Report - 162.23.138.8/

Report Overview

Submitted URL
162.23.138.8/
IP
162.23.138.8
ASN
#33845 Swiss Federation represented by FOITT
Submitted
2024-05-08 22:18:17
Access
public
Website Title
Citrix Gateway
Final URL
162.23.138.8/logon/LogonPoint/index.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
74

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.quovadisglobal.com	4610	2005-01-28	2012-10-10	2024-05-08	335 B	2.1 kB	152.195.13.36
162.23.138.8	unknown	unknown	No data	No data	17 kB	1.5 MB	162.23.138.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed
2024-05-08	medium	162.23.138.8	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js	34 kB	2023-03-10	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-05-19 06:10:26 Times Seen63 Hash 1c97a3016754514038cacfb844f0239c 46debfa332ecf1bd4925c64265c47f7258172850 9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js	133 kB	2023-03-12	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:08:49 Last Seen2024-05-19 06:10:26 Times Seen61 Hash 91d8ddebb15dc6f75c37e46ab4fae926 884de83f04661e57cb9d6a9794dfa760613da7fe e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js	112 kB	2024-02-14	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 19:16:14 Last Seen2024-05-19 06:10:26 Times Seen21 Hash 779f402578bbe4169138f8b9358262df b6c74875fefc6f64513ce7a5a5213e6318c87448 2dc3999738e2e8279eb5e14ebe383153f09ff35e1d6ba611d92010dd3b65a454 Loading...

	unknown	438 B	2023-03-10	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-05-19 06:10:26 Times Seen52 Hash b2e55add6cd1d9b906d2bbe411aa493c 210d958cd3277c6080a56b40454fd6beb4b1dbe4 a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f Loading...

	162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js	34 kB	2023-03-10	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-05-19 06:10:26 Times Seen63 Hash 3b06060a4ff1650d02857d94a7c26ceb 53c0886aba601323f7ccb2eab3d525669e8334fe 89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1 Loading...

	162.23.138.8/logon/LogonPoint/init.js	5.6 kB	2023-03-12	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/init.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:28:31 Last Seen2024-05-19 06:10:26 Times Seen62 Hash 39a9b560daabd32b733da7eeae94cad4 3ad60e2b02749eead4261e50444864e311a86374 a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js	255 kB	2023-07-18	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-05-19 06:10:26 Times Seen55 Hash 41acc8fb6964368646b7af113844b590 02768ceea678666f62869c6d50622a894437f40d 8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js	13 kB	2023-07-18	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-05-19 06:10:26 Times Seen53 Hash 284cb038482fd3307fb751331514fed0 4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb 147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js	6.5 kB	2023-03-10	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:27 Last Seen2024-05-19 06:10:26 Times Seen61 Hash d814db61581469b1933231c758bdffd1 e3b52b5c629d0a183a97a6f02f7d93040e5d233e 0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js	46 kB	2023-07-18	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-05-19 06:10:26 Times Seen55 Hash 0c0d7e0b234a2d6fdc1b120ccdadf2e5 ba0be0cc5f984c3681ee13d8320a402783a700c4 d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js	281 kB	2023-07-26	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-26 19:42:03 Last Seen2024-05-19 06:10:26 Times Seen49 Hash 57f665baae44d6079e90bbea9826a9e7 1633b0cd48a4a235b014d175aeb11134a454282f 8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c Loading...

	unknown	41 kB	2023-10-16	2024-05-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-16 10:12:24 Last Seen2024-05-19 06:10:26 Times Seen28 Hash 2e92344c94f3e46978e0b742fd8bbeed 9367b902006ad0ce6c6919f915ce830cb976122d 23b1ebe8b71b12ed7e1179861073f7c2c4c08540f7e02f12903a882985466fec Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js	107 kB	2023-07-18	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-05-19 06:10:26 Times Seen53 Hash dcfc1bfa36ecbf0edb4347578df0213d 966e56b53ceaf31fcd49ddc5c8677b8e19d0e700 9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js	1.1 kB	2023-03-10	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-05-19 06:10:26 Times Seen63 Hash 366b5bb7e1a9493a85fb55c1214ac0b3 d9c66739293c205420e5be0de117370dd82ebe45 ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305 Loading...

	162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js	41 kB	2023-03-10	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:27 Last Seen2024-05-19 06:10:26 Times Seen60 Hash afc84a69389601b65eb820a831c9e09b 9532023b8c66eb153cd7f2ee317ca92acef119ac 6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53 Loading...

	162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js	77 kB	2023-10-16	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-16 10:12:24 Last Seen2024-05-19 06:10:26 Times Seen35 Hash 6cd18c91390133d713e9ef1a76c756d5 39ec7e2154a93498c7e3329ba8596622ace81875 7757921d76ef7b642beb94c4034960b3cd66c7956c1b3fd5084dcb3630a68504 Loading...

	162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js	40 kB	2023-07-18	2024-05-19
Pretty URL 162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-05-19 06:10:26 Times Seen55 Hash 8faebed464c1e869bdd211469fae85ab 21f3930da03554989c56e99f1ecd4000232956c7 a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208 Loading...

	162.23.138.8/logon/LogonPoint/custom/script.js	918 B	2023-03-10	2024-05-13
Pretty URL 162.23.138.8/logon/LogonPoint/custom/script.js IP 162.23.138.8 ASN #33845 Swiss Federation represented by FOITT Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:05:02 Last Seen2024-05-13 20:48:17 Times Seen11 Hash b557eea3a4f9eacb9e95725b78eb69b1 66067604811483b9f947e4b38aafaeae33210bf4 99fd16dec5a3b8fb22a04d013f237817d3440cbdb828d7e6a3652d3691cade31 Loading...

HTTP Transactions (38)

URL IP Response Size

ocsp.quovadisglobal.com/

152.195.13.36

1.8 kB

URL
ocsp.quovadisglobal.com/
IP
152.195.13.36:0
ASN
#15133 EDGECAST

File type
data
Size
1.8 kB (1758 bytes)
Hash
3fe12b82927fb728c568d5912cd35fe9
44264e29022bef47040150981c3f64e1f3347c25
3075a9d004eab1d40eb0d110f021c4cb77730d0730d6ecfa38d2f72be65d98d5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.quovadisglobal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 87
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=155519,public,no-transform,must-revalidate
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 22:17:57 GMT
Etag: "44264e29022bef47040150981c3f64e1f3347c25"
Expires: Fri, 10 May 2024 22:17:56 GMT
Last-Modified: Wed, 08 May 2024 22:17:57 GMT
Server: Apache
Content-Length: 1758

162.23.138.8/

162.23.138.8

302 Object Moved

411 B

URL User Request GET HTTP/1.1
162.23.138.8/
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
HTML document, ASCII text, with very long lines (411), with no line terminators
Size
411 B (411 bytes)
Hash
39f029a883aec35cdac4c92d128b32c1
73faf1dead86107d02fede8dd1c3bb4bb1b1304b
5f73f9a65a4dbf45317569c7194c4a1e8d7ede851e79fdca3b2ee8634f5abc3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Object Moved
Location: /logon/LogonPoint/index.html
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_ERRM=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_VPNERR=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Connection: close
Content-Length: 411
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8

162.23.138.8/logon/LogonPoint/index.html

162.23.138.8

200 OK

43 kB

URL User Request GET HTTP/1.1
162.23.138.8/logon/LogonPoint/index.html
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
HTML document, ASCII text
Size
43 kB (42802 bytes)
Hash
31bb581c9472cb009efe1b732d63b09a
8547a8a735f7732b97d8546efcec8d95daf50e9a
b4a2218823858f4893d78e15f04187deae082004d0c7acd3b82c369fe4ba576a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/index.html HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 08 May 2024 22:17:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
ETag: "a732-617387a985777"
Accept-Ranges: bytes
Content-Length: 42802
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=157680000
Cache-Control: no-cache, no-store, must-revalidate, no-cache

