| | 91.240.77.111 | 302 Object Moved | 413 B |
URL User Request GET HTTP/1.1IP91.240.77.111:443
CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeHTML document, ASCII text, with very long lines (413), with no line terminators Hashdd52ea90fb034a7d66a9b071506a72f7 665a5490fdfefd14d1501f7abd790c22631f1a4e b1d0e844f541e5ec6355ecb3469294f6e75707de6eacd06ee830f00df5292fc2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Object Moved
Location: /logon/LogonPoint/tmindex.html
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 413
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
|
|
| 91.240.77.111/logon/LogonPoint/tmindex.html | 91.240.77.111 | 200 OK | 43 kB |
URL User Request GET HTTP/1.191.240.77.111/logon/LogonPoint/tmindex.html IP91.240.77.111:443
CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeHTML document, ASCII text Hashe840c61dfc952028fb741a027d6dd7f0 83e47523220d23b0ec70944268b44272b50d0bbc 67b1f8f2587b729c48be90416a74c0663781fb89ac9fde474bf8e9ce4e43aa7d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/tmindex.html HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: no-cache,no-store,must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "a717-615e42c5e0f73"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 42775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js | 91.240.77.111 | 200 OK | 107 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (906) Size107 kB (107023 bytes) Hashdcfc1bfa36ecbf0edb4347578df0213d 966e56b53ceaf31fcd49ddc5c8677b8e19d0e700 9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "1a20f-615e42c5c6e2c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 107023
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js | 91.240.77.111 | 200 OK | 6.5 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (535) Hashd814db61581469b1933231c758bdffd1 e3b52b5c629d0a183a97a6f02f7d93040e5d233e 0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "1954-615e42c5c7046"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 6484
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js | 91.240.77.111 | 200 OK | 1.1 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (517) Hash366b5bb7e1a9493a85fb55c1214ac0b3 d9c66739293c205420e5be0de117370dd82ebe45 ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "449-615e42c5c727c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 1097
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/init.js | 91.240.77.111 | 200 OK | 5.6 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/init.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hash39a9b560daabd32b733da7eeae94cad4 3ad60e2b02749eead4261e50444864e311a86374 a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/init.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "15eb-615e42c5ddb38"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 5611
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js | 91.240.77.111 | 200 OK | 13 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (624) Hash284cb038482fd3307fb751331514fed0 4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb 147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery-migrate.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "3458-615e42c5c656e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 13400
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js | 91.240.77.111 | 200 OK | 40 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (548) Hash8faebed464c1e869bdd211469fae85ab 21f3930da03554989c56e99f1ecd4000232956c7 a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/hammer.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "9e4d-615e42c5c69dc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40525
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js | 91.240.77.111 | 200 OK | 34 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (579) Hash1c97a3016754514038cacfb844f0239c 46debfa332ecf1bd4925c64265c47f7258172850 9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/velocity.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "85a2-615e42c5c7495"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 34210
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js | 91.240.77.111 | 200 OK | 46 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (615) Hash0c0d7e0b234a2d6fdc1b120ccdadf2e5 ba0be0cc5f984c3681ee13d8320a402783a700c4 d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/slick.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "b18e-615e42c5c67aa"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 45454
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js | 91.240.77.111 | 200 OK | 112 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (618) Size112 kB (111569 bytes) Hashe34c5e500c2fef0e2cac1f57079aa0b5 28d44e041e3a17b92c8080611fa9182669c93ed6 15394a7f4ac063fcd32089d060ba210f46f133e60d1958a5589e61993d78482f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/ctxs.core.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "1b3d1-615e42c5c7b36"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 111569
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js | 91.240.77.111 | 200 OK | 133 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (651) Size133 kB (132775 bytes) Hash91d8ddebb15dc6f75c37e46ab4fae926 884de83f04661e57cb9d6a9794dfa760613da7fe e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/elliptic.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "206a7-615e42c5c6bfc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 132775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js | 91.240.77.111 | 200 OK | 255 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (620) Size255 kB (255175 bytes) Hash41acc8fb6964368646b7af113844b590 02768ceea678666f62869c6d50622a894437f40d 8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/external/jquery-ui.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "3e4c7-615e42c5c76c5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 255175
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/images/common/wspinner@2x.gif | 91.240.77.111 | 200 OK | 2.2 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/images/common/wspinner@2x.gif IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeGIF image data, version 89a, 45 x 44 Hash468ba45616591ff91c90d1fe820a37db f81ef447026c6e191ce552f95918e8a3b74b0d9a 111ce0995fd5170b4289d22d9bac264ffba149c4eda9377a5403423a22d3b76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/wspinner@2x.gif HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "8af-615e42c5c96db"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2223
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Content-Type: image/gif
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/themes/Default/css/theme.css | 91.240.77.111 | 200 OK | 2.6 kB |
URL GET HTTP/1.191.240.77.111/logon/themes/Default/css/theme.css IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashf5894203fd2f83a5c4ba0a9f8036bb22 b16769300687ecafc5ae29536679d1a8eb864181 5b4129febe80dc9ca1dc2fa3cf31e1debab091597ad5a065524aa526528f3649
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/themes/Default/css/theme.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "a0f-614d71d3c7db4"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2575
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=95
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/custom/style.css | 91.240.77.111 | 200 OK | 0 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/custom/style.css IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/style.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "0-614d71d3c8ddb"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 0
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=94
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js | 91.240.77.111 | 200 OK | 281 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (639) Size281 kB (280890 bytes) Hash57f665baae44d6079e90bbea9826a9e7 1633b0cd48a4a235b014d175aeb11134a454282f 8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/ctxs.webui.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "4493a-615e42c5c78fc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 280890
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css | 91.240.77.111 | 200 OK | 80 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash104279a2c7f9a1d506532b8e20d52f14 2ed9a5a237aecec8167e12ee3808ded04efecb3a 1bb3451cb39f87b51cd7ca0a5254456d48bf3b24df3a61ba8a0bfb7c2b34bea4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/css/ctxs.large-ui.min.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "136c4-615e42c5da6dc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 79556
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=94
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/themes/Default/custom_media/corporatelogo.png | 91.240.77.111 | 200 OK | 5.6 kB |
URL GET HTTP/1.191.240.77.111/logon/themes/Default/custom_media/corporatelogo.png IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typePNG image data, 301 x 82, 8-bit colormap, non-interlaced Hashd4042f91e0ce65b3d9a7befee413d12c a5fc7f8d02a25c3cdce42b15a243c94e832b88b4 4bc3cbb875767f630811f31de36688fee61a6a550efad5e247f8c5c407415f3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/themes/Default/custom_media/corporatelogo.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "15df-614d71d3c8471"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 5599
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/themes/Default/custom_media/corporatelogo_header.png | 91.240.77.111 | 200 OK | 11 kB |
URL GET HTTP/1.191.240.77.111/logon/themes/Default/custom_media/corporatelogo_header.png IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typePNG image data, 191 x 52, 8-bit/color RGBA, non-interlaced Hash6f91583c0f7d5e1ad6744fa6515f749a c33d04bf81ffe846d3636ab898fd54d268a6e993 7d852da0d4c02d40e19115ac0701a78d22a408903c0892d3e34b23b0be571e76
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/themes/Default/custom_media/corporatelogo_header.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "2b6a-614d71d3c823f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 11114
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/custom/script.js | 91.240.77.111 | 200 OK | 0 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/custom/script.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/script.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "0-614d71d3c8bb9"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 0
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/none | 91.240.77.111 | 404 Not Found | 196 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/none IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeHTML document, ASCII text Hash62962daa1b19bbcc2db10b7bfd531ea6 d64bae91091eda6a7532ebec06aa70893b79e1f8 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/none HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 23 Apr 2024 22:18:42 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 196
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/Home/Configuration | 91.240.77.111 | 200 OK | 2.5 kB |
URL POST HTTP/1.191.240.77.111/logon/LogonPoint/Home/Configuration IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeXML 1.0 document, ASCII text, with very long lines (357) Hash89006cba0cd6b8c4ba0b90323286e6a9 735e5d93929a9fa472adc00779dd3983a515ce88 4df2b93a17bdd552b7fad83003ed1f8883222dbc62038613022e451396e9a41c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /logon/LogonPoint/Home/Configuration HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 22:18:42 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
ETag: "89a-614d71d3c896e"
Accept-Ranges: bytes
Content-Length: 2509
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=0 must-revalidate
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Content-Type: application/xml; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495 | 91.240.77.111 | 200 OK | 41 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495 IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (599) Hash2169acc2c6e0a6c13ba6043e84e9703e a6f0da3e97e4f75c40ff2671132f8b809d521ff3 678de6e0662f61dddde41670c4d0b36ec4d0edbf0bbcf184f2d6b65247fccbf5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495 HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "9fbf-615e42c5c5540"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40895
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/custom/strings.en.js?_=1713910722496 | 91.240.77.111 | 200 OK | 438 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/custom/strings.en.js?_=1713910722496 IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashb2e55add6cd1d9b906d2bbe411aa493c 210d958cd3277c6080a56b40454fd6beb4b1dbe4 a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/strings.en.js?_=1713910722496 HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "1b6-614d71d3c208c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 438
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/themes/Default/custom_media/portal_concrete_bg2.jpg | 91.240.77.111 | 200 OK | 276 kB |
URL GET HTTP/1.191.240.77.111/logon/themes/Default/custom_media/portal_concrete_bg2.jpg IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3 Size276 kB (275824 bytes) Hashecadd050494cacd3907762cd514b7945 46e44ad060d5ca0021ff3ca7f7adc01c9b0fb474 8aab3074794c3885710cd39443ee5b5f573a0056b8b5c4899341572d1c07f328
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/themes/Default/custom_media/portal_concrete_bg2.jpg HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "43570-614d71d3c868e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 275824
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/jpeg
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/custom/strings.en.json | 91.240.77.111 | 200 OK | 202 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/custom/strings.en.json IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hash9ad385a4d23037cec158d5be1dd52740 18f6f325a2d2c39ec4baf72af0633a31ad80b62d 1a06ff7faec58c34ff74a5753ad7b997c0d623f72dd83ebe3d6b6639bf431459
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/custom/strings.en.json HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "ca-614d71d3c94d2"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 202
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=91
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/receiver/images/common/icon_vpn.ico | 91.240.77.111 | 200 OK | 32 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/images/common/icon_vpn.ico IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeMS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel Hash4c2049dad5c78893481fc831c6338274 ceceb457f3d910af15cb548e9fbfe2c1dbca1242 80c297534c925e1973052b72584a929a0b68c988bfcde7c1728ad72fc1f3e039
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/icon_vpn.ico HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "7d26-615e42c5c94a7"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 32038
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: image/x-icon
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js | 91.240.77.111 | 200 OK | 34 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (655) Hash3b06060a4ff1650d02857d94a7c26ceb 53c0886aba601323f7ccb2eab3d525669e8334fe 89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "8543-615e42c5dce29"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 34115
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js | 91.240.77.111 | 200 OK | 41 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (585) Hashafc84a69389601b65eb820a831c9e09b 9532023b8c66eb153cd7f2ee317ca92acef119ac 6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/nsg-epa.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "9f84-615e42c5dd498"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40836
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=89
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/cgi/Resources/List | 91.240.77.111 | 200 OK | 22 B |
URL GET HTTP/1.191.240.77.111/cgi/Resources/List IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashae3728d87216eee1a9989d75738c067a c1fc6147a0c50642ca93e7a4022b468729a5bba4 da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cgi/Resources/List HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js | 91.240.77.111 | 200 OK | 77 kB |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeJavaScript source, ASCII text, with very long lines (1198) Hash8cb4bbbea25bef5de4cf98722345d111 34e9475ee1557e08605ec1eebfbda274b77551f4 e579fe5af39cb4ee693675f6f15c1ca7f4086e7e488399ae1d1dae3d258eb7ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "12c52-615e42c5dd27c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 76882
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=94
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/vpn/media/citrixgateway_logo_white.png | 91.240.77.111 | 200 OK | 2.3 kB |
URL GET HTTP/1.191.240.77.111/vpn/media/citrixgateway_logo_white.png IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typePNG image data, 160 x 25, 8-bit/color RGBA, non-interlaced Hashcf8821d2fde59a0cb4b911311f9329b4 b53194e82394a33420aa74e0a9c0b71abb590037 4a2cae9a9c5a586f2bd5dc6140e34cac6b18be6b617c602a4a48321452c18c1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /vpn/media/citrixgateway_logo_white.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: no-cache
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "8fc-614f39cd8c794"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 31 Mar 2024 12:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2300
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/logon/LogonPoint/Resources/List | 91.240.77.111 | 200 OK | 22 B |
URL POST HTTP/1.191.240.77.111/logon/LogonPoint/Resources/List IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashae3728d87216eee1a9989d75738c067a c1fc6147a0c50642ca93e7a4022b468729a5bba4 da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /logon/LogonPoint/Resources/List HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Content-Length: 35
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|
| 91.240.77.111/nf/auth/getECdetails | 91.240.77.111 | 200 OK | 23 B |
URL GET HTTP/1.191.240.77.111/nf/auth/getECdetails IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
Hashb55593893095e499798bbb0c2afbf155 3092c810243b2cdec279e3031250e0e7d80d102e e6ee73b614d8bf5e6f57075e71d261039de73b70f4412d5dfc8a7f8c1bc2a2ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /nf/auth/getECdetails HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 23
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 91.240.77.111/cgi/GetAuthMethods | 91.240.77.111 | 200 OK | 143 B |
URL POST HTTP/1.191.240.77.111/cgi/GetAuthMethods IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeXML 1.0 document, ASCII text, with no line terminators Hasha0521c6a71c98ac61e84541a432b75d8 bfe01c7e974b53534f4c9ea717a3b27176bdc731 f358a4d0754631f9027d06c4f9d6511e999c6913028f113c78b0af4d7238eb00
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cgi/GetAuthMethods HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 143
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 91.240.77.111/nf/auth/getAuthenticationRequirements.do | 91.240.77.111 | 200 OK | 1.9 kB |
URL POST HTTP/1.191.240.77.111/nf/auth/getAuthenticationRequirements.do IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeXML 1.0 document, ASCII text Hash8bd5401253d13730f7cf569046ffb863 a218e8ce3f3eb51c88789dee5de06610b7e2c3f8 f33da05bd43b46dcb05015b01e484eeb6f7723da6ce2b65f310c354e1187b284
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /nf/auth/getAuthenticationRequirements.do HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-AM-CredentialTypes: none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp
X-Citrix-AM-LabelTypes: none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
pwcount=0;Secure;HttpOnly;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 1897
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web
|
|
| 91.240.77.111/logon/LogonPoint/receiver/images/common/authspinner.gif | 91.240.77.111 | 200 OK | 954 B |
URL GET HTTP/1.191.240.77.111/logon/LogonPoint/receiver/images/common/authspinner.gif IP91.240.77.111:443
Requested byhttps://91.240.77.111/logon/LogonPoint/tmindex.html CertificateIssuerGlobalSign nv-sa Subject*.hornbach.com FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0 ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT
File typeGIF image data, version 89a, 22 x 22 Hash6959bf8fd07a4bdc3e9662728dd43f17 2e598a26facf72188598d671651268e9ac100406 81cf46cd2e1d60f92fd21a4fea68c087f111a0e7f9ea3d81798dff8d9459145b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logon/LogonPoint/receiver/images/common/authspinner.gif HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 92
ETag: "3ba-615e42c5c9d65"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 954
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=92
Content-Type: image/gif
Strict-Transport-Security: max-age=31536000; includeSubDomains
|
|