CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/Dataset/Botnet-Capture/beingAnalyzedAndPublished/CTU-Malware-Capture-Botnet-48//botnet-capture-20110816-sogou.pcap 05/14/15 12:09:56 0.2 b10 08/16/11 11:56:25

Flow View

files.sogou.comjavadl-esd.sun.comconfig.ie.sogou.compb.sogou.comabc.ie.sogou.comi.sogou.com123.ie.sogou.comping.ie.sogou.comie.sogou.comwww.google.cnconfig.acc.sogou.comwww.baidu.comping.ie.sogou.comClient

Client Details

IP147.32.84.165
MAC08:00:27:b5:b7:19
USER-AGENTMozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Conversations

ping.ie.sogou.com    (61.135.188.210:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/ie.png?15DF37%7nEe7r5sC6A20%982184F.005.D43.%1hD632%%v66321%24DE39%3rBFA34%Bf1iFg3.Ah2cCr3a3esie.png0.0 B08/16/11 11:56:25
14/ie.png?D23%%8l1r4u.y0t.r4a.p1dDr3i%hvt6622%%4DE39%3rBeAn4eBp1oF632A%20CD333%5eFp7y7tEs7s5eCcAo0r9p2682F%015DD33%%thr6a2t%s6f3s1s2eDc3o%rrpF632%%f1iDg3.%peusturfa6tsimage/pngie.png404 Not Found0.0 B08/16/11 11:56:37
19/ie.png?02D%30%Dn3i%gsowlp6u2o%602D%31%Dr3a%BerpdydtAemgoarpFbiavtanNe6p2o%602D%30%Dt3n%enceepRomtorraFtisv6a2N%602D%30%Dc3v%6k2c%i0lDC3l%bcDwm6o2r%Fmiovca.Nu6o2g%o0sD.3e%it.r3a2t1SFs2s%eFc2o%rAP3r%ephtttOhmDo3r%FeigvaapNe6m2o%h06D23%%1bDa3T%woerNbmfoerdF6i2v%a1ND632%%r0aDb3v%aefm6o2H%m1oDr3F%irvaabNv6m26%20%D03D%3c%geml6y2t%s0rDd3d%ac6v2e%602D%31%De3d%oemdeogmappu6622%%801D43.%0r.a4e.l1cDt3i%xve6622%%40ED933%BnAe4pBo1rFd3dAa26C23%315DF37%7nEe7p5oCgAa0r9d2682F%005DD33%%nhe6p2o%k6c3i1l2cD632%%r1FD33%%fnirga.wttriaxtes6fimage/pngie.png404 Not Found0.0 B08/16/11 11:56:38
73/sogoubrowser?r=2136&h=50F8290AC57E77F533C2A3F1B4AB39E4&v=1.4.0.418&iebegin=1&s=1image/pngsogoubrowser404 Not Found0.0 B08/16/11 11:56:49
76/pv.GIF?t=1313495815195989&u=1313495815195989&r=&pl=http://ie.sogou.com/features.html&load=451&onloadtime=20650image/pngpv.GIF404 Not Found0.0 B08/16/11 11:56:55
84/sogoubrowser?r=2136&h=50F8290AC57E77F533C2A3F1B4AB39E4&v=1.4.0.418&dltm=205&dlbts=16578616&ieend=dlok&s=1image/pngsogoubrowser404 Not Found0.0 B08/16/11 12:00:18

ping.ie.sogou.com    (61.135.188.212:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
1/ie.png?eDm3o%hengsampDe3m%orha6622%%861D43.%0r.e4v.p16D23%%evi6D23%%4dEr9p3FB3A%4lBl1dF.3rAi2dCe3r3F52F%7i7pEa7s5iCFA20%9m2o8cF.0t5fDo3s%ohr6c2i%m6.3w1w2wDF32%%rFF23%%Af3i%gp.tttshniimage/pngie.png404 Not Found0.0 B08/16/11 11:56:25

