Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| yze.t.sogou.com | 119.206.200.180 | |
| ping.t.sogou.com | 211.159.235.216 | |
| yz.app.sogou.com | 119.28.109.132 | |
| img02.sogoucdn.com | 211.152.132.122 | |
| xz.sogou.com | 118.191.216.57 |
- TCP Requests
-
-
192.168.56.102:49809 118.191.216.57:80xz.sogou.com
-
192.168.56.102:49814 118.191.216.57:80xz.sogou.com
-
192.168.56.102:49815 119.206.200.180:80yze.t.sogou.com
-
192.168.56.102:49797 172.217.25.14:443
-
192.168.56.102:49812 211.152.132.122:443img02.sogoucdn.com
-
192.168.56.102:49813 211.152.132.122:443img02.sogoucdn.com
-
192.168.56.102:49810 211.159.235.216:80ping.t.sogou.com
-
- UDP Requests
-
-
192.168.56.102:50839 164.124.101.2:53
-
192.168.56.102:54660 164.124.101.2:53
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:61459 164.124.101.2:53
-
192.168.56.102:61998 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:61999 239.255.255.250:3702
-
HEAD
200
https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png
REQUEST
RESPONSE
BODY
HEAD /v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: img02.sogoucdn.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 05:49:39 GMT
Content-Type: image/jpeg
Content-Length: 6870
Connection: keep-alive
Server: NWS_Qcloud_Oversea_StaticML_L3I1
Cache-Control: max-age=86400
Expires: Thu, 08 Apr 2021 05:49:38 GMT
Last-Modified: Tue, 06 Apr 2021 20:48:56 GMT
X-NWS-UUID-VERIFY: 08a226bce47fac5e79357c03f0bbff57
X-NWS-LOG-UUID: a02a4ae5-c873-4815-96b2-66d7770f9bc7
X-Cache-Lookup: Hit From Disktank3
ETag: 0aa2c94167b8cadb0b0ab9e713638c55
X-YunTu-Cache: HIT
X-Yuntu-Trace: hbhly_83_78
X-Yuntu-Trace-Proxy: hbhly_80_109
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Daa-Tunnel: hop_count=2
X-Cache-Lookup: Hit From Upstream
X-Cache-Lookup: Hit From Upstream
GET
200
https://img02.sogoucdn.com/v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png
REQUEST
RESPONSE
BODY
GET /v2/thumb/retype/ext/jpg/cls/imagick?appid=200504&url=http://dl.app.sogou.com/pc_logo/-9210862937994770673.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: img02.sogoucdn.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 05:49:39 GMT
Content-Type: image/jpeg
Content-Length: 6870
Connection: keep-alive
Server: NWS_Qcloud_Oversea_StaticML_L3I1
Cache-Control: max-age=86400
Expires: Thu, 08 Apr 2021 05:49:38 GMT
Last-Modified: Tue, 06 Apr 2021 20:48:56 GMT
X-NWS-UUID-VERIFY: d45148f1d9e8f32ed7eb5068a6acf1b5
X-NWS-LOG-UUID: fd8380fd-69cb-41ae-ae12-9792b8c4f535
X-Cache-Lookup: Hit From Disktank3
ETag: 0aa2c94167b8cadb0b0ab9e713638c55
X-YunTu-Cache: HIT
X-Yuntu-Trace: hbhly_83_78
X-Yuntu-Trace-Proxy: hbhly_80_109
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Daa-Tunnel: hop_count=2
X-Cache-Lookup: Hit From Upstream
X-Cache-Lookup: Hit From Upstream
GET
200
http://yz.app.sogou.com/appinfo?num=7187
REQUEST
RESPONSE
BODY
GET /appinfo?num=7187 HTTP/1.1
User-Agent: HttpDownload
Host: yz.app.sogou.com
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Apr 2021 05:49:38 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=KR; expires=Thu, 07-Apr-22 05:49:38 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: SUID=9686D0AF6F3E990A00000000606D47F2; expires=Tue, 02-Apr-2041 05:49:38 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GET
200
http://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=ajPvVhluZC6COd4TfDjHgh0000o60f--&unc=sogousoftware_normal&t=10&rand=1617785359
REQUEST
RESPONSE
BODY
GET /pingd?srctype=sogousoftware&gid=ajPvVhluZC6COd4TfDjHgh0000o60f--&unc=sogousoftware_normal&t=10&rand=1617785359 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=KR; SUID=9686D0AF6F3E990A00000000606D47F2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Apr 2021 05:49:39 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
GET
200
http://xz.sogou.com/handleUserIdDb256?userid=293cdfe5155ef661a6c8d1373e74eb41&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend
REQUEST
RESPONSE
BODY
GET /handleUserIdDb256?userid=293cdfe5155ef661a6c8d1373e74eb41&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend HTTP/1.1
User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=KR; SUID=9686D0AF6F3E990A00000000606D47F2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Apr 2021 05:49:40 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: usid=9686D0AFE811A00A00000000606D47F4; expires=Thu, 07-Apr-22 05:49:40 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
GET
200
http://yze.t.sogou.com/externalapp/3.2.2.58/SogouSoftwareExternalApp.exe
REQUEST
RESPONSE
BODY
GET /externalapp/3.2.2.58/SogouSoftwareExternalApp.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; .NET4.0C; .NET4.0E)
Host: yze.t.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=KR; SUID=9686D0AF6F3E990A00000000606D47F2; usid=9686D0AFE811A00A00000000606D47F4
HTTP/1.1 200 OK
Date: Wed, 07 Apr 2021 05:49:40 GMT
Content-Type: application/octet-stream
Content-Length: 12435040
Connection: keep-alive
ETag: "1939545478"
Accept-Ranges: bytes
Last-Modified: Mon, 12 Dec 2016 13:03:15 GMT
Server: WS CDN Server
Age: 2411928
X-Via: 1.1 PSfjqzdxsq151:5 (Cdn Cache Server V2.0)[7 200 0], 1.1 PShgseSEL5ps83:3 (Cdn Cache Server V2.0)[1 200 0]
X-Ws-Request-Id: 606d47f4_PShgseSEL5ps83_664-53774
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts