https://cyberdefenders.org/blueteam-ctf-challenges/malware-traffic-analysis-3/

Q1: What is the IP address of the infected Windows host?

192.168.137.62

Screenshot 2025-03-12 054555.png

in network miner you can see there is only one windows host

Q2: What is the Exploit kit (EK) name? (two words)

Angler EK

image.png

Upload to PacketTotal

Q3: What is the FQDN that delivered the exploit kit?

qwe.mvdunalterableairreport.net

Screenshot 2025-03-12 055151.png

filter with the victim ip and http we see this weird get requests from qwe.mvdunalterableairreport.net (Ip address: 192.99.198.158) / to make sure export the objects and upload them to virustotal

Q4: What is the redirect URL that points to the exploit kit landing page?

hxxp://lifeinsidedetroit[.]com/02024870e4644b68814aadfbb58a75bc.php?q=e8bd3799ee8799332593b0b9caa1f426

Screenshot 2025-03-12 055507.png

same filter look at the referrer header