www.baidu.com    (220.181.111.147:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
2/favicon.icoimage/x-iconfavicon.ico200 OKICO318.0 B08/16/11 11:56:33

config.acc.sogou.com    (61.135.188.157:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
3/acc/SEacc_refresh_pattern.php?version=1.0.0.15text/htmlSEacc_refresh_pattern.php200 OKTEXT51.0 B08/16/11 11:56:33

www.google.cn    (209.85.149.160:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
4/favicon.ico(2)image/x-iconfavicon.ico(2)200 OKICO1.1 KB08/16/11 11:56:33

ie.sogou.com    (123.126.51.33:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
5/features.htmltext/htmlfeatures.html200 OKHTML11.1 KB08/16/11 11:56:33
6/favicon.ico(3)image/x-iconfavicon.ico(3)200 OKICO1.1 KB08/16/11 11:56:34
8/images_index_1_4/d2.jpgimage/jpegd2.jpg200 OKJPG6.5 KB08/16/11 11:56:34
9/images_tx/home.jpgimage/jpeghome.jpg200 OKJPG2.1 KB08/16/11 11:56:35
10/images_index_1_4/new.gifimage/gifnew.gif200 OKGIF767.0 B08/16/11 11:56:35
11/images_index_1_4/d5.jpgimage/jpegd5.jpg200 OKJPG9.2 KB08/16/11 11:56:35
13/images_index_1_4/d3.jpgimage/jpegd3.jpg200 OKJPG5.4 KB08/16/11 11:56:35
15/images_tx/logo.jpgimage/jpeglogo.jpg200 OKJPG5.7 KB08/16/11 11:56:35
17/images_index_1_4/d4.jpgimage/jpegd4.jpg200 OKJPG8.5 KB08/16/11 11:56:35
20/images_index_1_4/d1.jpgimage/jpegd1.jpg200 OKJPG3.8 KB08/16/11 11:56:37
32/images_index_1_4/d6.jpgimage/jpegd6.jpg200 OKJPG9.4 KB08/16/11 11:56:37
43/images_index_1_4/des.jpgimage/jpegdes.jpg200 OKJPG38.5 KB08/16/11 11:56:36
46/images_index_1_4/zhanghu.jpgimage/jpegzhanghu.jpg200 OKJPG25.4 KB08/16/11 11:56:38
49/images_tx/main1.jpgimage/jpegmain1.jpg200 OKJPG37.7 KB08/16/11 11:56:37
52/images_index_1_4/buka.gifimage/gifbuka.gif200 OKGIF20.5 KB08/16/11 11:56:41
53/images_tx/topbg.jpgimage/jpegtopbg.jpg200 OKJPG412.0 B08/16/11 11:56:35
61/images_tx/main2.jpgimage/jpegmain2.jpg200 OKJPG36.8 KB08/16/11 11:56:38
63/images_tx/footerbg.jpgimage/jpegfooterbg.jpg200 OKJPG311.0 B08/16/11 11:56:45
65/images_index_1_4/sousuo.gifimage/gifsousuo.gif200 OKGIF20.2 KB08/16/11 11:56:44
66/images_index_1_4/win7.jpgimage/jpegwin7.jpg200 OKJPG30.4 KB08/16/11 11:56:44
67/images_index_1_4/shipin.jpgimage/jpegshipin.jpg200 OKJPG31.9 KB08/16/11 11:56:43
68/images_index_1_4/jiasu.gifimage/gifjiasu.gif200 OKGIF30.6 KB08/16/11 11:56:43
74/images_index_1_4/tese.jpgimage/jpegtese.jpg200 OKJPG37.0 KB08/16/11 11:56:44

123.ie.sogou.com    (123.126.51.33:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
7/?t=1&s=2&m=50F8290AC57E77F533C2A3F1B4AB39E4text/html7.html200 OKHTML8.8 KB08/16/11 11:56:33
12/index_v23.css?V=201108151717text/cssindex_v23.css200 OKTEXT8.8 KB08/16/11 11:56:34
16/css3to1/skin_.css?V=201108151717text/cssskin_.css200 OKTEXT41.0 B08/16/11 11:56:37
18/images/bodybg.jpgimage/jpegbodybg.jpg200 OKJPG1.2 KB08/16/11 11:56:38
21/images/search_boxbg.gifimage/gifsearch_boxbg.gif200 OKGIF1.4 KB08/16/11 11:56:38
23/images/search_btn_2.pngimage/pngsearch_btn_2.png200 OKPNG3.6 KB08/16/11 11:56:38
24/images/logo_100901.gifimage/giflogo_100901.gif200 OKGIF5.2 KB08/16/11 11:56:38
25/images/tbodybg.jpgimage/jpegtbodybg.jpg200 OKJPG8.1 KB08/16/11 11:56:38
26/images/search_arrow.gifimage/gifsearch_arrow.gif200 OKGIF447.0 B08/16/11 11:56:39
27/images/titlebg.gifimage/giftitlebg.gif200 OKGIF190.0 B08/16/11 11:56:40
28/images/sync_icon.gifimage/gifsync_icon.gif200 OKGIF1.4 KB08/16/11 11:56:40
30/images/login_btn.jpgimage/jpeglogin_btn.jpg200 OKJPG2.6 KB08/16/11 11:56:40
31/images/sw/emule.gifimage/gifemule.gif200 OKGIF1.1 KB08/16/11 11:56:40
33/images/tab.gifimage/giftab.gif200 OKGIF838.0 B08/16/11 11:56:38
34/images/sw/ru.jpgimage/jpegru.jpg200 OKJPG9.3 KB08/16/11 11:56:41
35/images/sw/qudong.gifimage/gifqudong.gif200 OKGIF1.1 KB08/16/11 11:56:41
36/index_v23_1.js?V=201108151717application/x-javascriptindex_v23_1.js200 OKTEXT26.6 KB08/16/11 11:56:38
37/images/sw/flashplayer.gifimage/gifflashplayer.gif200 OKGIF320.0 B08/16/11 11:56:42
38/images/sw/jinshan.gifimage/gifjinshan.gif200 OKGIF1.1 KB08/16/11 11:56:42
39/images/sw/acdsee.gifimage/gifacdsee.gif200 OKGIF604.0 B08/16/11 11:56:42
40/images/sw/more.gifimage/gifmore.gif200 OKGIF387.0 B08/16/11 11:56:42
41/images/sw/ico2.gifimage/gifico2.gif200 OKGIF26.9 KB08/16/11 11:56:41
42/images/shopping/searchbtn.gifimage/gifsearchbtn.gif200 OKGIF479.0 B08/16/11 11:56:42
44/static/gouwu/images/newicon.gifimage/gifnewicon.gif200 OKGIF73.0 B08/16/11 11:56:42
45/images/shopping/taobao.gifimage/giftaobao.gif200 OKGIF1.2 KB08/16/11 11:56:42
47/images/shopping/m18.gifimage/gifm18.gif200 OKGIF1.2 KB08/16/11 11:56:43
48/images/shopping/taobaologo.gifimage/giftaobaologo.gif200 OKGIF2.9 KB08/16/11 11:56:43
50/images/center_sb.gifimage/gifcenter_sb.gif200 OKGIF1.8 KB08/16/11 11:56:43
51/images/shopping/360buy.gifimage/gif360buy.gif200 OKGIF14.5 KB08/16/11 11:56:42
54/images/sw/ico1.gifimage/gifico1.gif200 OKGIF21.0 KB08/16/11 11:56:40
55/images/center_tb.gifimage/gifcenter_tb.gif200 OKGIF1.2 KB08/16/11 11:56:44
56/images/weather/fine.gifimage/giffine.gif200 OKGIF1.9 KB08/16/11 11:56:44
57/images/search_100722.gifimage/gifsearch_100722.gif200 OKGIF10.7 KB08/16/11 11:56:39
58/images/zx_del.gifimage/gifzx_del.gif200 OKGIF605.0 B08/16/11 11:56:44
59/images/setting_icon.gifimage/gifsetting_icon.gif200 OKGIF76.0 B08/16/11 11:56:44
60/images/shopping/query.gifimage/gifquery.gif200 OKGIF559.0 B08/16/11 11:56:43
62/images/weather/thundery.gifimage/gifthundery.gif200 OKGIF1.5 KB08/16/11 11:56:44
69/index_v23_2.js?V=201108151717application/x-javascriptindex_v23_2.js200 OKTEXT28.2 KB08/16/11 11:56:45
70/images/shopping/dangdang.gifimage/gifdangdang.gif200 OKGIF14.0 KB08/16/11 11:56:43
71/js3to1/sugg_ajaj_index.js?V=201108151717application/x-javascriptsugg_ajaj_index.js200 OKTEXT5.0 KB08/16/11 11:56:49
72/images/entry_bg_add.gifimage/gifentry_bg_add.gif200 OKGIF1.6 KB08/16/11 11:56:49
75/js3to1/citydata.js?V=201108151717application/x-javascriptcitydata.js200 OKTEXT20.0 KB08/16/11 11:56:49
78/images/save_btn0.gifimage/gifsave_btn0.gif200 OKGIF2.0 KB08/16/11 11:59:52
79/images/add1.icotext/plainadd1.ico200 OKICO2.5 KB08/16/11 11:59:52
80/images/sync_loading.gifimage/gifsync_loading.gif200 OKGIF701.0 B08/16/11 11:59:52
81/images/set_over_btn.gifimage/gifset_over_btn.gif200 OKGIF2.7 KB08/16/11 11:59:52
82/images/entry_set_close.gifimage/gifentry_set_close.gif200 OKGIF113.0 B08/16/11 11:59:52