162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js

162.23.138.8

200 OK

107 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (906)
Size
107 kB (107023 bytes)
Hash
dcfc1bfa36ecbf0edb4347578df0213d
966e56b53ceaf31fcd49ddc5c8677b8e19d0e700
9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1a20f-617387a953218"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 107023
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js

162.23.138.8

200 OK

6.5 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (535)
Size
6.5 kB (6484 bytes)
Hash
d814db61581469b1933231c758bdffd1
e3b52b5c629d0a183a97a6f02f7d93040e5d233e
0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1954-617387a952466"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 6484
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/init.js

162.23.138.8

200 OK

5.6 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/init.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
ASCII text
Size
5.6 kB (5611 bytes)
Hash
39a9b560daabd32b733da7eeae94cad4
3ad60e2b02749eead4261e50444864e311a86374
a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/init.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "15eb-617387a985c06"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 5611
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js

162.23.138.8

200 OK

34 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/velocity.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (579)
Size
34 kB (34210 bytes)
Hash
1c97a3016754514038cacfb844f0239c
46debfa332ecf1bd4925c64265c47f7258172850
9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/velocity.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "85a2-617387a952881"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 34210
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js

162.23.138.8

200 OK

13 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (624)
Size
13 kB (13400 bytes)
Hash
284cb038482fd3307fb751331514fed0
4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb
147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery-migrate.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3458-617387a951732"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 13400
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js

162.23.138.8

200 OK

133 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/elliptic.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (651)
Size
133 kB (132775 bytes)
Hash
91d8ddebb15dc6f75c37e46ab4fae926
884de83f04661e57cb9d6a9794dfa760613da7fe
e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/elliptic.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "206a7-617387a950e13"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 132775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=94
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js

162.23.138.8

200 OK

46 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/slick.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (615)
Size
46 kB (45454 bytes)
Hash
0c0d7e0b234a2d6fdc1b120ccdadf2e5
ba0be0cc5f984c3681ee13d8320a402783a700c4
d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/slick.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "b18e-617387a952c92"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 45454
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js

162.23.138.8

200 OK

40 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/hammer.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (548)
Size
40 kB (40525 bytes)
Hash
8faebed464c1e869bdd211469fae85ab
21f3930da03554989c56e99f1ecd4000232956c7
a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/hammer.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9e4d-617387a952036"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40525
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js

162.23.138.8

200 OK

1.1 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (517)
Size
1.1 kB (1097 bytes)
Hash
366b5bb7e1a9493a85fb55c1214ac0b3
d9c66739293c205420e5be0de117370dd82ebe45
ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "449-617387a951c1c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 1097
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js

162.23.138.8

200 OK

112 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/ctxs.core.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (618)
Size
112 kB (111584 bytes)
Hash
779f402578bbe4169138f8b9358262df
b6c74875fefc6f64513ce7a5a5213e6318c87448
2dc3999738e2e8279eb5e14ebe383153f09ff35e1d6ba611d92010dd3b65a454

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/ctxs.core.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b3e0-617387a95cb2d"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 111584
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=93
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js

162.23.138.8

200 OK

281 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/ctxs.webui.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (639)
Size
281 kB (280890 bytes)
Hash
57f665baae44d6079e90bbea9826a9e7
1633b0cd48a4a235b014d175aeb11134a454282f
8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/ctxs.webui.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "4493a-617387a95cf4a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 280890
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js

162.23.138.8

200 OK

255 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/external/jquery-ui.min.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (620)
Size
255 kB (255175 bytes)
Hash
41acc8fb6964368646b7af113844b590
02768ceea678666f62869c6d50622a894437f40d
8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery-ui.min.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3e4c7-617387a9512fb"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 255175
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/common/wspinner@2x.gif

162.23.138.8

200 OK

2.2 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/common/wspinner@2x.gif
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
GIF image data, version 89a, 45 x 44
Size
2.2 kB (2223 bytes)
Hash
468ba45616591ff91c90d1fe820a37db
f81ef447026c6e191ce552f95918e8a3b74b0d9a
111ce0995fd5170b4289d22d9bac264ffba149c4eda9377a5403423a22d3b76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/wspinner@2x.gif HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:52 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8af-617387a97e819"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 2223
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=91
Content-Type: image/gif
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css

