CapTipper

Analysis Info

PCAP File Analysis Time CapTipper Version Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Normal-18//2017-09-05_capture-win4.pcap 09/05/17 16:26:45 0.3 b13 08/25/20 22:35:18

Flow View


Client Details

IP192.168.1.114
MAC08:00:27:52:f4:11
USER-AGENTMozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Conversations

www.bing.com    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
0/search?q=example+photos+download&src=IE-SearchBox&FORM=IE8SRCtext/htmlsearch200 OKHTML80.3 KB08/25/20 22:35:18
1/sa/simg/sw_nh_common_slim_spyglass.pngimage/pngsw_nh_common_slim_spyglass.png200 OKPNG7.6 KB08/27/20 06:23:01
2/fd/ls/l?IG=928ACE2075B64249A7D71D07415165CC&CID=215D6B0FA1516B7A287261FBA0366A14&Type=Event.CPT&DATA={"pp":{"S":"L","FC":501,"BC":501,"SE":-1,"TC":-1,"H":551,"BP":1062,"CT":1072,"IL":2},"ad":[-1,-1,798,368,1089,496,0]}&P=SERP&DA=Ch1bl204 OK0.0 B08/27/20 22:58:42
3/rms/BingCore.Bundle/cj,nj/0b5cf849/1a2f5baa.js?bu=rms+answers+Shared+BingCore%24ClientInstV2%24DuplicateXlsDefaultConfig%2cBingCore%24ClientInstV2%24SharedLocalStorageConfigDefault%2cBingCore%24shared%2cBingCore%24env.override%2cEmpty%2cBingCore%24event.custom.fix%2cBingCore%24event.native%2cBingCore%24onHTML%2cBingCore%24dom%2cBingCore%24cookies%2cBingCore%24rmsajax%2cBingCore%24ClientInstV2%24LogUploadCapFeatureDisabled%2cBingCore%24ClientInstV2%24ClientInstConfigSeparateOfflineQueue%2cBingCore%24clientinst%2cBingCore%24replay%2cBingCore%24Animation%2cBingCore%24fadeAnimation%2cBingCore%24frameworkapplication/x-javascript1a2f5baa.js200 OKTEXT12.1 KB08/28/20 00:30:03
4/rms/rms%20answers%20Identity%20Blue$BlueIdentityDropdownBootStrap/cj,nj/c0fac2c5/89faaefc.jsapplication/x-javascript89faaefc.js200 OKTEXT1.0 KB08/29/20 04:17:29
5/rms/rms%20answers%20Identity%20Blue$BlueIdentityHeader/cj,nj/0ba28337/c68d5c19.jsapplication/x-javascriptc68d5c19.js200 OKTEXT1.5 KB08/29/20 04:20:16
6/rms/rms%20answers%20Identity%20SnrWindowsLiveConnectBootstrap/cj,nj/bf587ad6/f1d86b5a.jsapplication/x-javascriptf1d86b5a.js200 OKTEXT226.0 B08/29/20 04:20:29
7/rms/rms%20answers%20VisualSystem%20Footer$CookieDomainChange/cj,nj/134262ba/b30d3bde.jsapplication/x-javascriptb30d3bde.js200 OKTEXT363.0 B08/29/20 04:20:59
8/fd/ls/GLinkPing.aspx?IG=928ACE2075B64249A7D71D07415165CC&CID=215D6B0FA1516B7A287261FBA0366A14&&ID=SERP,5017.1&url=%2Fimages%2Fsearch%3Fq%3Dexample%2Bphotos%2Bdownload%26FORM%3DHDRSC2image/gifGLinkPing.aspx200 OKGIF42.0 B08/31/20 03:17:23
9/images/search?q=example+photos+download&FORM=HDRSC2text/htmlsearch200 OKHTML25.0 KB08/31/20 03:22:11
10/rms/MMUtilsBundle/cj,nj/932ffb44/25479ab0.js?bu=rms+answers+Multimedia+Shared%24MMUtils.AjaxRedefine%2cShared%24MMUtils.Definition%2cShared%24MMUtils.Inst%2cShared%24MMUtils.Dom%2cShared%24MMUtils.Style%2cShared%24MMUtils.QueryAndUrl%2cShared%24MMUtils.Eventapplication/x-javascript25479ab0.js200 OKTEXT13.1 KB09/01/20 11:29:10
11/rms/rms%20answers%20Shared%20Feedback$bubble/ic/4907366b/da274d75.pngimage/pngda274d75.png200 OKPNG109.0 B09/02/20 23:47:02
12/sa/simg/sw_mg_l_4d_bo.pngimage/pngsw_mg_l_4d_bo.png200 OKPNG6.1 KB09/02/20 23:47:32
41/fd/ls/l?IG=24CD67F45E5A46DEA9EA8F006DFB384B&Type=Event.CPT&DATA={"pp":{"S":"L","FC":1752,"BC":1752,"SE":-1,"TC":-1,"H":1802,"BP":16273,"CT":16283,"IL":31},"ad":[-1,-1,798,368,990,2034,0]}&P=images&DA=DB5l204 OK0.0 B09/19/20 18:07:28
42/rms/Framework/cj,nj/f0fe13d0/9101d3f2.js?bu=rms+answers+BoxModel+config.instant%2ccore%2ccore%24viewport%2ccore%24layout%2ccore%24metrics%2cmodules%24mutation%2cmodules%24error%2cmodules%24network%2cmodules%24cursor%2cmodules%24keyboard%2cmodules%24botapplication/x-javascript9101d3f2.js200 OKTEXT18.2 KB09/22/20 22:58:41
43/Passport.aspx?popup=1text/htmlPassport.aspx200 OKHTML230.0 B09/28/20 13:47:13
44/fd/ls/lsp.aspxlsp.aspx204 OK0.0 B09/30/20 10:12:28
45/fd/ls/GLinkPing.aspx?IG=24CD67F45E5A46DEA9EA8F006DFB384B&&ID=images,5074.1image/gifGLinkPing.aspx200 OKGIF42.0 B11/01/20 15:07:37
47/search?q=pictures&src=IE-SearchBox&FORM=IE8SRCtext/htmlsearch200 OKHTML91.0 KB02/23/21 03:28:53
48/fd/ls/GLinkPing.aspx?IG=AF9431F0527A49EF935D2342907EC630&&ID=SERP,5017.1&url=%2Fimages%2Fsearch%3Fq%3Dpictures%26FORM%3DHDRSC2image/gifGLinkPing.aspx200 OKGIF42.0 B02/27/21 23:48:17
49/fd/ls/l?IG=AF9431F0527A49EF935D2342907EC630&Type=Event.CPT&DATA={"pp":{"S":"A","FC":591,"BC":591,"SE":-1,"TC":-1,"H":1583,"BP":-1,"CT":2284,"IL":5},"ad":[-1,-1,798,368,1089,496,0]}&P=SERP&DA=Ch1bl204 OK0.0 B02/27/21 23:51:18
50/images/search?q=pictures&FORM=HDRSC2text/htmlsearch200 OKHTML24.0 KB02/27/21 23:56:36
65/fd/ls/GLinkPing.aspx?IG=6689FC6FF799438C8133E3BA7F317F1B&&ID=images,5068.1image/gifGLinkPing.aspx200 OKGIF42.0 B03/08/21 01:53:05
83/fd/ls/l?IG=6689FC6FF799438C8133E3BA7F317F1B&Type=Event.CPT&DATA={"pp":{"S":"L","FC":2163,"BC":2163,"SE":-1,"TC":-1,"H":2203,"BP":15047,"CT":15057,"IL":31},"ad":[-1,-1,798,368,990,2034,0]}&P=images&DA=DB5l204 OK0.0 B03/19/21 06:19:31
85/rms/rms%20answers%20WebResult%20Blue$WebResultToolboxBlue/cj,nj/2ae3e834/f0e4bfe8.jsapplication/x-javascriptf0e4bfe8.js200 OKTEXT1.2 KB08/29/20 04:20:46

tse1.mm.bing.net    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
13/th?id=OIP.xR-LcR8e9TG9e4ykoDEdnQDnEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.1 KB09/03/20 01:17:10
14/th?id=OIP.pQnIjhhh1CNKKznlDi5YEgEsCB&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.5 KB09/03/20 01:17:25
16/th?id=OIP.65wvprUDf2RHYTGsT1blCADbEd&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.4 KB09/03/20 01:18:13
19/th?id=OIP.ZA9l01IK7lSnTxW-HZ4bKgD9Es&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG2.7 KB09/04/20 05:13:08
23/th?id=OIP.LSsBoPOdkuzMhTDLw5QELgDbEc&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.5 KB09/06/20 12:44:24
25/th?id=OIP.j1Q02iHnUNYkndjR3nlHKgEdEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.9 KB09/06/20 12:45:03
29/th?id=OIP.tgrR1-1JdzfuKbohxkl3sADgEW&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.6 KB09/07/20 16:44:44
33/th?id=OIP.Ecnbx9HMwE4CqctZUChCqACeEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG3.7 KB09/13/20 11:37:38
36/th?id=OIP.6YDgb-fHmTn5MkQxIAUEwgEsDH&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.4 KB09/13/20 11:38:29
51/th?id=OIP._3CAX5NUHD7vFpS67IQz9gEsDK&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG6.2 KB03/04/21 08:35:02
54/th?id=OIP.OionJGV_C1yo8qv0ulhe-wEsCo&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.2 KB03/04/21 08:35:52
55/th?id=OIP.8-X7L3jCVfXGkgbjoGyYeQEsDg&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG2.4 KB03/04/21 08:36:08
57/th?id=OIP.I0VQC3hdCuqrDcVGzWG0UAEsEL&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG7.9 KB03/05/21 12:19:14
71/th?id=OIP.C4ZkEZ5EYAtvW9KxVVPU-QDmEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG6.0 KB03/08/21 23:53:22
74/th?id=OIP.nrvotlkuE7UpI4T1FlxjSAEsDP&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.9 KB03/14/21 18:39:40
76/th?id=OIP.PrFEivbxSirjqCuFbmvjSgEsEI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.3 KB03/14/21 18:40:18
78/th?id=OIP.boII9m8Tf61BTejB99W4MQEsDh&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG2.2 KB03/14/21 18:40:57
80/th?id=OIP.DQWSHo22ZZwaLlYHPUC6HADHEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.5 KB03/15/21 22:59:14

tse2.mm.bing.net    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
15/th?id=OIP.JylT1ljA3OGsoiXb3kjquADoEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG3.2 KB09/03/20 01:17:51
24/th?id=OIP.LHjdr-5Y9JNUfrP3zBSWfgDzEA&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.3 KB09/06/20 12:44:50
32/th?id=OIP.s8fTwGaPVHsIB9pBMYZIIgEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG6.8 KB09/13/20 11:37:19
35/th?id=OIP.TDAkCgxaHUlOIQnuozqpXQDnEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.3 KB09/13/20 11:38:13
37/th?id=OIP.Lqzpm7g35N04vYpoNQhRlQEsC6&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG7.5 KB09/14/20 15:52:32
39/th?id=OIP.tnV3CEDcZM9JTres_hP3aAD5D6&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.8 KB09/14/20 15:53:21
52/th?id=OIP.Qrz2RGNSn2veOaEhQ-WIGAFNC7&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.6 KB03/04/21 08:35:19
62/th?id=OIP.AVqvRbIdr11zLTeZnk8q6wEsDH&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG8.8 KB03/07/21 19:54:34
73/th?id=OIP.h6AkzlzrZE5gKGw_RHv-KgDMEy&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.3 KB03/08/21 23:53:57
81/th?id=OIP.KZNGuV5o3KQlnkFNLS9KRwEaEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.4 KB03/15/21 22:59:34

