{"report_id":"d15b0444-d2f2-4097-8638-b142074ab56e","version":6,"status":"done","tags":[],"date":"2024-12-29T19:02:35Z","url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient.dll","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":0,"asn":50670,"as":"Vtel Holdings Limited/jordan Co.","country":"Jordan","country_code":"JO"},"final":{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient.dll","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"title":"MDaemon Webmail"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-09T19:02:35Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"178.20.190.162","ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":11,"request_count":11,"received_data":360207,"sent_data":4391,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-29T19:02:10Z","timestamp":1735498930,"ip_dst":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"ip_src":{"addr":"172.18.0.27","port":50914,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Dotted Quad Host DLL Request","source":"{\"timestamp\":\"2024-12-29T19:02:10.330940+0000\",\"flow_id\":86593464575848,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.27\",\"src_port\":50914,\"dest_ip\":\"178.20.190.162\",\"dest_port\":3000,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost.dll\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027250,\"rev\":4,\"signature\":\"ET INFO Dotted Quad Host DLL Request\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_04_23\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Moderate\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_04_08\"]}},\"http\":{\"hostname\":\"178.20.190.162\",\"http_port\":3000,\"url\":\"/WorldClient.dll\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":679,\"bytes_toclient\":655,\"start\":\"2024-12-29T19:02:10.141160+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"introduction_type":"scriptElement","is_inline":false,"md5":"94dad50978324bf7b082d015d230f001","sha1":"0483c53dd16dc89befdc97540935253daa4e9473","sha256":"44df5acf102f26a92e19880629b71526fb648cf1e684176622c964a4c0dd8f4b","sha512":"44a43ace6d5d052f56792df1e58ad208f8b3eae5feb966154fc4875e0ec66c9c558bba014ac2f469bf75eb8e91e99c09f283a45069d460da248c620fc995da9c","ssdeep":"1536:ys5O4qYJu3JgRQQraFwBSjoKw0NSzWCFqF8GFd9haTx5LfCwA670bbFhzc9eeqHV:5vu+1WChtyFhw90HYwgDBWUx+rHf","tlshash":"61a31addb2c670628bb730b850bf560bf07a5c9ab44c8890f159d8e47d74a8a507bf2d","size":100097,"data":"","first_seen":"2023-03-12T20:37:37Z","last_seen":"2026-04-05T15:42:43.525817Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient.dll","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-21T16:33:36.951402Z","times_seen":14022883,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7332983229507aa9b1a785f73df9e4a","sha1":"22992e22350a4f4cbf3509467bf0b973996077d4","sha256":"7caf42fb4b400a1c9f5946fe2c1d45df95b4abf1197aa24355f4d50a67878f37","sha512":"cddf47c15dacb102a724aaadd183a8268427ab9cb77eec9e445bbf367aa1d4bc96a7548f137a2df56ed392c94366a9ef390848e843a6cef89c57707d823750e5","ssdeep":"768:mMbCtDUHbbyzAeFNMhsqy29sRbmFNe/THq:CU4AeFNMhsqy9ZmFNe/THq","tlshash":"1bd208887492667242fb24b0247f428eb130cd69ecd95574f988d8e6b870d8b91bff74","size":29907,"data":"","first_seen":"2024-12-29T19:02:39.205175Z","last_seen":"2025-09-26T16:17:12.713047Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8543713adf041ea49b77a8d05204e90c","sha1":"9d489fd239c41128b8b0be3d5c2311ea75900788","sha256":"0e6b3c6f0b0f7ccc16f094778b189d0be9c58eda9af603820537933a767e4ae9","sha512":"cee1f6767601eaee416a93fcbb3b4eaa3ca0e69cc84e0a88b4096d31f3e81ac54e390ce81473e4a525ddfe8bcbae9d25d2590953141b1fc9e02a4b96e1b7ed8c","ssdeep":"96:zUzhEeB/YLiCyFdOvIYaJYD5Xjq/T5jEbTaWxXlQ6VgS:IzGfLAIgBwc/i66z","tlshash":"7f8153d972d7f0558aa125e611ff180ee87d7884dd4900b0b6c496dca8f8f78a62af18","size":4044,"data":"","first_seen":"2024-08-19T15:32:19.599179Z","last_seen":"2026-04-05T15:42:43.534955Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118","fqdn":"178.20.190.162:3000","domain":"178.20.190.162","tld":"162:3000"},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"introduction_type":"scriptElement","is_inline":false,"md5":"797ecf90206ee89d875d3b65a32fe7a6","sha1":"fa4bfad8cc20ab99eb5e062ef97a8ea241de68e7","sha256":"027311e7311b9d647007ad97beed5f66e6ca725fcdfc91c630f252c2ae69a95c","sha512":"506e5e6266702b0bf137e2faffcd53a8bef372f71493d598775468518707d84c85080e8b61c070dd015878962b169e895ce361261b6e7d865b7db13023ed076e","ssdeep":"384:QHa1ZJAsheKegeHeqeyeBeJe1eEeVeRe6eZFDdyrQAnZRjZjkMHI:xcbV+7zcUgJAMridFo","tlshash":"26525f496206125395b333ba9f97d648ff73052701269e04be6d8d902fb9d0a8377fac","size":14076,"data":"","first_seen":"2024-12-29T19:02:39.209957Z","last_seen":"2025-09-26T16:17:12.720146Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"178.20.190.162:3000/All/JavaScript/punycode.min.js?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.649Z","timestamp":1735498930649,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /All/JavaScript/punycode.min.js?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/ecmascript\r\nContent-Encoding: deflate\r\nContent-Length: 1942\r\nLast-Modified: Tue, 19 Nov 2024 11:16:50 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1942,"size_decoded":1942,"mime_type":"text/ecmascript","magic":"data","md5":"47e2fbdfb0520bba782672da01a23777","sha1":"d095ba0c8022320a4309723ee74bb5d8e73968da","sha256":"3874157ebbfacc188281bb61d0b7a6b7494d3e25a7c28b6672fcd24ac68a3608","sha512":"e1abfcfc09cbcca4f133b215e2bf598e1eecfe9beae2863a1b4c0e93c422ab8ba1776360ae70f6ef4fc85ab865dd97aa688a14e2bec1a5810eda9c4d45e3056a","ssdeep":"","tlshash":"c2411b12e4988d490b65e2b841de4e7cb3b1d60ecfc8a9202e7636c3f0be4e2051d851","first_seen":"2024-08-19T15:32:19.587868Z","last_seen":"2024-12-29T19:02:39.16502Z","times_seen":2,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":81,"dns":0,"connect":92,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient/pages/logon.css?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.643Z","timestamp":1735498930643,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /WorldClient/pages/logon.css?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/css\r\nContent-Encoding: deflate\r\nContent-Length: 2792\r\nLast-Modified: Tue, 19 Nov 2024 11:17:10 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2792,"size_decoded":2792,"mime_type":"text/css","magic":"data","md5":"bfb2d2ee077d58f6727209024ac026b2","sha1":"fc1061725a6ca125d46960fb916c603cd469f1b2","sha256":"701f12b471491203973c4d6759afa973a4061d9bb5cdfdec5fb5563f0b6f4ed8","sha512":"f30713ccfe73e5a29cc7b58c6e0443f0451f994a7c4ba7ca07839d8c6cfb2daf7bc646a19fb564af58091d42817fe6596d7a191962a13fecf2d4c16fd19b7deb","ssdeep":"","tlshash":"d25107d64a12cff8a158b44c256dd940674d0e6d2f3f015add3f6a88a6e73c0e2a880a","first_seen":"2024-08-19T15:32:19.58923Z","last_seen":"2024-12-29T19:02:39.168878Z","times_seen":2,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":86,"dns":0,"connect":93,"send":0,"wait":101,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient/JavaScript/logon.js?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.651Z","timestamp":1735498930651,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /WorldClient/JavaScript/logon.js?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/ecmascript\r\nContent-Encoding: deflate\r\nContent-Length: 3886\r\nLast-Modified: Tue, 19 Nov 2024 11:17:10 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3886,"size_decoded":3886,"mime_type":"text/ecmascript","magic":"OpenPGP Secret Key","md5":"14f84f9eaa155abfecf7b7f346bbf6e0","sha1":"2548c8bce5e33d4e9f302c567806684d1ea34ccb","sha256":"e2195ce3a0b22929c7845aafbd333ab9943fc54acb0e46085693b420894ebe48","sha512":"afe4e251a36c53d9254a6f419d465682ab11cc136dfda18da16cbcbb240962fc6e26c460935108257470b10a3c8105f79618cb39217631cb133491b1e9102ef7","ssdeep":"","tlshash":"43816de22044bb299d329c7a9bd4c20119731f97a41fce092cf46bd310567b947f5d99","first_seen":"2024-12-29T19:02:39.173063Z","last_seen":"2024-12-29T19:02:39.173063Z","times_seen":1,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":80,"dns":0,"connect":92,"send":0,"wait":103,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/fontawesome/css/font-awesome.min.css?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.641Z","timestamp":1735498930641,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /fontawesome/css/font-awesome.min.css?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/css\r\nContent-Encoding: deflate\r\nContent-Length: 7903\r\nLast-Modified: Tue, 19 Nov 2024 11:16:52 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7903,"size_decoded":7903,"mime_type":"text/css","magic":"data","md5":"74a4cd02ed17f0275170b4d3bd659fa5","sha1":"fafdf3815e8ed4c436e1a727fad49bdf6f1b148f","sha256":"d32a72691457ca5e857a39417a81b6586e93f44dcddae944fd6e31e3e209eb5b","sha512":"030008fe6d212c3ed0cb905ee627556333351ed3748983dfae4f48c327a9470e00511a246d81855a5124f8ce7567ff71b0b33d25ae430b847a5fc32a4a248428","ssdeep":"192:C6K9JxHTaZAUovW1Zxs1P+2LAlYo8Lrxz5Au9fV:CVd93AMP+8AlYo8LlzFxV","tlshash":"def1aefba6f18c6eabace18f92d9c01787517186ec0519245d717bc43039802bb773a3","first_seen":"2024-08-19T15:32:19.5871Z","last_seen":"2024-12-29T19:02:39.177581Z","times_seen":3,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":88,"dns":0,"connect":93,"send":0,"wait":101,"receive":188,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient/globals.min.js?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.648Z","timestamp":1735498930648,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /WorldClient/globals.min.js?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/ecmascript\r\nContent-Encoding: deflate\r\nContent-Length: 11393\r\nLast-Modified: Tue, 19 Nov 2024 11:17:10 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11393,"size_decoded":11393,"mime_type":"text/ecmascript","magic":"data","md5":"8a2b1253ff3715cd0668844f923c0192","sha1":"625bdf7dd29fdb22f426ce3ddb0930d15b380116","sha256":"7f2f3e5a38b1a7bd712ff36f01ffc4173275013090693b34c5fb1f161f3a5e07","sha512":"c102fabf5b01a50434194d203583eb1890697fb8a065255928a60d14d1fd3f6879c5a62eaa66cfc49c053b136e2ea76ea142ef5c383a8f9fe78478f469897dcd","ssdeep":"192:5qg4VcS+BzN/t3xfTvUiDrXUfEbfgnQrtISmfu600SGjSRt/Vo:g63vTMiQEknIOu60XCso","tlshash":"2832b088b7044fbc95f421d84ab761af8c32685619a6d6e1641f92104fbe4719532e6c","first_seen":"2024-12-29T19:02:39.181746Z","last_seen":"2024-12-29T19:02:39.181746Z","times_seen":1,"resource_available":false,"data":null}},"time_used":461,"timings":{"blocked":82,"dns":0,"connect":92,"send":0,"wait":101,"receive":186,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/All/JavaScript/jquery-latest.js?v=7f54a0d118","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.645Z","timestamp":1735498930645,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /All/JavaScript/jquery-latest.js?v=7f54a0d118 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: text/ecmascript\r\nContent-Encoding: deflate\r\nContent-Length: 41596\r\nLast-Modified: Tue, 19 Nov 2024 11:16:50 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":41596,"size_decoded":41596,"mime_type":"text/ecmascript","magic":"data","md5":"b76a62cee6cc7e7687fdc236c7c053fc","sha1":"65488d4ca1761a81d91a2c9fa0f6d484181218b8","sha256":"81acb50dd8dd15c79b901429a1cf70149d96e4b525032f6b325215251d5e7dd8","sha512":"4e2a856681a03be5f9c38b66c8742945a746ee50238eb28534d89783ad81f07b824a12a2962ac4c475d0b7dfa67a9b177f272c964173dfa736377c49e70d1db8","ssdeep":"768:DvM6PmTGym/Y6WMOpE7SMHpd3062y97fKDcoBvfKIVbbslvjBBtgVzHWl8a:DvMJ6DmwNHpN0619KBvfzVoozH4","tlshash":"e913f16f81d0774ee0ab4349cd0f53e67ca697229bb4ffd6a60f46d4288752460ba81c","first_seen":"2023-05-17T01:48:31Z","last_seen":"2024-12-29T19:02:39.18413Z","times_seen":5,"resource_available":false,"data":null}},"time_used":647,"timings":{"blocked":84,"dns":0,"connect":92,"send":0,"wait":99,"receive":372,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/favicon.ico?v=7f54a0d118c","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:11.632Z","timestamp":1735498931632,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico?v=7f54a0d118c HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 15084\r\nLast-Modified: Tue, 19 Nov 2024 11:16:50 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15084,"size_decoded":15084,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"f0382e05b7b71f7bb89e96253b673307","sha1":"15759f5ff7bf5ad686ede036a7debdcd5b2a899b","sha256":"d1d266ec10954e1d842c4ca061514102ad8b02591990c5d59934ea53db446d56","sha512":"6c27d3100f253a0432624528863ebe14b39221f377197373399faf876ce2d0970fbcaeb0508ef3e495dc1d7f250b3b54da9bdddb814105d6a71db4cc762424d9","ssdeep":"192:hBmRBUSB39jmA3m8yZ17BL2YemfgNOCojiSqmGx0pm:jmRhr3/q17BL9emfgNOCojiSqTyU","tlshash":"ae626fd229c408c1f65fc238acab7a21735e6cc868665c433f27e9e9c746a87153b34d","first_seen":"2023-05-08T19:26:14Z","last_seen":"2026-04-11T22:37:23.548558Z","times_seen":29,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:11.283Z","timestamp":1735498931283,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: http://178.20.190.162:3000/fontawesome/css/font-awesome.min.css?v=7f54a0d118\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Length: 77160\r\nLast-Modified: Tue, 19 Nov 2024 11:16:52 GMT\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":77160,"size_decoded":77160,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-21T16:32:50.111961Z","times_seen":434041,"resource_available":true,"data":null}},"time_used":662,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":565,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient.dll","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-29T19:02:10.147Z","timestamp":1735498930147,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /WorldClient.dll HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: Sun, 29 Dec 2024 19:02:32 GMT\r\nExpires: 0\r\nPragma: no-cache\r\nCache-Control: no-store\r\nContent-Encoding: deflate\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":95437,"size_decoded":95437,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"6eb807691c7e1fe8f5ddbf7c0487cde4","sha1":"8d49adbb6b48d24565ff639cd031c9a442f59e78","sha256":"e857b082792f443f9fda259c8257d1c39da7b1720e243fce8bc7b4827d758a54","sha512":"645fddfa5de90f2f5f926bcdb8009357763d6e33c68dd4321487be78680f1d684346abbb46ffec1405eb0690e74d6619a2968f21c5a34fe3d5226830fd41724a","ssdeep":"1536:vFbwvxfLYNmvSTTWekVkDkrl6NWKgxLBkZ/DD8Kv7k3WFiQMeG:vFUvxflSTTOVEAKaNEDgWY37QMeG","tlshash":"e093026b6881b182e72b903e5e69efdce253c52bd5068e44b36e08addf417c38d50927","first_seen":"2024-12-29T19:02:39.191689Z","last_seen":"2024-12-29T19:02:39.191689Z","times_seen":1,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":88,"dns":0,"connect":93,"send":0,"wait":97,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/WorldClient.dll?\u0026TRANSLATION=1\u0026THEME=WorldClient\u0026RETURNJAVASCRIPT=1\u0026Lang=en","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:11.331Z","timestamp":1735498931331,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /WorldClient.dll?\u0026TRANSLATION=1\u0026THEME=WorldClient\u0026RETURNJAVASCRIPT=1\u0026Lang=en HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nContent-Type: text/html; charset=utf-8\r\nLast-Modified: Sun, 29 Dec 2024 19:02:33 GMT\r\nExpires: 0\r\nPragma: no-cache\r\nCache-Control: no-store\r\nContent-Encoding: deflate\r\nConnection: close\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5323,"size_decoded":5323,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"9c0b943d136bb1a62147cfe36f998f7c","sha1":"510599abe87d330aaffa6b94390d3f392a00f26c","sha256":"89b7e716fd94c500ecf2c6a910e98959e512ce5dfd1cefa20fc6e73b268b1961","sha512":"e022a607a8c01345814a782f38901c391f1cdb8203b06af0c37eeb76b87069f46b7bc41661c65bc1776adf3873918856ea1c516c2c9a6828b335ac5dd16b1ec4","ssdeep":"96:i/aKVEaOBca0lv/cMgYctM1FrNp5yCvcPQiq3qaFgfQNMUyLWRF3hsRURSGzpdV2:DiENCaSv/vgYoAxN9UPMqYeuMbLK2URY","tlshash":"85b16dd52bb09cc5f5ce3d743ab61f003b43ae6220125b8d6169496d7f790c99c426d6","first_seen":"2024-12-29T19:02:39.193743Z","last_seen":"2024-12-29T19:02:39.193743Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"178.20.190.162:3000/All/Images/Banner.png","fqdn":"178.20.190.162","domain":"178.20.190.162","tld":""},"ip":{"addr":"178.20.190.162","port":3000,"asn":50670,"as":"Vtel Holdings Limited/Jordan Co.","country":"Jordan","country_code":"JO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://178.20.190.162:3000/WorldClient.dll","date":"2024-12-29T19:02:10.647Z","timestamp":1735498930647,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /All/Images/Banner.png HTTP/1.1\r\nHost: 178.20.190.162:3000\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://178.20.190.162:3000/WorldClient.dll\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Security-Policy: img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:\r\nReferrer-Policy: same-origin\r\nStrict-Transport-Security: max-age=2592000\r\nX-Frame-Options: sameorigin\r\nX-XSS-Protection: 1\r\nDate: Sun, 29 Dec 2024 19:02:33 GMT\r\nContent-Type: image/png\r\nContent-Length: 92986\r\nLast-Modified: Tue, 19 Nov 2024 11:16:50 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92986,"size_decoded":92986,"mime_type":"image/png","magic":"PNG image data, 429 x 88, 8-bit/color RGBA, non-interlaced","md5":"6242dc7975e11b45d00cbb32ce5b88c0","sha1":"b23abd6872bc45e55e195ba56d97f53c6c046731","sha256":"516320102fbde9aa77c77e9e34ab4b9b80dde0f66ed1adf1210bdde359f74d36","sha512":"54d60906b735a2085279f2f0bb78c235907b0c5939b69736106fd62db8f6de4c92f7805ad721622ddb7501e90c457ed97010672c7c086c781280892ef9352d93","ssdeep":"1536:bbwvxfLYNmvSTTWekVkDkrl6NWKgxLBkZ/DD8Kv7k3WFiQMeG:bUvxflSTTOVEAKaNEDgWY37QMeG","tlshash":"0f93016b6982f181e76b903e5e69efdce217c92b8516ce04b36e08addf407c34c50927","first_seen":"2023-05-08T19:26:14Z","last_seen":"2026-04-05T15:42:43.526548Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1313,"timings":{"blocked":554,"dns":0,"connect":0,"send":0,"wait":96,"receive":663,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-29","alert":"Sinkholed","trigger":"178.20.190.162","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}