Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| yze.t.sogou.com | 119.206.200.180 | |
| ping.t.sogou.com | 211.159.235.216 | |
| yz.app.sogou.com | 119.28.109.132 | |
| img02.sogoucdn.com | 211.152.132.122 | |
| xz.sogou.com | 49.51.65.181 |
- TCP Requests
-
-
192.168.56.101:49210 118.191.216.42:80xz.sogou.com
-
192.168.56.101:49204 118.191.216.57:80xz.sogou.com
-
192.168.56.101:49211 119.206.200.180:80yze.t.sogou.com
-
192.168.56.101:49194 192.168.56.103:2869
-
192.168.56.101:49202 192.168.56.103:5357
-
192.168.56.101:49207 211.152.132.118:443img02.sogoucdn.com
-
192.168.56.101:49209 211.152.132.118:443img02.sogoucdn.com
-
192.168.56.101:49205 211.159.235.216:80ping.t.sogou.com
-
- UDP Requests
-
-
192.168.56.101:54056 164.124.101.2:53
-
192.168.56.101:55450 164.124.101.2:53
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:65329 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:54057 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
192.168.56.101:62449 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
192.168.56.103:1900 192.168.56.101:62445
-
192.168.56.103:3702 192.168.56.101:62449
-
HEAD
200
https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://3.pic.pc6.com/up/2015-8/2015826153155.jpg
REQUEST
RESPONSE
BODY
HEAD /v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://3.pic.pc6.com/up/2015-8/2015826153155.jpg HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: img02.sogoucdn.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Apr 2021 07:41:01 GMT
Content-Type: image/jpeg
Content-Length: 2380
Connection: keep-alive
Server: NWS_Qcloud_Oversea_Static_Mid
Cache-Control: max-age=86400
Expires: Wed, 07 Apr 2021 07:41:00 GMT
Last-Modified: Tue, 06 Apr 2021 06:33:32 GMT
X-NWS-UUID-VERIFY: ad0d0b76babb13c0d849246a7b439a6d
X-NWS-LOG-UUID: cf8b0672-a5f9-4d78-997c-20ac1953ef6b
X-Cache-Lookup: Hit From Disktank3
ETag: 18026b74a4719b9518136c14e48cea1c
X-YunTu-Cache: HIT
X-Yuntu-Trace: hbhly_20_44
X-Yuntu-Trace-Proxy: bjtc_17_92
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Upstream
GET
200
https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://3.pic.pc6.com/up/2015-8/2015826153155.jpg
REQUEST
RESPONSE
BODY
GET /v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://3.pic.pc6.com/up/2015-8/2015826153155.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: img02.sogoucdn.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Apr 2021 07:41:01 GMT
Content-Type: image/jpeg
Content-Length: 2380
Connection: keep-alive
Server: NWS_Qcloud_Oversea_Static_Mid
Cache-Control: max-age=86400
Expires: Wed, 07 Apr 2021 07:41:00 GMT
Last-Modified: Tue, 06 Apr 2021 06:33:32 GMT
X-NWS-UUID-VERIFY: 6823b2b0489bda35528c9f7f347cede8
X-NWS-LOG-UUID: 8f77ac9e-4e30-4d3b-961d-f52b05e506c8
X-Cache-Lookup: Hit From Disktank3
ETag: 18026b74a4719b9518136c14e48cea1c
X-YunTu-Cache: HIT
X-Yuntu-Trace: hbhly_20_44
X-Yuntu-Trace-Proxy: bjtc_17_92
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Upstream
GET
200
http://yz.app.sogou.com/appinfo?num=22236
REQUEST
RESPONSE
BODY
GET /appinfo?num=22236 HTTP/1.1
User-Agent: HttpDownload
Host: yz.app.sogou.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Apr 2021 07:41:00 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=KR; expires=Wed, 06-Apr-22 07:41:00 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: SUID=9686D0AFED18A00A00000000606C108C; expires=Mon, 01-Apr-2041 07:41:00 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GET
200
http://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=xsCGk!CWs9I2rT9N79KjMx0000o60f--&unc=sogousoftware_normal&t=10&rand=1617697427
REQUEST
RESPONSE
BODY
GET /pingd?srctype=sogousoftware&gid=xsCGk!CWs9I2rT9N79KjMx0000o60f--&unc=sogousoftware_normal&t=10&rand=1617697427 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=KR; SUID=9686D0AFED18A00A00000000606C108C
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Apr 2021 07:41:00 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
GET
200
http://xz.sogou.com/handleUserIdDb256?userid=85c9aa53e9ba709b026f72711c9b93c2&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend
REQUEST
RESPONSE
BODY
GET /handleUserIdDb256?userid=85c9aa53e9ba709b026f72711c9b93c2&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend HTTP/1.1
User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=KR; SUID=9686D0AFED18A00A00000000606C108C
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Apr 2021 07:41:01 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: usid=9686D0AFE811A00A00000000606C108D; expires=Wed, 06-Apr-22 07:41:01 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GET
200
http://yze.t.sogou.com/externalapp/3.2.2.58/SogouSoftwareExternalApp.exe
REQUEST
RESPONSE
BODY
GET /externalapp/3.2.2.58/SogouSoftwareExternalApp.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: yze.t.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=KR; SUID=9686D0AFED18A00A00000000606C108C; usid=9686D0AFE811A00A00000000606C108D
HTTP/1.1 200 OK
Date: Tue, 06 Apr 2021 07:41:01 GMT
Content-Type: application/octet-stream
Content-Length: 12435040
Connection: keep-alive
ETag: "1939545478"
Accept-Ranges: bytes
Last-Modified: Mon, 12 Dec 2016 13:03:15 GMT
Server: WS CDN Server
Age: 2332209
X-Via: 1.1 PSfjqzdxsq151:5 (Cdn Cache Server V2.0)[7 200 0], 1.1 PShgseSEL5ps83:3 (Cdn Cache Server V2.0)[0 200 0]
X-Ws-Request-Id: 606c108d_PShgseSEL5ps83_65423-15249
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts