https://cyberdefenders.org/blueteam-ctf-challenges/malware-traffic-analysis-1/

Q1: IP address of the infected Windows VM → 172.16.165.165

the only private ip connects to the internet / also if you look at hosts in network miner you find that its the only host identified as windows machine

Q2: What is the hostname of the Windows VM that gets infected?

K34EN6W3N-PC

Based on DHCP traffic we can identify machine info / filter with bootp

Open DHCP Request packet and expand the section Dynamic Host Configuration Protocol (Request) and then expand Option Host Name.

Q3: IP address of the compromised website → 82.150.140.30

“compromised website” so we look with http/https communication between the infected machine and a website

Q4: IP address of the server delivering the exploit kit & malware → 37.200.69.143

We see this JS code is redirecting users to http://24corp-shop.com