Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| firas.alifares.org | 69.10.38.126 |
- UDP Requests
-
-
192.168.56.102:57660 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:56752 239.255.255.250:1900
-
192.168.56.102:56754 239.255.255.250:3702
-
192.168.56.102:56756 239.255.255.250:3702
-
192.168.56.102:56758 239.255.255.250:3702
-
GET
200
http://firas.alifares.org/jihad/3.txt
REQUEST
RESPONSE
BODY
GET /jihad/3.txt HTTP/1.1
Host: firas.alifares.org
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/plain
Last-Modified: Tue, 20 Apr 2021 08:55:03 GMT
Accept-Ranges: bytes
Content-Length: 3751
Date: Thu, 29 Apr 2021 00:25:18 GMT
Server: LiteSpeed
GET
200
http://firas.alifares.org/defender/11.txt
REQUEST
RESPONSE
BODY
GET /defender/11.txt HTTP/1.1
Host: firas.alifares.org
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/plain
Last-Modified: Sat, 17 Apr 2021 21:41:22 GMT
Accept-Ranges: bytes
Content-Length: 1078
Date: Thu, 29 Apr 2021 00:25:35 GMT
Server: LiteSpeed
GET
200
http://firas.alifares.org/defender/ss.vbs
REQUEST
RESPONSE
BODY
GET /defender/ss.vbs HTTP/1.1
Host: firas.alifares.org
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/vbscript
Last-Modified: Sat, 17 Apr 2021 21:39:13 GMT
Accept-Ranges: bytes
Content-Length: 166
Date: Thu, 29 Apr 2021 00:25:35 GMT
Server: LiteSpeed
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 69.10.38.126:80 -> 192.168.56.102:49817 | 2026994 | ET INFO PowerShell DownloadFile Command Common In Powershell Stagers | A Network Trojan was detected |
| TCP 69.10.38.126:80 -> 192.168.56.102:49819 | 2026994 | ET INFO PowerShell DownloadFile Command Common In Powershell Stagers | A Network Trojan was detected |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts