| ocsp.quovadisglobal.com/ | 152.195.13.36 | | 1.8 kB |
IP152.195.13.36:0
Hash3fe12b82927fb728c568d5912cd35fe9 44264e29022bef47040150981c3f64e1f3347c25 3075a9d004eab1d40eb0d110f021c4cb77730d0730d6ecfa38d2f72be65d98d5
POST / HTTP/1.1
Host: ocsp.quovadisglobal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=155519,public,no-transform,must-revalidate
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 22:17:57 GMT
Etag: "44264e29022bef47040150981c3f64e1f3347c25"
Expires: Fri, 10 May 2024 22:17:56 GMT
Last-Modified: Wed, 08 May 2024 22:17:57 GMT
Server: Apache
Content-Length: 1758
|
|
| | 162.23.138.8 | 302 Object Moved | 411 B |
URL User Request GET HTTP/1.1IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeHTML document, ASCII text, with very long lines (411), with no line terminators Hash39f029a883aec35cdac4c92d128b32c1 73faf1dead86107d02fede8dd1c3bb4bb1b1304b 5f73f9a65a4dbf45317569c7194c4a1e8d7ede851e79fdca3b2ee8634f5abc3a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Object Moved
Location: /logon/LogonPoint/index.html
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_ERRM=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_VPNERR=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Connection: close
Content-Length: 411
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
|
|
| 162.23.138.8/logon/LogonPoint/index.html | 162.23.138.8 | 200 OK | 43 kB |
URL User Request GET HTTP/1.1162.23.138.8/logon/LogonPoint/index.html IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeHTML document, ASCII text Hash31bb581c9472cb009efe1b732d63b09a 8547a8a735f7732b97d8546efcec8d95daf50e9a b4a2218823858f4893d78e15f04187deae082004d0c7acd3b82c369fe4ba576a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/index.html HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 22:17:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
ETag: "a732-617387a985777"
Accept-Ranges: bytes
Content-Length: 42802
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=157680000
Cache-Control: no-cache, no-store, must-revalidate, no-cache
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js | 162.23.138.8 | 200 OK | 107 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (906) Size107 kB (107023 bytes) Hashdcfc1bfa36ecbf0edb4347578df0213d 966e56b53ceaf31fcd49ddc5c8677b8e19d0e700 9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1a20f-617387a953218"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 107023
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js | 162.23.138.8 | 200 OK | 6.5 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (535) Hashd814db61581469b1933231c758bdffd1 e3b52b5c629d0a183a97a6f02f7d93040e5d233e 0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1954-617387a952466"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 6484
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/init.js | 162.23.138.8 | 200 OK | 5.6 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/init.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hash39a9b560daabd32b733da7eeae94cad4 3ad60e2b02749eead4261e50444864e311a86374 a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/init.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "15eb-617387a985c06"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 5611
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js | 162.23.138.8 | 200 OK | 34 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (579) Hash1c97a3016754514038cacfb844f0239c 46debfa332ecf1bd4925c64265c47f7258172850 9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/velocity.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "85a2-617387a952881"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 34210
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js | 162.23.138.8 | 200 OK | 13 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (624) Hash284cb038482fd3307fb751331514fed0 4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb 147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery-migrate.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3458-617387a951732"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 13400
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js | 162.23.138.8 | 200 OK | 133 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (651) Size133 kB (132775 bytes) Hash91d8ddebb15dc6f75c37e46ab4fae926 884de83f04661e57cb9d6a9794dfa760613da7fe e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/elliptic.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "206a7-617387a950e13"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 132775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=94
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js | 162.23.138.8 | 200 OK | 46 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (615) Hash0c0d7e0b234a2d6fdc1b120ccdadf2e5 ba0be0cc5f984c3681ee13d8320a402783a700c4 d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/slick.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "b18e-617387a952c92"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 45454
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js | 162.23.138.8 | 200 OK | 40 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (548) Hash8faebed464c1e869bdd211469fae85ab 21f3930da03554989c56e99f1ecd4000232956c7 a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/hammer.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9e4d-617387a952036"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40525
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js | 162.23.138.8 | 200 OK | 1.1 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (517) Hash366b5bb7e1a9493a85fb55c1214ac0b3 d9c66739293c205420e5be0de117370dd82ebe45 ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "449-617387a951c1c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 1097
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js | 162.23.138.8 | 200 OK | 112 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (618) Size112 kB (111584 bytes) Hash779f402578bbe4169138f8b9358262df b6c74875fefc6f64513ce7a5a5213e6318c87448 2dc3999738e2e8279eb5e14ebe383153f09ff35e1d6ba611d92010dd3b65a454
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/ctxs.core.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b3e0-617387a95cb2d"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 111584
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=93
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js | 162.23.138.8 | 200 OK | 281 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (639) Size281 kB (280890 bytes) Hash57f665baae44d6079e90bbea9826a9e7 1633b0cd48a4a235b014d175aeb11134a454282f 8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/ctxs.webui.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "4493a-617387a95cf4a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 280890
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js | 162.23.138.8 | 200 OK | 255 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (620) Size255 kB (255175 bytes) Hash41acc8fb6964368646b7af113844b590 02768ceea678666f62869c6d50622a894437f40d 8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery-ui.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3e4c7-617387a9512fb"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 255175
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/common/wspinner@2x.gif | 162.23.138.8 | 200 OK | 2.2 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/common/wspinner@2x.gif IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeGIF image data, version 89a, 45 x 44 Hash468ba45616591ff91c90d1fe820a37db f81ef447026c6e191ce552f95918e8a3b74b0d9a 111ce0995fd5170b4289d22d9bac264ffba149c4eda9377a5403423a22d3b76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/wspinner@2x.gif HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8af-617387a97e819"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 2223
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=91
Content-Type: image/gif
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css | 162.23.138.8 | 200 OK | 80 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash104279a2c7f9a1d506532b8e20d52f14 2ed9a5a237aecec8167e12ee3808ded04efecb3a 1bb3451cb39f87b51cd7ca0a5254456d48bf3b24df3a61ba8a0bfb7c2b34bea4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/css/ctxs.large-ui.min.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "136c4-617387a94fff5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 79556
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=90
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/themes/Default/css/theme.css | 162.23.138.8 | 200 OK | 19 B |
URL GET HTTP/1.1162.23.138.8/logon/themes/Default/css/theme.css IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hash6b3a033634abf38f64d697ac6e4c3693 4a5c88dd85287e9abb9d2d1cc10ccf5aaa989184 333daa0016c8f43fee52866ce762f53717031f88f20312f3be0cfc43665babc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/themes/Default/css/theme.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "13-617387a98b11a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 19
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=99
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/custom/style.css | 162.23.138.8 | 200 OK | 738 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/custom/style.css IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeUnicode text, UTF-8 (with BOM) text Hash8b43abf50741f17d250e5212f97590a8 7c955b0808a979fad799b4d7a59052097f05df12 0ecdfbe22feb58756224e2e3b9f38abeafcf4c491f79cdba6ebb8de52acc044b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/style.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "2e2-6177d35d0c13f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 738
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=89
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/common/icon_vpn.ico | 162.23.138.8 | 200 OK | 32 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/common/icon_vpn.ico IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeMS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel Hash4c2049dad5c78893481fc831c6338274 ceceb457f3d910af15cb548e9fbfe2c1dbca1242 80c297534c925e1973052b72584a929a0b68c988bfcde7c1728ad72fc1f3e039
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/icon_vpn.ico HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "7d26-617387a97cf65"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 32038
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=88
Content-Type: image/x-icon
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/vpn/media/citrixgateway_logo_white.png | 162.23.138.8 | 200 OK | 2.3 kB |
URL GET HTTP/1.1162.23.138.8/vpn/media/citrixgateway_logo_white.png IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typePNG image data, 160 x 25, 8-bit/color RGBA, non-interlaced Hashcf8821d2fde59a0cb4b911311f9329b4 b53194e82394a33420aa74e0a9c0b71abb590037 4a2cae9a9c5a586f2bd5dc6140e34cac6b18be6b617c602a4a48321452c18c1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /vpn/media/citrixgateway_logo_white.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: no-cache