tse4.mm.bing.net    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
17/th?id=OIP.5HgCMW5Oznvazw2gGVbn5QDpEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.4 KB09/04/20 05:12:31
20/th?id=OIP.sBLqPhxPCEDhlWM0DPf4RQDnEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG2.3 KB09/04/20 05:13:31
21/th?id=OIP.4st-7ntcWrcwS-ajSlSlrwEsCC&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.3 KB09/04/20 05:13:52
27/th?id=OIP.oQDCfSZ_vYWno1w4R5N-YAGPCc&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.4 KB09/07/20 16:44:44
28/th?id=OIP.2jKvOCLqp7lyJ5ZtqenI-AEVEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.5 KB09/07/20 16:44:44
30/th?id=OIP.LLgXgWree4TDEKHC8MzdpwDMEy&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.4 KB09/07/20 16:44:44
31/th?id=OIP.-nYH5M5JmctcbyQAztOeDgEgDY&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.6 KB09/07/20 16:44:44
53/th?id=OIP.Y9eN3ePKObF_97I4H6bkOgEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.1 KB03/04/21 08:35:33
61/th?id=OIP.4Eycr7TF0m0zoMuDGWVPFgEsDh&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.9 KB03/07/21 19:54:17
63/th?id=OIP.CiC_odr94JVQeyWINuEhYAEsCo&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG6.2 KB03/07/21 19:54:52
77/th?id=OIP.5-bDsv2e1IplAhEDyrgxYwEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG3.6 KB03/14/21 18:40:38
82/th?id=OIP.jRLrpF4Nrgtwk7pJ7U8hRQEsEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG9.3 KB03/15/21 22:59:52

tse3.mm.bing.net    (204.79.197.200:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
18/th?id=OIP.RU-HqytnGWvD-GoHTzTAEAEMEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.1 KB09/04/20 05:12:50
22/th?id=OIP.xcIgWY-wGyKrne74V8K1JAEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG7.6 KB09/06/20 12:44:09
26/th?id=OIP.bwdEXkTpmKuv_cxC2QPBaADnEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.7 KB09/06/20 12:45:22
34/th?id=OIP.Gb7nFRYtildtz6W9iWZeQQE2DJ&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG8.3 KB09/13/20 11:37:54
38/th?id=OIP.EFU4GZS33bHx5Eyer8fHvQDUEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.1 KB09/14/20 15:52:59
40/th?id=OIP.uICasFr25S6mDF4ml4A1mgDdEZ&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.3 KB09/14/20 15:53:41
56/th?id=OIP.u6C83iI-gEASRcAkU8PusgEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG11.8 KB03/05/21 12:18:56
58/th?id=OIP.fs-p5SHPh_S-t7S9QGiDzgDBEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG5.9 KB03/05/21 12:19:33
59/th?id=OIP.IFstTZjQog2SbZpG6lPOSwEsDh&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG4.9 KB03/05/21 13:12:13
60/th?id=OIP.DVaFFLYhuPXozqhkXljThgEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG6.3 KB03/07/21 19:54:03
64/th?id=OIP.GEyavr6SjivKq9sqsvkGCQEsC5&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG10.7 KB03/07/21 19:55:14
69/th?id=OIP.w8ucqdUJyLLapufmew9stwDVEs&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG3.9 KB03/08/21 23:52:41
70/th?id=OIP.nbKi_JLSubJIJGTX0RRRTQEsDF&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG7.5 KB03/08/21 23:53:05
72/th?id=OIP.DGbl7Rn96ON_37BzPachFQDWEj&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG3.5 KB03/08/21 23:53:40
75/th?id=OIP.N9oHbNPHCp6HNjeqadJcWgEsDI&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG7.5 KB03/14/21 18:40:00
79/th?id=OIP.cprrDY2aaG-_tmnVNE1aLwEsCo&w=230&h=170&rs=1&pcl=dddddd&pid=1.1image/jpegth200 OKJPG10.3 KB03/15/21 22:58:56

webdesign14.com    (162.243.196.186:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
46/wp-content/uploads/2015/03/cv-templates-and-examples-jpplkcdk.pngimage/pngcv-templates-and-examples-jpplkcdk.png200 OKPNG65.7 KB11/02/20 09:09:09
86/favicon.icoimage/vnd.microsoft.iconfavicon.ico200 OK0.0 B11/07/20 23:28:02

www.publicdomainpictures.net    (104.20.44.162:80)
IDURIRESPONSE TYPEFILENAMERESPONSE CODEMAGICSIZETIME
66/pictures/120000/velka/blue-macaw-bird.jpgimage/jpegblue-macaw-bird.jpg200 OKJPG284.6 KB03/08/21 07:10:06
67/favicon.icotext/htmlfavicon.ico302 FoundHTML229.0 B03/08/21 07:10:33
68/error.phptext/htmlerror.php200 OKHTML8.6 KB03/08/21 19:05:26