.cgi200 OK0.0 B01/15/95 19:28:39

imp.hmyemailsignin.com    (52.22.47.19:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
3/impression.do?source=%7Bsource%7D_v2-bb9_v2-bb9&sub_id=20180417&adprovider=appfocus84&subid2=8.0.7600.16385&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+2.0.50727)&implementation_id=email_&dfn=My+Email+Signin&domain=hmyemailsignin.com&user_id=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&event=ex_accepted&offer_id=iesimage/pngimpression.do200 OKPNG109.0 B07/09/91 01:46:32

www.proinstall-download.com    (174.37.240.163:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/cgi/adk/iesdl.cgi?source=%7Bsource%7D_v2-bb9_v2-bb9&ie_ver=8.0.7600.16385&ies=h&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+2.0.50727)&implementation_id=email_&appname=My+Email+Signin&domain=hmyemailsignin.com&os_ver=6.1&adprovider=appfocus84&ff_ver=&sln=1&dfn=My+Email+Signin&gc_ver=&appdesc=Search+your+favorite+Email+sites+instantly+from+your+home+and+new+tab+page!&user_id=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&hh=1application/x-msdownload"MyEmailSignin.exe"200 OK0.0 B07/13/91 11:03:05

www.download.windowsupdate.com    (195.113.232.72:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/msdownload/update/v3/static/trustedr/en/authrootstl.cabapplication/vnd.ms-cab-compressedauthrootstl.cab200 OKCAB52.7 KB08/21/94 14:55:50

search.hmyemailsignin.com    (54.225.150.14:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
6/?source=%7Bsource%7D_v2-bb9_v2-bb9&uid=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&uc=20180417&ap=appfocus84&i_id=email__1.30text/html6.html200 OKHTML7.4 KB12/01/94 03:02:40
9/styles/home/email_v3?v=2vdKgAR5fqQtwQineM_a8JAvqqRs3sT_dAnm4T4STFI1text/cssemail_v3200 OKTEXT5.8 KB12/24/94 20:48:44
10/get/js/impression?uc=20180417&ap=appfocus84&source={source}_v2-bb9_v2-bb9&uid=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&i_id=email__1.30text/javascriptimpression200 OKTEXT560.0 B12/24/94 21:07:37
11/scripts/home/common?v=a8R2PuQBZ5drbnqtENTTGUZ7O3HCaItj1lHKzPIYQV01text/javascriptcommon200 OKTEXT57.8 KB12/24/94 21:11:22
13/Content/Home/Email/Sprites/Sprite_Email_V6.pngimage/pngSprite_Email_V6.png200 OKPNG42.1 KB01/12/95 07:27:40
15/favicon.icoimage/x-iconfavicon.ico200 OKICO109.5 KB03/02/95 22:53:03
16/Content/Images/quicklinkIcons/amazonlogo.pngimage/pngamazonlogo.png200 OKPNG16.9 KB03/04/95 04:55:34
17/Content/Images/quicklinkIcons/macyslogo.pngimage/pngmacyslogo.png200 OKPNG16.0 KB03/04/95 05:16:28
18/text/html18.html200 OKGZ2.9 KB01/11/95 21:29:36

imp.hmyemailsignin.com    (52.6.242.12:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
7/impression.do?source=%7Bsource%7D_v2-bb9_v2-bb9&sub_id=20180417&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+2.0.50727)&traffic_source=appfocus84&user_id=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&implementation_id=email__1.30&subid2=8.0.7600.16385&event=ex_set_hpimage/pngimpression.do200 OK0.0 B12/13/94 23:55:53
8/impression.do?source=%7Bsource%7D_v2-bb9_v2-bb9&sub_id=20180417&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+2.0.50727)&traffic_source=appfocus84&user_id=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&implementation_id=email__1.30&subid2=8.0.7600.16385&event=ex_installedimage/pngimpression.do200 OK0.0 B12/16/94 18:16:29
12/impression.do?source=%7Bsource%7D_v2-bb9_v2-bb9&sub_id=20180417&useragent=Mozilla%2F4.0+(compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%3B+SV1%3B+.NET+CLR+2.0.50727)&traffic_source=appfocus84&user_id=63cf5b1a-360d-403b-b94d-1d8805bc0a0b&implementation_id=email__1.30&subid2=8.0.7600.16385&event=ex_executedimage/pngimpression.do200 OK0.0 B12/31/94 09:30:49