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8fc-616ad56ca1b26"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 22 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2300
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=98
Content-Type: image/png
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/custom/script.js | 162.23.138.8 | 200 OK | 921 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/custom/script.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeUnicode text, UTF-8 (with BOM) text Hashf2f59110ea521b29c2fdc443d6591f2e e4a00f80ed821e69d9ca5b3e635fe4031574ba9e 31d53110df746be20920919bd72b80408e758a44852d3cf4a3d88e1b7bd5460a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/script.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "399-6177d35d03fb5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 921
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=87
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/1x/actionSprite.png | 162.23.138.8 | 200 OK | 2.4 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/1x/actionSprite.png IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typePNG image data, 134 x 19, 8-bit/color RGBA, non-interlaced Hash8d38241006b5f1ed2659947adbeee0ce 4505086a3353f5069f25b7bb2558c04de0a7308b 036e7a57f8bb75895d2d35b27913f555589881a2e7cda51f1de01a351425ffba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/1x/actionSprite.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "95a-617387a96189e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 2394
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=97
Content-Type: image/png
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/1x/folder_template.png | 162.23.138.8 | 200 OK | 432 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/1x/folder_template.png IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced Hash6cfd22f53c0df5b079178d648e69c5b0 49375ca766aafecbd7c94c9f31f98fe5f41d8462 5886f57d6a5eab166a00523fcc6963edafb009029e3ec6092f6ea79da4cd6ae0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/1x/folder_template.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b0-617387a96320a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 432
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=86
Content-Type: image/png
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/1x/viewSprite.png | 162.23.138.8 | 200 OK | 3.2 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/1x/viewSprite.png IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typePNG image data, 233 x 25, 8-bit/color RGBA, non-interlaced Hashec0047cfaaf281a0a1740025e3b4f852 47e9f205fb2fdb1e36bffe284255287df2f7594b 85d7dde124874210870bb7d3526f56ba3dc4b54ef4572855946f3905233c1455
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/1x/viewSprite.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "c5f-617387a969200"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 3167
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Content-Type: image/png
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/Home/Configuration | 162.23.138.8 | 200 OK | 2.4 kB |
URL POST HTTP/1.1162.23.138.8/logon/LogonPoint/Home/Configuration IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeXML 1.0 document, ASCII text, with very long lines (2368), with no line terminators Hash6c6f01d98135ef4000a733619a7dd6bf e0ad0f697ffa126f24c0648ac278126aac41b670 f9a8080dff2e0a71fd9d492e0695a9aa8aa6e9d54028faa12a6d719fe272e10a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /logon/LogonPoint/Home/Configuration HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 2368
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 162.23.138.8/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639 | 162.23.138.8 | 200 OK | 41 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639 IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (599) Hash2e92344c94f3e46978e0b742fd8bbeed 9367b902006ad0ce6c6919f915ce830cb976122d 23b1ebe8b71b12ed7e1179861073f7c2c4c08540f7e02f12903a882985466fec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639 HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9fce-617387a956b48"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40910
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=85
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/custom/strings.en.js?_=1715206672640 | 162.23.138.8 | 200 OK | 438 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/custom/strings.en.js?_=1715206672640 IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hashb2e55add6cd1d9b906d2bbe411aa493c 210d958cd3277c6080a56b40454fd6beb4b1dbe4 a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/strings.en.js?_=1715206672640 HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b6-6177d35d04d73"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 438
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=84
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/custom/strings.en.json | 162.23.138.8 | 200 OK | 3 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/custom/strings.en.json IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hash3d29a75fcf0ed7dfff86d3db8f92fc69 dff8a1731f59ccad056b346102d1e1d014b843f3 8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/strings.en.json HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3-6177d35d0518f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 3
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=83
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js | 162.23.138.8 | 200 OK | 41 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (585) Hashafc84a69389601b65eb820a831c9e09b 9532023b8c66eb153cd7f2ee317ca92acef119ac 6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/nsg-epa.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9f84-617387a97f067"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40836
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=82
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js | 162.23.138.8 | 200 OK | 77 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (1198) Hash6cd18c91390133d713e9ef1a76c756d5 39ec7e2154a93498c7e3329ba8596622ace81875 7757921d76ef7b642beb94c4034960b3cd66c7956c1b3fd5084dcb3630a68504
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "12c6b-617387a97ec67"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 76907
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js | 162.23.138.8 | 200 OK | 34 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJavaScript source, ASCII text, with very long lines (655) Hash3b06060a4ff1650d02857d94a7c26ceb 53c0886aba601323f7ccb2eab3d525669e8334fe 89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8543-617387a97f461"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 34115
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=81
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/nf/auth/getECdetails | 162.23.138.8 | 200 OK | 23 B |
URL GET HTTP/1.1162.23.138.8/nf/auth/getECdetails IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hashb55593893095e499798bbb0c2afbf155 3092c810243b2cdec279e3031250e0e7d80d102e e6ee73b614d8bf5e6f57075e71d261039de73b70f4412d5dfc8a7f8c1bc2a2ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /nf/auth/getECdetails HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 23
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 162.23.138.8/logon/LogonPoint/Resources/List | 162.23.138.8 | 200 OK | 22 B |
URL POST HTTP/1.1162.23.138.8/logon/LogonPoint/Resources/List IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
Hashae3728d87216eee1a9989d75738c067a c1fc6147a0c50642ca93e7a4022b468729a5bba4 da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /logon/LogonPoint/Resources/List HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Content-Length: 35
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22
|
|
| 162.23.138.8/cgi/GetAuthMethods | 162.23.138.8 | 200 OK | 139 B |
URL POST HTTP/1.1162.23.138.8/cgi/GetAuthMethods IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeXML 1.0 document, ASCII text, with no line terminators Hash74f810363f3ad15b31adc643eb4c9f67 7f98380391f751216b92dcab192c7d5fa3901fba aa5284453b870739714d36ed5ab32bec8921bd0729366f964d80f305ef41251f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cgi/GetAuthMethods HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 139
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 162.23.138.8/p/u/getAuthenticationRequirements.do | 162.23.138.8 | 200 OK | 1.6 kB |
URL POST HTTP/1.1162.23.138.8/p/u/getAuthenticationRequirements.do IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeXML 1.0 document, ASCII text, with very long lines (1594), with no line terminators Hash3adb3377d530c8a717320d4dd0d59870 22469ed9ce43f28bead2b9f25ff96cb224766cbe c9e42e1859aec164118c31ae07950e8dd64ad7c26668db9c4d1bba4de92339c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /p/u/getAuthenticationRequirements.do HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-AM-CredentialTypes: none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem
X-Citrix-AM-LabelTypes: none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_ERRM=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Connection: close
Content-Length: 1594
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/common/authspinner.gif | 162.23.138.8 | 200 OK | 954 B |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/common/authspinner.gif IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeGIF image data, version 89a, 22 x 22 Hash6959bf8fd07a4bdc3e9662728dd43f17 2e598a26facf72188598d671651268e9ac100406 81cf46cd2e1d60f92fd21a4fea68c087f111a0e7f9ea3d81798dff8d9459145b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/authspinner.gif HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3ba-617387a976afd"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 954
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=95
Content-Type: image/gif
Strict-Transport-Security: max-age=157680000
|
|
| 162.23.138.8/logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg | 162.23.138.8 | 200 OK | 51 kB |
URL GET HTTP/1.1162.23.138.8/logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg IP162.23.138.8:443 ASN#33845 Swiss Federation represented by FOITT
Requested byhttps://162.23.138.8/logon/LogonPoint/index.html CertificateIssuerQuoVadis Limited Subjectgw.mobile.admin.ch FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95 ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 2560x1600, components 3 Hashd0265879502bdba1ddd4bd649c976615 8e837cd29ead3501bdfd2a6fcad00adba5f5bb82 17197024d7ccdb50bd23b0e4cfcd38bf818f0c1644795474460bb1b5c95906d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "c676-617387a9766dd"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 50806
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=80
Content-Type: image/jpeg
Strict-Transport-Security: max-age=157680000
|
|