i.sogou.com    (123.126.51.64:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
22/getentry.php?m=50F8290AC57E77F533C2A3F1B4AB39E4&from=mysql&city=unknown&method=ajaj&newzx=1&c=1313495798140&cbid=cb_1text/javascriptgetentry.php200 OKTEXT1.2 KB08/16/11 11:56:38

abc.ie.sogou.com    (123.126.51.65:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
29/indexbody_v23.js?v=201108151717&cbid=indexbodyapplication/x-javascriptindexbody_v23.js200 OKTEXT13.4 KB08/16/11 11:56:38

config.ie.sogou.com    (61.135.188.210:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
64/version_sogoubrowser.txt?r=2136&h=50F8290AC57E77F533C2A3F1B4AB39E4&v=1.4.0.418&s=1&sf=1&IE=6.0.2900.2180text/plainversion_sogoubrowser.txt200 OKTEXT291.0 B08/16/11 11:56:45

javadl-esd.sun.com    (195.113.232.73:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
77/update/1.6.0/map-1.6.0.xmlapplication/xmlmap-1.6.0.xml200 OKXML4.1 KB08/16/11 11:58:13

files.sogou.com    (218.29.42.137:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
83/sogou_explorer_upgrade_2.2.0.2070.exe?r=2136&h=50F8290AC57E77F533C2A3F1B4AB39E4&v=1.4.0.418application/octet-streamsogou_explorer_upgrade_2.2.0.2070.exe200 OKEXE3.2 MB08/16/11 11:56:55

pb.sogou.com    (123.126.51.57:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
85/cl.gif?uigs_productid=iportal&rdk=1313495809837308&pars=sp%3A123%091%09pv%09123%09500%094526%09g_z%3Ae_z%3Ai_0x%3Am_0%3Ab_0x%3Az_0%3As_0%3At_2_sogou%3Av_ie6_621_621_621%09none%09-%09-image/gifcl.gif200 OK0.0 B08/16/11 11:56:51