162.23.138.8

200 OK

80 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
80 kB (79556 bytes)
Hash
104279a2c7f9a1d506532b8e20d52f14
2ed9a5a237aecec8167e12ee3808ded04efecb3a
1bb3451cb39f87b51cd7ca0a5254456d48bf3b24df3a61ba8a0bfb7c2b34bea4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/css/ctxs.large-ui.min.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "136c4-617387a94fff5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 79556
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=90
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/themes/Default/css/theme.css

162.23.138.8

200 OK

19 B

URL GET HTTP/1.1
162.23.138.8/logon/themes/Default/css/theme.css
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
ASCII text
Size
19 B (19 bytes)
Hash
6b3a033634abf38f64d697ac6e4c3693
4a5c88dd85287e9abb9d2d1cc10ccf5aaa989184
333daa0016c8f43fee52866ce762f53717031f88f20312f3be0cfc43665babc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/themes/Default/css/theme.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "13-617387a98b11a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 19
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=99
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/custom/style.css

162.23.138.8

200 OK

738 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/custom/style.css
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
Unicode text, UTF-8 (with BOM) text
Size
738 B (738 bytes)
Hash
8b43abf50741f17d250e5212f97590a8
7c955b0808a979fad799b4d7a59052097f05df12
0ecdfbe22feb58756224e2e3b9f38abeafcf4c491f79cdba6ebb8de52acc044b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/style.css HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "2e2-6177d35d0c13f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 738
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=89
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/common/icon_vpn.ico

162.23.138.8

200 OK

32 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/common/icon_vpn.ico
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel
Size
32 kB (32038 bytes)
Hash
4c2049dad5c78893481fc831c6338274
ceceb457f3d910af15cb548e9fbfe2c1dbca1242
80c297534c925e1973052b72584a929a0b68c988bfcde7c1728ad72fc1f3e039

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/icon_vpn.ico HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "7d26-617387a97cf65"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 32038
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=88
Content-Type: image/x-icon
Strict-Transport-Security: max-age=157680000

162.23.138.8/vpn/media/citrixgateway_logo_white.png

162.23.138.8

200 OK

2.3 kB

URL GET HTTP/1.1
162.23.138.8/vpn/media/citrixgateway_logo_white.png
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
PNG image data, 160 x 25, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2300 bytes)
Hash
cf8821d2fde59a0cb4b911311f9329b4
b53194e82394a33420aa74e0a9c0b71abb590037
4a2cae9a9c5a586f2bd5dc6140e34cac6b18be6b617c602a4a48321452c18c1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vpn/media/citrixgateway_logo_white.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: no-cache
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8fc-616ad56ca1b26"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 22 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2300
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=98
Content-Type: image/png
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/custom/script.js

162.23.138.8

200 OK

921 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/custom/script.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
Unicode text, UTF-8 (with BOM) text
Size
921 B (921 bytes)
Hash
f2f59110ea521b29c2fdc443d6591f2e
e4a00f80ed821e69d9ca5b3e635fe4031574ba9e
31d53110df746be20920919bd72b80408e758a44852d3cf4a3d88e1b7bd5460a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/script.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "399-6177d35d03fb5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 921
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=87
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/1x/actionSprite.png

162.23.138.8

200 OK

2.4 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/1x/actionSprite.png
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
PNG image data, 134 x 19, 8-bit/color RGBA, non-interlaced
Size
2.4 kB (2394 bytes)
Hash
8d38241006b5f1ed2659947adbeee0ce
4505086a3353f5069f25b7bb2558c04de0a7308b
036e7a57f8bb75895d2d35b27913f555589881a2e7cda51f1de01a351425ffba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/1x/actionSprite.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "95a-617387a96189e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 2394
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=97
Content-Type: image/png
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/1x/folder_template.png

162.23.138.8

200 OK

432 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/1x/folder_template.png
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
432 B (432 bytes)
Hash
6cfd22f53c0df5b079178d648e69c5b0
49375ca766aafecbd7c94c9f31f98fe5f41d8462
5886f57d6a5eab166a00523fcc6963edafb009029e3ec6092f6ea79da4cd6ae0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/1x/folder_template.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b0-617387a96320a"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 432
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=86
Content-Type: image/png
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/1x/viewSprite.png

162.23.138.8

200 OK

3.2 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/1x/viewSprite.png
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
PNG image data, 233 x 25, 8-bit/color RGBA, non-interlaced
Size
3.2 kB (3167 bytes)
Hash
ec0047cfaaf281a0a1740025e3b4f852
47e9f205fb2fdb1e36bffe284255287df2f7594b
85d7dde124874210870bb7d3526f56ba3dc4b54ef4572855946f3905233c1455

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/1x/viewSprite.png HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "c5f-617387a969200"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 3167
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Content-Type: image/png
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/Home/Configuration

162.23.138.8

200 OK

2.4 kB

URL POST HTTP/1.1
162.23.138.8/logon/LogonPoint/Home/Configuration
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
XML 1.0 document, ASCII text, with very long lines (2368), with no line terminators
Size
2.4 kB (2368 bytes)
Hash
6c6f01d98135ef4000a733619a7dd6bf
e0ad0f697ffa126f24c0648ac278126aac41b670
f9a8080dff2e0a71fd9d492e0695a9aa8aa6e9d54028faa12a6d719fe272e10a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /logon/LogonPoint/Home/Configuration HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 2368
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web

162.23.138.8/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639

162.23.138.8

200 OK

41 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (599)
Size
41 kB (40910 bytes)
Hash
2e92344c94f3e46978e0b742fd8bbeed
9367b902006ad0ce6c6919f915ce830cb976122d
23b1ebe8b71b12ed7e1179861073f7c2c4c08540f7e02f12903a882985466fec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1715206672639 HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9fce-617387a956b48"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40910
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=85
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/custom/strings.en.js?_=1715206672640

162.23.138.8

200 OK

438 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/custom/strings.en.js?_=1715206672640
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
ASCII text
Size
438 B (438 bytes)
Hash
b2e55add6cd1d9b906d2bbe411aa493c
210d958cd3277c6080a56b40454fd6beb4b1dbe4
a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/strings.en.js?_=1715206672640 HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "1b6-6177d35d04d73"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 438
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=84
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/custom/strings.en.json

162.23.138.8

200 OK

3 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/custom/strings.en.json
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JSON text data
Size
3 B (3 bytes)
Hash
3d29a75fcf0ed7dfff86d3db8f92fc69
dff8a1731f59ccad056b346102d1e1d014b843f3
8eb95bcbc154530931e15fc418c8b1fe991095671409552099ea1aa596999ede

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/strings.en.json HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3-6177d35d0518f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 02 May 2024 19:00:01 GMT
Accept-Ranges: bytes
Content-Length: 3
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=83
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js

162.23.138.8

200 OK

41 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (585)
Size
41 kB (40836 bytes)
Hash
afc84a69389601b65eb820a831c9e09b
9532023b8c66eb153cd7f2ee317ca92acef119ac
6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/nsg-epa.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "9f84-617387a97f067"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 40836
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=82
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js

162.23.138.8

200 OK

77 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (1198)
Size
77 kB (76907 bytes)
Hash
6cd18c91390133d713e9ef1a76c756d5
39ec7e2154a93498c7e3329ba8596622ace81875
7757921d76ef7b642beb94c4034960b3cd66c7956c1b3fd5084dcb3630a68504

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "12c6b-617387a97ec67"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 76907
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js

162.23.138.8

200 OK

34 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (655)
Size
34 kB (34115 bytes)
Hash
3b06060a4ff1650d02857d94a7c26ceb
53c0886aba601323f7ccb2eab3d525669e8334fe
89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "8543-617387a97f461"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 34115
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=81
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=157680000

162.23.138.8/nf/auth/getECdetails

162.23.138.8

200 OK

23 B

URL GET HTTP/1.1
162.23.138.8/nf/auth/getECdetails
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
b55593893095e499798bbb0c2afbf155
3092c810243b2cdec279e3031250e0e7d80d102e
e6ee73b614d8bf5e6f57075e71d261039de73b70f4412d5dfc8a7f8c1bc2a2ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /nf/auth/getECdetails HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 23
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
X-Citrix-Application: Receiver for Web

