Report - 178.20.190.162:3000/WorldClient.dll

Report Overview

Visitedpublic

2024-12-29 19:02:35

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
178.20.190.162	unknown	unknown	No data	No data	4.4 kB	360 kB	178.20.190.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-29 19:02:10	medium	Client IP	178.20.190.162	ET INFO Dotted Quad Host DLL Request

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed
2024-12-29	medium	178.20.190.162	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118	ScriptElement	100 kB	2023-03-12	2025-07-21
URL 178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118 IP / ASN 178.20.190.162 #50670 Vtel Holdings Limited/Jordan Co. Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-12 Last Seen 2025-07-21 Times Seen 11 Size 100 kB (100097 bytes) MD5 94dad50978324bf7b082d015d230f001 SHA1 0483c53dd16dc89befdc97540935253daa4e9473 SHA256 44df5acf102f26a92e19880629b71526fb648cf1e684176622c964a4c0dd8f4b Format Code Loading...

	178.20.190.162:3000/WorldClient.dll	ScriptElement	0 B	0001-01-01	2025-08-02
URL 178.20.190.162:3000/WorldClient.dll IP / ASN 178.20.190.162 #50670 Vtel Holdings Limited/Jordan Co. Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5606767 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118	ScriptElement	30 kB	2024-12-29	2024-12-29
URL 178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118 IP / ASN 178.20.190.162 #50670 Vtel Holdings Limited/Jordan Co. Introduced by ScriptElement Embedded false Resource Info First Seen 2024-12-29 Last Seen 2024-12-29 Times Seen 1 Size 30 kB (29907 bytes) MD5 c7332983229507aa9b1a785f73df9e4a SHA1 22992e22350a4f4cbf3509467bf0b973996077d4 SHA256 7caf42fb4b400a1c9f5946fe2c1d45df95b4abf1197aa24355f4d50a67878f37 Format Code Loading...

	178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118	ScriptElement	4.0 kB	2024-08-19	2025-05-15
URL 178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118 IP / ASN 178.20.190.162 #50670 Vtel Holdings Limited/Jordan Co. Introduced by ScriptElement Embedded false Resource Info First Seen 2024-08-19 Last Seen 2025-05-15 Times Seen 5 Size 4.0 kB (4044 bytes) MD5 8543713adf041ea49b77a8d05204e90c SHA1 9d489fd239c41128b8b0be3d5c2311ea75900788 SHA256 0e6b3c6f0b0f7ccc16f094778b189d0be9c58eda9af603820537933a767e4ae9 Format Code Loading...

	178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118	ScriptElement	14 kB	2024-12-29	2024-12-29
URL 178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118 IP / ASN 178.20.190.162 #50670 Vtel Holdings Limited/Jordan Co. Introduced by ScriptElement Embedded false Resource Info First Seen 2024-12-29 Last Seen 2024-12-29 Times Seen 1 Size 14 kB (14076 bytes) MD5 797ecf90206ee89d875d3b65a32fe7a6 SHA1 fa4bfad8cc20ab99eb5e062ef97a8ea241de68e7 SHA256 027311e7311b9d647007ad97beed5f66e6ca725fcdfc91c630f252c2ae69a95c Format Code Loading...

HTTP Transactions (11)

URL IP Response Size

GET 178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118

178.20.190.162

200 OK

1.9 kB

URL

178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-12-29

Times Seen2

Size1.9 kB (1942 bytes)

MD547e2fbdfb0520bba782672da01a23777

SHA1d095ba0c8022320a4309723ee74bb5d8e73968da

SHA2563874157ebbfacc188281bb61d0b7a6b7494d3e25a7c28b6672fcd24ac68a3608

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /All/JavaScript/punycode.min.js?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/ecmascript
Content-Encoding: deflate
Content-Length: 1942
Last-Modified: Tue, 19 Nov 2024 11:16:50 GMT

GET 178.20.190.162:3000/WorldClient/pages/logon.css?v=7f54a0d118

178.20.190.162

200 OK

2.8 kB

URL

178.20.190.162:3000/WorldClient/pages/logon.css?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-12-29

Times Seen2

Size2.8 kB (2792 bytes)

MD5bfb2d2ee077d58f6727209024ac026b2

SHA1fc1061725a6ca125d46960fb916c603cd469f1b2

SHA256701f12b471491203973c4d6759afa973a4061d9bb5cdfdec5fb5563f0b6f4ed8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WorldClient/pages/logon.css?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/css
Content-Encoding: deflate
Content-Length: 2792
Last-Modified: Tue, 19 Nov 2024 11:17:10 GMT

GET 178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118

178.20.190.162

200 OK

3.9 kB

URL

178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typeOpenPGP Secret Key

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size3.9 kB (3886 bytes)

MD514f84f9eaa155abfecf7b7f346bbf6e0

SHA12548c8bce5e33d4e9f302c567806684d1ea34ccb

SHA256e2195ce3a0b22929c7845aafbd333ab9943fc54acb0e46085693b420894ebe48

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WorldClient/JavaScript/logon.js?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/ecmascript
Content-Encoding: deflate
Content-Length: 3886
Last-Modified: Tue, 19 Nov 2024 11:17:10 GMT

GET 178.20.190.162:3000/fontawesome/css/font-awesome.min.css?v=7f54a0d118

178.20.190.162

200 OK

7.9 kB

URL

178.20.190.162:3000/fontawesome/css/font-awesome.min.css?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-12-29

Times Seen3

Size7.9 kB (7903 bytes)

MD574a4cd02ed17f0275170b4d3bd659fa5

SHA1fafdf3815e8ed4c436e1a727fad49bdf6f1b148f

SHA256d32a72691457ca5e857a39417a81b6586e93f44dcddae944fd6e31e3e209eb5b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fontawesome/css/font-awesome.min.css?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/css
Content-Encoding: deflate
Content-Length: 7903
Last-Modified: Tue, 19 Nov 2024 11:16:52 GMT

GET 178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118

178.20.190.162

200 OK

11 kB

URL

178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size11 kB (11393 bytes)

MD58a2b1253ff3715cd0668844f923c0192

SHA1625bdf7dd29fdb22f426ce3ddb0930d15b380116

SHA2567f2f3e5a38b1a7bd712ff36f01ffc4173275013090693b34c5fb1f161f3a5e07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WorldClient/globals.min.js?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/ecmascript
Content-Encoding: deflate
Content-Length: 11393
Last-Modified: Tue, 19 Nov 2024 11:17:10 GMT

GET 178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118

178.20.190.162

200 OK

42 kB

URL

178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2023-05-17

Last Seen2024-12-29

Times Seen5

Size42 kB (41596 bytes)

MD5b76a62cee6cc7e7687fdc236c7c053fc

SHA165488d4ca1761a81d91a2c9fa0f6d484181218b8

SHA25681acb50dd8dd15c79b901429a1cf70149d96e4b525032f6b325215251d5e7dd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /All/JavaScript/jquery-latest.js?v=7f54a0d118 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: text/ecmascript
Content-Encoding: deflate
Content-Length: 41596
Last-Modified: Tue, 19 Nov 2024 11:16:50 GMT

GET 178.20.190.162:3000/favicon.ico?v=7f54a0d118c

178.20.190.162

200 OK

15 kB

URL

178.20.190.162:3000/favicon.ico?v=7f54a0d118c

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typeMS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

First Seen2023-05-08

Last Seen2025-07-21

Times Seen15

Size15 kB (15084 bytes)

MD5f0382e05b7b71f7bb89e96253b673307

SHA115759f5ff7bf5ad686ede036a7debdcd5b2a899b

SHA256d1d266ec10954e1d842c4ca061514102ad8b02591990c5d59934ea53db446d56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico?v=7f54a0d118c HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: image/x-icon
Content-Length: 15084
Last-Modified: Tue, 19 Nov 2024 11:16:50 GMT

GET 178.20.190.162:3000/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

178.20.190.162

200 OK

77 kB

URL

178.20.190.162:3000/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459

First Seen2023-04-05

Last Seen2025-08-02

Times Seen164889

Size77 kB (77160 bytes)

MD5af7ae505a9eed503f8b8e6982036873e

SHA1d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA2562adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://178.20.190.162:3000/fontawesome/css/font-awesome.min.css?v=7f54a0d118
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Length: 77160
Last-Modified: Tue, 19 Nov 2024 11:16:52 GMT

GET 178.20.190.162:3000/WorldClient.dll

178.20.190.162

200 OK

95 kB

URL

178.20.190.162:3000/WorldClient.dll

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byN/A

Resource Info

File typedata

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size95 kB (95437 bytes)

MD56eb807691c7e1fe8f5ddbf7c0487cde4

SHA18d49adbb6b48d24565ff639cd031c9a442f59e78

SHA256e857b082792f443f9fda259c8257d1c39da7b1720e243fce8bc7b4827d758a54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WorldClient.dll HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 29 Dec 2024 19:02:32 GMT
Expires: 0
Pragma: no-cache
Cache-Control: no-store
Content-Encoding: deflate
Connection: close

GET 178.20.190.162:3000/WorldClient.dll?&TRANSLATION=1&THEME=WorldClient&RETURNJAVASCRIPT=1&Lang=en

178.20.190.162

200 OK

5.3 kB

URL

178.20.190.162:3000/WorldClient.dll?&TRANSLATION=1&THEME=WorldClient&RETURNJAVASCRIPT=1&Lang=en

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typedata

First Seen2024-12-29

Last Seen2024-12-29

Times Seen1

Size5.3 kB (5323 bytes)

MD59c0b943d136bb1a62147cfe36f998f7c

SHA1510599abe87d330aaffa6b94390d3f392a00f26c

SHA25689b7e716fd94c500ecf2c6a910e98959e512ce5dfd1cefa20fc6e73b268b1961

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /WorldClient.dll?&TRANSLATION=1&THEME=WorldClient&RETURNJAVASCRIPT=1&Lang=en HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 29 Dec 2024 19:02:33 GMT
Expires: 0
Pragma: no-cache
Cache-Control: no-store
Content-Encoding: deflate
Connection: close

GET 178.20.190.162:3000/All/Images/Banner.png

178.20.190.162

200 OK

93 kB

URL

178.20.190.162:3000/All/Images/Banner.png

IP / ASN

178.20.190.162

#50670 Vtel Holdings Limited/Jordan Co.

Requested byhttp://178.20.190.162:3000/WorldClient.dll

Resource Info

File typePNG image data, 429 x 88, 8-bit/color RGBA, non-interlaced

First Seen2023-05-08

Last Seen2025-07-21

Times Seen9

Size93 kB (92986 bytes)

MD56242dc7975e11b45d00cbb32ce5b88c0

SHA1b23abd6872bc45e55e195ba56d97f53c6c046731

SHA256516320102fbde9aa77c77e9e34ab4b9b80dde0f66ed1adf1210bdde359f74d36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /All/Images/Banner.png HTTP/1.1
Host: 178.20.190.162:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://178.20.190.162:3000/WorldClient.dll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=2592000
X-Frame-Options: sameorigin
X-XSS-Protection: 1
Date: Sun, 29 Dec 2024 19:02:33 GMT
Content-Type: image/png
Content-Length: 92986
Last-Modified: Tue, 19 Nov 2024 11:16:50 GMT