Report - 91.240.77.111/

Report Overview

Submitted URL
91.240.77.111/
IP
91.240.77.111
ASN
#21473 PFALZKOM GmbH
Submitted
2024-04-23 22:19:08
Access
public
Website Title
NetScaler Gateway
Final URL
91.240.77.111/logon/LogonPoint/tmindex.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
91.240.77.111	unknown	unknown	No data	No data	18 kB	1.7 MB	91.240.77.111

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed
2024-04-23	medium	91.240.77.111	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js	6.5 kB	2023-03-10	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:27 Last Seen2024-04-30 13:11:57 Times Seen56 Hash d814db61581469b1933231c758bdffd1 e3b52b5c629d0a183a97a6f02f7d93040e5d233e 0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js	112 kB	2023-04-11	2024-04-24
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 23:39:17 Last Seen2024-04-24 00:19:15 Times Seen16 Hash e34c5e500c2fef0e2cac1f57079aa0b5 28d44e041e3a17b92c8080611fa9182669c93ed6 15394a7f4ac063fcd32089d060ba210f46f133e60d1958a5589e61993d78482f Loading...

	unknown	41 kB	2023-03-12	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:28:31 Last Seen2024-04-24 00:19:15 Times Seen25 Hash 2169acc2c6e0a6c13ba6043e84e9703e a6f0da3e97e4f75c40ff2671132f8b809d521ff3 678de6e0662f61dddde41670c4d0b36ec4d0edbf0bbcf184f2d6b65247fccbf5 Loading...

	unknown	438 B	2023-03-10	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-04-24 00:19:15 Times Seen46 Hash b2e55add6cd1d9b906d2bbe411aa493c 210d958cd3277c6080a56b40454fd6beb4b1dbe4 a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js	107 kB	2023-07-18	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-04-30 13:11:57 Times Seen48 Hash dcfc1bfa36ecbf0edb4347578df0213d 966e56b53ceaf31fcd49ddc5c8677b8e19d0e700 9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js	13 kB	2023-07-18	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-04-30 13:11:57 Times Seen48 Hash 284cb038482fd3307fb751331514fed0 4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb 147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4 Loading...

	91.240.77.111/logon/LogonPoint/custom/script.js	0 B	2023-03-07	2024-05-03
Pretty URL 91.240.77.111/logon/LogonPoint/custom/script.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-03 17:30:29 Times Seen37309200 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	91.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js	34 kB	2023-03-10	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-04-30 13:11:57 Times Seen56 Hash 3b06060a4ff1650d02857d94a7c26ceb 53c0886aba601323f7ccb2eab3d525669e8334fe 89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js	40 kB	2023-07-18	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-04-30 13:11:57 Times Seen48 Hash 8faebed464c1e869bdd211469fae85ab 21f3930da03554989c56e99f1ecd4000232956c7 a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js	34 kB	2023-03-10	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-04-30 13:11:57 Times Seen56 Hash 1c97a3016754514038cacfb844f0239c 46debfa332ecf1bd4925c64265c47f7258172850 9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js	46 kB	2023-07-18	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-04-30 13:11:57 Times Seen48 Hash 0c0d7e0b234a2d6fdc1b120ccdadf2e5 ba0be0cc5f984c3681ee13d8320a402783a700c4 d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js	255 kB	2023-07-18	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 20:03:26 Last Seen2024-04-30 13:11:57 Times Seen48 Hash 41acc8fb6964368646b7af113844b590 02768ceea678666f62869c6d50622a894437f40d 8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js	1.1 kB	2023-03-10	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:26 Last Seen2024-04-30 13:11:57 Times Seen56 Hash 366b5bb7e1a9493a85fb55c1214ac0b3 d9c66739293c205420e5be0de117370dd82ebe45 ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305 Loading...

	91.240.77.111/logon/LogonPoint/init.js	5.6 kB	2023-03-12	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/init.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:28:31 Last Seen2024-04-30 13:11:57 Times Seen55 Hash 39a9b560daabd32b733da7eeae94cad4 3ad60e2b02749eead4261e50444864e311a86374 a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2 Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js	133 kB	2023-03-12	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:08:49 Last Seen2024-04-30 13:11:57 Times Seen56 Hash 91d8ddebb15dc6f75c37e46ab4fae926 884de83f04661e57cb9d6a9794dfa760613da7fe e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f Loading...

	91.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js	281 kB	2023-07-26	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-26 19:42:03 Last Seen2024-04-30 13:11:57 Times Seen42 Hash 57f665baae44d6079e90bbea9826a9e7 1633b0cd48a4a235b014d175aeb11134a454282f 8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c Loading...

	91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js	41 kB	2023-03-10	2024-04-30
Pretty URL 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:47:27 Last Seen2024-04-30 13:11:57 Times Seen53 Hash afc84a69389601b65eb820a831c9e09b 9532023b8c66eb153cd7f2ee317ca92acef119ac 6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53 Loading...

	91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js	77 kB	2023-04-11	2024-04-24
Pretty URL 91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js IP 91.240.77.111 ASN #21473 PFALZKOM GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 23:39:17 Last Seen2024-04-24 00:19:15 Times Seen24 Hash 8cb4bbbea25bef5de4cf98722345d111 34e9475ee1557e08605ec1eebfbda274b77551f4 e579fe5af39cb4ee693675f6f15c1ca7f4086e7e488399ae1d1dae3d258eb7ba Loading...

HTTP Transactions (38)

URL IP Response Size

91.240.77.111/

91.240.77.111

302 Object Moved

413 B

URL User Request GET HTTP/1.1
91.240.77.111/
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
HTML document, ASCII text, with very long lines (413), with no line terminators
Size
413 B (413 bytes)
Hash
dd52ea90fb034a7d66a9b071506a72f7
665a5490fdfefd14d1501f7abd790c22631f1a4e
b1d0e844f541e5ec6355ecb3469294f6e75707de6eacd06ee830f00df5292fc2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Object Moved
Location: /logon/LogonPoint/tmindex.html
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Connection: close
Content-Length: 413
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8

91.240.77.111/logon/LogonPoint/tmindex.html

91.240.77.111

200 OK

43 kB

URL User Request GET HTTP/1.1
91.240.77.111/logon/LogonPoint/tmindex.html
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
HTML document, ASCII text
Size
43 kB (42775 bytes)
Hash
e840c61dfc952028fb741a027d6dd7f0
83e47523220d23b0ec70944268b44272b50d0bbc
67b1f8f2587b729c48be90416a74c0663781fb89ac9fde474bf8e9ce4e43aa7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/tmindex.html HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: no-cache,no-store,must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "a717-615e42c5e0f73"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 42775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js

91.240.77.111

200 OK

107 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (906)
Size
107 kB (107023 bytes)
Hash
dcfc1bfa36ecbf0edb4347578df0213d
966e56b53ceaf31fcd49ddc5c8677b8e19d0e700
9f66041552fa9ec57c7c76b095370a14d92d237e1720f20596c312cfc678c524

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "1a20f-615e42c5c6e2c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 107023
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js

91.240.77.111

200 OK

6.5 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (535)
Size
6.5 kB (6484 bytes)
Hash
d814db61581469b1933231c758bdffd1
e3b52b5c629d0a183a97a6f02f7d93040e5d233e
0ccc391385db07d263046d352e64c23fb5721461637a83ef097f975b409e6d60

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.dotdotdot.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "1954-615e42c5c7046"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 6484
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js

91.240.77.111

200 OK

1.1 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (517)
Size
1.1 kB (1097 bytes)
Hash
366b5bb7e1a9493a85fb55c1214ac0b3
d9c66739293c205420e5be0de117370dd82ebe45
ba4e6af952ad38ed336e34950ac7dd236db7238c315418431a53263a84760305

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery.ui.touch-punch.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "449-615e42c5c727c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 1097
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/init.js

91.240.77.111

200 OK

5.6 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/init.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
ASCII text
Size
5.6 kB (5611 bytes)
Hash
39a9b560daabd32b733da7eeae94cad4
3ad60e2b02749eead4261e50444864e311a86374
a42b4220400976f3e566825d5fed960f8ffc0659334eb51e902c6ead5e22b9d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/init.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "15eb-615e42c5ddb38"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 5611
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js

91.240.77.111

200 OK

13 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-migrate.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (624)
Size
13 kB (13400 bytes)
Hash
284cb038482fd3307fb751331514fed0
4d84077bcb62e2cc3ef7acbca05d8e96203aa0eb
147be0e23c11b020ddfabeeff3163d4187f19785e5d5e1fc63fb62705a55edd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery-migrate.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "3458-615e42c5c656e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 13400
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=100
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js

91.240.77.111

200 OK

40 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/hammer.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (548)
Size
40 kB (40525 bytes)
Hash
8faebed464c1e869bdd211469fae85ab
21f3930da03554989c56e99f1ecd4000232956c7
a362dd8024a2d785c91515592a6c31317ff7d96c48fca13d5fd6e1758239b208

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/hammer.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "9e4d-615e42c5c69dc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40525
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js

91.240.77.111

200 OK

34 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/velocity.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (579)
Size
34 kB (34210 bytes)
Hash
1c97a3016754514038cacfb844f0239c
46debfa332ecf1bd4925c64265c47f7258172850
9bbbee2c65b74a02eede62ca5a340a0b873e50282dc26db4aeb3a6a587cc1d95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/velocity.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "85a2-615e42c5c7495"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 34210
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=99
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js

91.240.77.111

200 OK

46 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/slick.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (615)
Size
46 kB (45454 bytes)
Hash
0c0d7e0b234a2d6fdc1b120ccdadf2e5
ba0be0cc5f984c3681ee13d8320a402783a700c4
d7d2cca4989b1f4201d186a8d4208a8c6cc04760849e53951c6e4f89ec7d803b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/slick.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "b18e-615e42c5c67aa"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 45454
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js

91.240.77.111

200 OK

112 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/ctxs.core.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (618)
Size
112 kB (111569 bytes)
Hash
e34c5e500c2fef0e2cac1f57079aa0b5
28d44e041e3a17b92c8080611fa9182669c93ed6
15394a7f4ac063fcd32089d060ba210f46f133e60d1958a5589e61993d78482f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/ctxs.core.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "1b3d1-615e42c5c7b36"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 111569
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js

91.240.77.111

200 OK

133 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/elliptic.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (651)
Size
133 kB (132775 bytes)
Hash
91d8ddebb15dc6f75c37e46ab4fae926
884de83f04661e57cb9d6a9794dfa760613da7fe
e641716d3c8723716d19c048160365ff2b843136fe3477b27bdc4399d212e49f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/elliptic.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "206a7-615e42c5c6bfc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 132775
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js

91.240.77.111

200 OK

255 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/external/jquery-ui.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (620)
Size
255 kB (255175 bytes)
Hash
41acc8fb6964368646b7af113844b590
02768ceea678666f62869c6d50622a894437f40d
8e46f1bbfd0bc7d36cba20c371d22de8f90a7df907a28a53c293c78819083d4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/external/jquery-ui.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "3e4c7-615e42c5c76c5"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 255175
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=97
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/images/common/wspinner@2x.gif

91.240.77.111

200 OK

2.2 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/images/common/wspinner@2x.gif
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
GIF image data, version 89a, 45 x 44
Size
2.2 kB (2223 bytes)
Hash
468ba45616591ff91c90d1fe820a37db
f81ef447026c6e191ce552f95918e8a3b74b0d9a
111ce0995fd5170b4289d22d9bac264ffba149c4eda9377a5403423a22d3b76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/wspinner@2x.gif HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "8af-615e42c5c96db"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2223
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=96
Content-Type: image/gif
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/themes/Default/css/theme.css

91.240.77.111

200 OK

2.6 kB

URL GET HTTP/1.1
91.240.77.111/logon/themes/Default/css/theme.css
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
Unicode text, UTF-8 text
Size
2.6 kB (2575 bytes)
Hash
f5894203fd2f83a5c4ba0a9f8036bb22
b16769300687ecafc5ae29536679d1a8eb864181
5b4129febe80dc9ca1dc2fa3cf31e1debab091597ad5a065524aa526528f3649

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/themes/Default/css/theme.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "a0f-614d71d3c7db4"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2575
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=95
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/custom/style.css

91.240.77.111

200 OK

0 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/custom/style.css
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/style.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "0-614d71d3c8ddb"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 0
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=94
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js

91.240.77.111

200 OK

281 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/ctxs.webui.min.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (639)
Size
281 kB (280890 bytes)
Hash
57f665baae44d6079e90bbea9826a9e7
1633b0cd48a4a235b014d175aeb11134a454282f
8eb396c54d6b58fccbca19d9533259aac400f0575ac6a93b92382b5acb6db51c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/ctxs.webui.min.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "4493a-615e42c5c78fc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 280890
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css

91.240.77.111

200 OK

80 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/css/ctxs.large-ui.min.css
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
80 kB (79556 bytes)
Hash
104279a2c7f9a1d506532b8e20d52f14
2ed9a5a237aecec8167e12ee3808ded04efecb3a
1bb3451cb39f87b51cd7ca0a5254456d48bf3b24df3a61ba8a0bfb7c2b34bea4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/css/ctxs.large-ui.min.css HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "136c4-615e42c5da6dc"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 79556
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/css; charset=utf-8
Keep-Alive: timeout=15, max=94
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/themes/Default/custom_media/corporatelogo.png

91.240.77.111

200 OK

5.6 kB

URL GET HTTP/1.1
91.240.77.111/logon/themes/Default/custom_media/corporatelogo.png
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
PNG image data, 301 x 82, 8-bit colormap, non-interlaced
Size
5.6 kB (5599 bytes)
Hash
d4042f91e0ce65b3d9a7befee413d12c
a5fc7f8d02a25c3cdce42b15a243c94e832b88b4
4bc3cbb875767f630811f31de36688fee61a6a550efad5e247f8c5c407415f3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/themes/Default/custom_media/corporatelogo.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "15df-614d71d3c8471"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 5599
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=99
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/themes/Default/custom_media/corporatelogo_header.png

91.240.77.111

200 OK

11 kB

URL GET HTTP/1.1
91.240.77.111/logon/themes/Default/custom_media/corporatelogo_header.png
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
PNG image data, 191 x 52, 8-bit/color RGBA, non-interlaced
Size
11 kB (11114 bytes)
Hash
6f91583c0f7d5e1ad6744fa6515f749a
c33d04bf81ffe846d3636ab898fd54d268a6e993
7d852da0d4c02d40e19115ac0701a78d22a408903c0892d3e34b23b0be571e76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/themes/Default/custom_media/corporatelogo_header.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "2b6a-614d71d3c823f"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 11114
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/custom/script.js

91.240.77.111

200 OK

0 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/custom/script.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/script.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "0-614d71d3c8bb9"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 0
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=98
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/none

91.240.77.111

404 Not Found

196 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/none
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/none HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 23 Apr 2024 22:18:42 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 196
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/Home/Configuration

91.240.77.111

200 OK

2.5 kB

URL POST HTTP/1.1
91.240.77.111/logon/LogonPoint/Home/Configuration
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
XML 1.0 document, ASCII text, with very long lines (357)
Size
2.5 kB (2509 bytes)
Hash
89006cba0cd6b8c4ba0b90323286e6a9
735e5d93929a9fa472adc00779dd3983a515ce88
4df2b93a17bdd552b7fad83003ed1f8883222dbc62038613022e451396e9a41c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /logon/LogonPoint/Home/Configuration HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Date: Tue, 23 Apr 2024 22:18:42 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
ETag: "89a-614d71d3c896e"
Accept-Ranges: bytes
Content-Length: 2509
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=0 must-revalidate
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Content-Type: application/xml; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495

91.240.77.111

200 OK

41 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (599)
Size
41 kB (40895 bytes)
Hash
2169acc2c6e0a6c13ba6043e84e9703e
a6f0da3e97e4f75c40ff2671132f8b809d521ff3
678de6e0662f61dddde41670c4d0b36ec4d0edbf0bbcf184f2d6b65247fccbf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/js/localization/en/ctxs.strings.js?_=1713910722495 HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "9fbf-615e42c5c5540"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40895
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=95
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/custom/strings.en.js?_=1713910722496

91.240.77.111

200 OK

438 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/custom/strings.en.js?_=1713910722496
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
ASCII text
Size
438 B (438 bytes)
Hash
b2e55add6cd1d9b906d2bbe411aa493c
210d958cd3277c6080a56b40454fd6beb4b1dbe4
a5366bdf12ecdd7ff4c87d34ec238717b0c1864598ace0fbd94a5f73f151060f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/strings.en.js?_=1713910722496 HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "1b6-614d71d3c208c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 438
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/themes/Default/custom_media/portal_concrete_bg2.jpg

91.240.77.111

200 OK

276 kB

URL GET HTTP/1.1
91.240.77.111/logon/themes/Default/custom_media/portal_concrete_bg2.jpg
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3840x2160, components 3
Size
276 kB (275824 bytes)
Hash
ecadd050494cacd3907762cd514b7945
46e44ad060d5ca0021ff3ca7f7adc01c9b0fb474
8aab3074794c3885710cd39443ee5b5f573a0056b8b5c4899341572d1c07f328

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/themes/Default/custom_media/portal_concrete_bg2.jpg HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:42 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "43570-614d71d3c868e"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 275824
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/jpeg
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/custom/strings.en.json

91.240.77.111

200 OK

202 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/custom/strings.en.json
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JSON text data
Size
202 B (202 bytes)
Hash
9ad385a4d23037cec158d5be1dd52740
18f6f325a2d2c39ec4baf72af0633a31ad80b62d
1a06ff7faec58c34ff74a5753ad7b997c0d623f72dd83ebe3d6b6639bf431459

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/custom/strings.en.json HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "ca-614d71d3c94d2"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 30 Mar 2024 02:00:01 GMT
Accept-Ranges: bytes
Content-Length: 202
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=91
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/receiver/images/common/icon_vpn.ico

91.240.77.111

200 OK

32 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/images/common/icon_vpn.ico
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel
Size
32 kB (32038 bytes)
Hash
4c2049dad5c78893481fc831c6338274
ceceb457f3d910af15cb548e9fbfe2c1dbca1242
80c297534c925e1973052b72584a929a0b68c988bfcde7c1728ad72fc1f3e039

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/icon_vpn.ico HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "7d26-615e42c5c94a7"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 32038
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: image/x-icon
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js

91.240.77.111

200 OK

34 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (655)
Size
34 kB (34115 bytes)
Hash
3b06060a4ff1650d02857d94a7c26ceb
53c0886aba601323f7ccb2eab3d525669e8334fe
89c27815e30a1985b69cc95ceb1bca625caca7e1aaa12870888fd24ca448b1c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/ns-nfactor.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "8543-615e42c5dce29"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 34115
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=92
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js

91.240.77.111

200 OK

41 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-epa.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (585)
Size
41 kB (40836 bytes)
Hash
afc84a69389601b65eb820a831c9e09b
9532023b8c66eb153cd7f2ee317ca92acef119ac
6ff20366d4448e0345c822145e061c2ec774438e532118e4d9c69b647bca5a53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/nsg-epa.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "9f84-615e42c5dd498"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 40836
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=89
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/cgi/Resources/List

91.240.77.111

200 OK

22 B

URL GET HTTP/1.1
91.240.77.111/cgi/Resources/List
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JSON text data
Size
22 B (22 bytes)
Hash
ae3728d87216eee1a9989d75738c067a
c1fc6147a0c50642ca93e7a4022b468729a5bba4
da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi/Resources/List HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js

91.240.77.111

200 OK

77 kB

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1198)
Size
77 kB (76882 bytes)
Hash
8cb4bbbea25bef5de4cf98722345d111
34e9475ee1557e08605ec1eebfbda274b77551f4
e579fe5af39cb4ee693675f6f15c1ca7f4086e7e488399ae1d1dae3d258eb7ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/plugins/ns-gateway/nsg-setclient.js HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: max-age=0 must-revalidate
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "12c52-615e42c5dd27c"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 76882
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Citrix-Application: Receiver for Web
Keep-Alive: timeout=15, max=94
Content-Type: application/javascript; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/vpn/media/citrixgateway_logo_white.png

91.240.77.111

200 OK

2.3 kB

URL GET HTTP/1.1
91.240.77.111/vpn/media/citrixgateway_logo_white.png
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
PNG image data, 160 x 25, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2300 bytes)
Hash
cf8821d2fde59a0cb4b911311f9329b4
b53194e82394a33420aa74e0a9c0b71abb590037
4a2cae9a9c5a586f2bd5dc6140e34cac6b18be6b617c602a4a48321452c18c1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vpn/media/citrixgateway_logo_white.png HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Cache-Control: no-cache
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "8fc-614f39cd8c794"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 31 Mar 2024 12:00:01 GMT
Accept-Ranges: bytes
Content-Length: 2300
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=93
Content-Type: image/png
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/logon/LogonPoint/Resources/List

91.240.77.111

200 OK

22 B

URL POST HTTP/1.1
91.240.77.111/logon/LogonPoint/Resources/List
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JSON text data
Size
22 B (22 bytes)
Hash
ae3728d87216eee1a9989d75738c067a
c1fc6147a0c50642ca93e7a4022b468729a5bba4
da38e4f7d8d357e2c820a08d4874c9b9882fbd315f075d8ce710278f18a52fb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /logon/LogonPoint/Resources/List HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Content-Length: 35
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
X-Citrix-Application: Receiver for Web
CitrixWebReceiver-Authenticate: reason="notoken", location="/cgi/GetAuthMethods"
Content-Length: 22
Strict-Transport-Security: max-age=31536000; includeSubDomains

91.240.77.111/nf/auth/getECdetails

91.240.77.111

200 OK

23 B

URL GET HTTP/1.1
91.240.77.111/nf/auth/getECdetails
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
b55593893095e499798bbb0c2afbf155
3092c810243b2cdec279e3031250e0e7d80d102e
e6ee73b614d8bf5e6f57075e71d261039de73b70f4412d5dfc8a7f8c1bc2a2ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /nf/auth/getECdetails HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 23
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/json; charset=utf-8
X-Citrix-Application: Receiver for Web

91.240.77.111/cgi/GetAuthMethods

91.240.77.111

200 OK

143 B

URL POST HTTP/1.1
91.240.77.111/cgi/GetAuthMethods
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
XML 1.0 document, ASCII text, with no line terminators
Size
143 B (143 bytes)
Hash
a0521c6a71c98ac61e84541a432b75d8
bfe01c7e974b53534f4c9ea717a3b27176bdc731
f358a4d0754631f9027d06c4f9d6511e999c6913028f113c78b0af4d7238eb00

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cgi/GetAuthMethods HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 143
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web

91.240.77.111/nf/auth/getAuthenticationRequirements.do

91.240.77.111

200 OK

1.9 kB

URL POST HTTP/1.1
91.240.77.111/nf/auth/getAuthenticationRequirements.do
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
XML 1.0 document, ASCII text
Size
1.9 kB (1897 bytes)
Hash
8bd5401253d13730f7cf569046ffb863
a218e8ce3f3eb51c88789dee5de06610b7e2c3f8
f33da05bd43b46dcb05015b01e484eeb6f7723da6ce2b65f310c354e1187b284

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /nf/auth/getAuthenticationRequirements.do HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/xml, text/xml, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Citrix-AM-CredentialTypes: none, username, domain, password, newpassword, passcode, savecredentials, textcredential, webview, negotiate, nsg_push, nsg_push_otp, nf_sspr_rem, nsg-epa, nsg-x1, nsg-setclient, nsg-eula, nsg-tlogin, nsg-fullvpn, nsg-hidden, nsg-auth-failure, nsg-auth-success, nsg-epa-success, nsg-l20n, GoBack, nf-recaptcha, ns-dialogue, nf-gw-test, nf-poll, nsg_qrcode, nsg_manageotp
X-Citrix-AM-LabelTypes: none, plain, heading, information, warning, error, confirmation, image, nsg-epa, nsg-epa-failure, nsg-login-label, tlogin-failure-msg, nsg-tlogin-heading, nsg-tlogin-single-res, nsg-tlogin-multi-res, nsg-tlogin, nsg-login-heading, nsg-fullvpn, nsg-l20n, nsg-l20n-error, certauth-failure-msg, dialogue-label, nsg-change-pass-assistive-text, nsg_confirmation, nsg_kba_registration_heading, nsg_email_registration_heading, nsg_kba_validation_question, nsg_sspr_success, nf-manage-otp
X-Citrix-IsUsingHTTPS: Yes
X-Requested-With: XMLHttpRequest
Origin: https://91.240.77.111
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
Set-Cookie: NSC_DLGE=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
NSC_CERT=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
pwcount=0;Secure;HttpOnly;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 1897
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: application/vnd.citrix.authenticateresponse-1+xml; charset=utf-8
X-Citrix-Application: Receiver for Web

91.240.77.111/logon/LogonPoint/receiver/images/common/authspinner.gif

91.240.77.111

200 OK

954 B

URL GET HTTP/1.1
91.240.77.111/logon/LogonPoint/receiver/images/common/authspinner.gif
IP
91.240.77.111:443
ASN
#21473 PFALZKOM GmbH

Requested by
https://91.240.77.111/logon/LogonPoint/tmindex.html
Certificate
IssuerGlobalSign nv-sa
Subject*.hornbach.com
FingerprintA6:AC:F3:9D:8B:C4:B0:E0:2F:46:6B:EE:65:57:A1:E9:6B:1A:55:A0
ValidityTue, 23 May 2023 12:46:13 GMT - Sun, 23 Jun 2024 12:46:12 GMT

File type
GIF image data, version 89a, 22 x 22
Size
954 B (954 bytes)
Hash
6959bf8fd07a4bdc3e9662728dd43f17
2e598a26facf72188598d671651268e9ac100406
81cf46cd2e1d60f92fd21a4fea68c087f111a0e7f9ea3d81798dff8d9459145b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logon/LogonPoint/receiver/images/common/authspinner.gif HTTP/1.1
Host: 91.240.77.111
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Age: 1
Date: Tue, 23 Apr 2024 22:18:43 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0:  92
ETag: "3ba-615e42c5c9d65"
Server: Apache
X-Frame-Options: SAMEORIGIN
Last-Modified: Fri, 12 Apr 2024 11:00:01 GMT
Accept-Ranges: bytes
Content-Length: 954
Feature-Policy: camera 'none'; microphone 'none'; geolocation 'none'
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15, max=92
Content-Type: image/gif
Strict-Transport-Security: max-age=31536000; includeSubDomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by