162.23.138.8/logon/LogonPoint/Resources/List

162.23.138.8

200 OK

22 B

URL POST HTTP/1.1
162.23.138.8/logon/LogonPoint/Resources/List
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JSON text data
Size
22 B (22 bytes)
Hash
ae3728d87216eee1a9989d75738c067a
c1fc6147a0c50642ca93e7a4022b468729a5bba4
da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /logon/LogonPoint/Resources/List HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Content-Length: 35
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22

162.23.138.8/cgi/GetAuthMethods

162.23.138.8

200 OK

139 B

URL POST HTTP/1.1
162.23.138.8/cgi/GetAuthMethods
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
XML 1.0 document, ASCII text, with no line terminators
Size
139 B (139 bytes)
Hash
74f810363f3ad15b31adc643eb4c9f67
7f98380391f751216b92dcab192c7d5fa3901fba
aa5284453b870739714d36ed5ab32bec8921bd0729366f964d80f305ef41251f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi/GetAuthMethods HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Content-Length: 139
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web

162.23.138.8/p/u/getAuthenticationRequirements.do

162.23.138.8

200 OK

1.6 kB

URL POST HTTP/1.1
162.23.138.8/p/u/getAuthenticationRequirements.do
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
XML 1.0 document, ASCII text, with very long lines (1594), with no line terminators
Size
1.6 kB (1594 bytes)
Hash
3adb3377d530c8a717320d4dd0d59870
22469ed9ce43f28bead2b9f25ff96cb224766cbe
c9e42e1859aec164118c31ae07950e8dd64ad7c26668db9c4d1bba4de92339c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /p/u/getAuthenticationRequirements.do HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-AM-CredentialTypes: none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem
X-Citrix-AM-LabelTypes: none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://162.23.138.8
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_ERRM=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: BIT-Webserver
Connection: close
Content-Length: 1594
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web

162.23.138.8/logon/LogonPoint/receiver/images/common/authspinner.gif

162.23.138.8

200 OK

954 B

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/common/authspinner.gif
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
GIF image data, version 89a, 22 x 22
Size
954 B (954 bytes)
Hash
6959bf8fd07a4bdc3e9662728dd43f17
2e598a26facf72188598d671651268e9ac100406
81cf46cd2e1d60f92fd21a4fea68c087f111a0e7f9ea3d81798dff8d9459145b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/authspinner.gif HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "3ba-617387a976afd"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 954
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=95
Content-Type: image/gif
Strict-Transport-Security: max-age=157680000

162.23.138.8/logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg

162.23.138.8

200 OK

51 kB

URL GET HTTP/1.1
162.23.138.8/logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg
IP
162.23.138.8:443
ASN
#33845 Swiss Federation represented by FOITT

Requested by
https://162.23.138.8/logon/LogonPoint/index.html
Certificate
IssuerQuoVadis Limited
Subjectgw.mobile.admin.ch
FingerprintC8:B0:03:67:F6:32:C0:00:30:23:C3:FF:2F:1B:10:70:4A:94:BE:95
ValidityTue, 07 Nov 2023 07:47:01 GMT - Thu, 07 Nov 2024 07:41:00 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 2560x1600, components 3
Size
51 kB (50806 bytes)
Hash
d0265879502bdba1ddd4bd649c976615
8e837cd29ead3501bdfd2a6fcad00adba5f5bb82
17197024d7ccdb50bd23b0e4cfcd38bf818f0c1644795474460bb1b5c95906d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/ReceiverFullScreenBackground.jpg HTTP/1.1
Host: 162.23.138.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Wed, 08 May 2024 22:17:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 190
ETag: "c676-617387a9766dd"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 29 Apr 2024 09:00:02 GMT
Accept-Ranges: bytes
Content-Length: 50806
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=80
Content-Type: image/jpeg
Strict-Transport-Security: max-age=157680000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL