IP

95.82.55.121

Network

95.82.48.0/20

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://95.82.55.121:33034/ 403

ASN

AS134729

Organization

JOINT POWER TECHNOLOGY LIMITED

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

Product

OpenResty OpenResty

CPE(s)

<enterprise field>: cpe

Issuer Common Name

Certum Domain Validation CA SHA2

Issuer Organization

Unizeto Technologies S.A.

Subject Common Name

65.181.153.101

SHA256 Fingerprint

d55172251fac2b43ce9c8f2f6ddfd1c53d88b93c054edaadc2b7ee9005096723

Validity Not Before

2024-06-21T10:30:20Z

Validity Not After

2025-06-21T10:30:19Z

Data MD5

74b8f3944cfe5122d392b396d36db1b5

HTTP Header MD5

149dd60bf5d3051791e1cf126bba3436

HTTP Body MD5

23b185a0c4c6b21666f37b500b6aef67

Favicon MD5

23b185a0c4c6b21666f37b500b6aef67

Favicon MMH3

-1524263177

HTTP/1.1 403 Forbidden
Server: openresty
Date: Thu, 21 Nov 2024 08:38:06 GMT
Content-Type: text/html
Content-Length: 7
Connection: close
jckl: zdluI7NDZiAppGuAv5Qna4jVUIbBBoI4QQH8F1b3yVnAv+jucOpH9k1ehEtS8PPU4end/xKiBW8OMySzFQnIAQ==
via: 1.1 google

403.k02

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:45:08.000Z",
   "app" : {
      "favicon" : {
         "image" : "NDAzLmswMg==",
         "imagemd5" : "23b185a0c4c6b21666f37b500b6aef67",
         "imagemmh3" : -1524263177,
         "length" : 7,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "23b185a0c4c6b21666f37b500b6aef67",
         "bodymmh3" : 1989123423,
         "headermd5" : "149dd60bf5d3051791e1cf126bba3436",
         "headermmh3" : 808652435
      },
      "length" : 265
   },
   "asn" : "AS134729",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "AU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 403 Forbidden\r\nServer: openresty\r\nDate: Thu, 21 Nov 2024 08:38:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 7\r\nConnection: close\r\njckl: zdluI7NDZiAppGuAv5Qna4jVUIbBBoI4QQH8F1b3yVnAv+jucOpH9k1ehEtS8PPU4end/xKiBW8OMySzFQnIAQ==\r\nvia: 1.1 google\r\n\r\n403.k02",
   "datamd5" : "74b8f3944cfe5122d392b396d36db1b5",
   "datammh3" : -1202847077,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "c16a7d70e6ce665e7c69aa468670d6e2",
      "sha1" : "43958c80228ef073c0e10d994eb3ead86e4fa92f",
      "sha256" : "d55172251fac2b43ce9c8f2f6ddfd1c53d88b93c054edaadc2b7ee9005096723"
   },
   "ip" : "95.82.55.121",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Certum Domain Validation CA SHA2",
      "country" : "PL",
      "organization" : "Unizeto Technologies S.A.",
      "organizationalunit" : "Certum Certification Authority"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "-33.4940",
   "location" : "-33.4940,143.2104",
   "longitude" : "143.2104",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "JOINT POWER TECHNOLOGY LIMITED",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 33034,
   "product" : "OpenResty",
   "productvendor" : "OpenResty",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Forbidden",
   "seen_date" : "2024-11-21",
   "serial" : "53:ff:d8:8a:5b:85:53:84:65:cf:9a:4d:76:59:e4:37",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 403,
   "subject" : {
      "commonname" : "65.181.153.101"
   },
   "subnet" : "95.82.48.0/20",
   "tag" : "<enterprise field>: tag",
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-06-21T10:30:19Z",
      "notbefore" : "2024-06-21T10:30:20Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

31.171.154.202

Network

31.171.152.0/21

Domain(s)

localhost.localdomain

Device

<enterprise field>: device.class

URL

https://31.171.154.202:33034/webclient/Login.xhtml 200

HTTP Title

GoAnywhere Web Client - Login

ASN

AS197706

Organization

Keminet SHPK

Protocol

http Cert not expired http

Source

datascan::redirect::2

HTTP Component(s)

Fortra GoAnywhere MFT Oracle Java

CPE(s)

<enterprise field>: cpe

Issuer Common Name

localhost.localdomain

Issuer Organization

MyCompany

Subject Organization

MyCompany

Subject Common Name

localhost.localdomain

Subject Alt Name

localhost

SHA256 Fingerprint

f6ecdc01d3e2a2624f36483ecc89078af743b1e9e07f2fd1a85b5e9a5c599a23

Validity Not Before

2024-10-19T12:05:03Z

Validity Not After

2034-10-17T12:05:03Z

Data MD5

91665c44477990765b8b6a2ffa0662da

HTTP Header MD5

d26d1ffbefbc787e4a2e802a97094d05

HTTP Body MD5

d371e68763e09e7fc706bfa41d936f36

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=AFE7D54C7734A180E25DD86AD3974414; Path=/; Secure; HttpOnly
X-UA-Compatible: IE=edge
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: oam.Flash.RENDERMAP.TOKEN=4tdvdtru0; Path=/; Secure; HttpOnly
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 21 Nov 2024 08:43:06 UTC

2885
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head id="j_id_5"><link type="text/css" rel="stylesheet" href="/javax.faces.resource/theme.css.xhtml?ln=primefaces-aristo" /><link rel="stylesheet" type="text/css" href="/javax.faces.resource/gfacesFNDNMO.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=css" /><script type="text/javascript" src="/javax.faces.resource/jquery/jquery.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14"></script><script type="text/javascript" src="/javax.faces.resource/jquery/jquery-plugins.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14"></script><script type="text/javascript" src="/javax.faces.resource/core.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14"></script><script type="text/javascript" src="/javax.faces.resource/components.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14"></script><link rel="stylesheet" type="text/css" href="/javax.faces.resource/components.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14" /><script type="text/javascript" src="/javax.faces.resource/passwordYIBHPR/password.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=gfaces"></script><link rel="stylesheet" type="text/css" href="/javax.faces.resource/css/styles.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL" /><link rel="stylesheet" type="text/css" href="/javax.faces.resource/default/css/theme.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=themesCARDNL" /><script type="text/javascript">if(window.PrimeFaces){PrimeFaces.settings.locale='en';}</script>
		<meta name="viewport" content="width=device-width, initial-scale=1" /><title>GoAnywhere Web Client - Login</title><script type="text/javascript" src="/javax.faces.resource/gfacesFNDNMO.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=js"></script><script type="text/javascript" src="/javax.faces.resource/languagesFNDNMO.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=js"></script><script type="text/javascript" src="/javax.faces.resource/js/languages.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script><script type="text/javascript" src="/javax.faces.resource/js/scripts.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script><script type="text/javascript" src="/javax.faces.resource/js/base64_jquery.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script><script type="text/javascript" src="/javax.faces.resource/js/placeholder.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script><script type="text/javascript" src="/javax.faces.resource/js/sessionTimeoutWarning.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script>
	<script type="text/javascript">
		// Load SessionTimeoutCounterModule with session timeout from global preferences
		var SessionTimeoutCounter = SessionTimeoutCounterModule(300);
	</script><script type="text/javascript" src="/javax.faces.resource/font-awesome/5.6.1/js/all.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=webjars"></script>


	<script type="text/javascript">
		var sessionURLAllowed = true;
		var invalidBrowserLocation = "/InvalidBrowser.xhtml";

		if (!sessionURLAllowed) {
			//Try setting the cookie then getting the cookie. if the 
			//cookie returns as undefined we know that cookies are not enabled.
			if (!PrimeFaces.cookiesEnabled()) {
				location.href = invalidBrowserLocation;
			}
		}
	</script><script type="text/javascript" src="/javax.faces.resource/js/container.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL"></script>
		<script type="text/javascript">
			checkForContainer();
			function reinitializeLogin() {
				reinitializeLoginCommand();
			}
		</script><style>
			.ThemeBackgroundWrapper {position: fixed;width: 100%;height: 100%;}.LoginPanelInner {position: relative;text-align: center;padding: 5px;}.loginForm input {height: 23px;}.loginLinks {text-align: center;font-size: 12px}.LoginLabelField {display: none;}.loginFormPanel {border: none;background: transparent;padding: 0;}#disclaimerHeading {text-align: center;padding: 0;text-transform: uppercase;}.disclaimerContainer {padding: 5px 40px 25px;}.loginForm .ui-panel-content {padding: 0;}.LoginButton.ui-state-default {border-color: #226197 !important;}.inputDiv {margin-bottom: 12px;}.LoginPanelOuter {position: relative;margin: 0;height: 100%;background-color: #F2F5F9;display: inline-block;padding: 0 10px;min-width: 24em;border: 1px solid #dddddd;}.LoginPanelBackground {padding: 20% 32px 0;}.LoginPanelInner .ui-inputfield {width: calc(100% - 15px);display: block;}.LoginButton {width: 100%;}.LoginButtonPanel {display: inline-block;max-width: 100%;position: relative;width: calc(100% - 2px);}.LoginButton.half {width: calc(50% - 6px);}.disclaimerContainer {min-width: 10em;max-width: 320px;text-align: left;margin-top: 20px;}.LoginPanelWrapper {position: relative;height: 100%;}.LoginPanelWrapper:before {content: '';display: inline-block;height: 100%;vertical-align: middle;}.LoginPanelWrapperCentered {position: absolute;top: 50%;left: 50%;transform: translate(-50%, -50%);max-width: 100%;min-width: 24em;}.FooterDiv {margin-top: 20px;position: relative;}.Captcha {text-align: center;}#gotpForm .LoginButtonPanel{width: 370px;}.LoginPanelInner .gotpInput.option{width: 365px;}.LoginPanelInner .gotpInput.email{width: 355px;display: block;}.LoginPanelInner .gotpInput.country {width: 180px;margin-right: 5px;}.LoginPanelInner .gotpInput.mobileMask {width: 152px;vertical-align: middle;display: inline-block;}
</style></head><body style="height:100%;"><div class="ThemeBackgroundWrapper"><div class="ThemeBackground"></div></div><div class="LoginPanelWrapper"><div class="LoginPanelWrapperCentered"><div class="LoginPanelOuter"><div class="LoginPanelBackground"><div class="LoginPanelInner"><form id="j_id_y" name="j_id_y" method="post" action="/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09" enctype="application/x-www-form-urlencoded"><input type="hidden" name="j_id_y_SUBMIT" value="1" /><input type="hidden" name="javax.faces.ViewState" id="j_id__v_0:javax.faces.ViewState:1" value="/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=" autocomplete="off" /></form><img src="/images/default_logo.png;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09" alt="Logo" class="loginLogo" /><div class="LoginWidthLimiter"></div><div class="loginMessagesContainer LoginText" style="width: 5px;"><div id="j_id_17" class="ui-messages ui-widget" aria-live="polite"></div></div><form id="stayAliveForm" name="stayAliveForm" method="post" action="/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09" enctype="application/x-www-form-urlencoded"><div><script id="stayAliveForm:j_id_1c_s" type="text/javascript">$(function(){PrimeFaces.cw("Poll","widget_stayAliveForm_j_id_1c",{id:"stayAliveForm:j_id_1c",frequency:298,autoStart:true,fn:function(){PrimeFaces.ab({s:"stayAliveForm:j_id_1c",f:"stayAliveForm",p:"stayAliveForm",g:false});}});});</script></div><input type="hidden" name="stayAliveForm_SUBMIT" value="1" /><input type="hidden" name="javax.faces.ViewState" id="j_id__v_0:javax.faces.ViewState:2" value="/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=" autocomplete="off" /></form><form id="loginForm" name="loginForm" method="post" action="/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09" enctype="application/x-www-form-urlencoded"><script id="j_id_1e" type="text/javascript">reinitializeLoginCommand = function() {PrimeFaces.ab({s:"j_id_1e",f:"loginForm",u:"loginForm",pa:arguments[0]});}</script><div><div class="loginForm"><div id="j_id_1i" class="ui-panel ui-widget ui-widget-content ui-corner-all loginPanel loginFormPanel" data-widget="widget_j_id_1i"><div id="j_id_1i_content" class="ui-panel-content ui-widget-content"><div class="inputDiv"><input id="username" name="username" type="text" class="ui-inputfield ui-inputtext ui-widget ui-state-default ui-corner-all" autocomplete="off" placeholder="User Name" size="41" tabindex="1" /><script id="username_s" type="text/javascript">$(function(){PrimeFaces.cw("InputText","widget_username",{id:"username"});});</script></div><div class="inputDiv"><input id="value_hinput" name="value_hinput" type="hidden" /><input id="value" name="value" type="text" autocomplete="off" placeholder="Password" size="41" tabindex="1" class="ui-inputfield ui-inputtext ui-widget ui-state-default ui-corner-all" /><script id="value_s" type="text/javascript">$(function(){PrimeFaces.cw("GFacesPassword","widget_value",{id:"value",allowSaving:false,value:""});});</script></div><div class="inputDiv LoginButtonPanel"><button id="j_id_1o" name="j_id_1o" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only LoginButton " aria-label="" onclick="" tabindex="1" type="submit"><span class="ui-button-text ui-c">Login</span></button><script id="j_id_1o_s" type="text/javascript">$(function(){PrimeFaces.cw("CommandButton","widget_j_id_1o",{id:"j_id_1o"});});</script></div><div class="inputDiv LoginLinksDiv"><div class="LoginLabelField"></div></div></div></div><script id="j_id_1i_s" type="text/javascript">$(function(){PrimeFaces.cw("Panel","widget_j_id_1i",{id:"j_id_1i"});});</script><span id="j_id_24"></span><script type="text/javascript">$(function(){PrimeFaces.focus();});</script></div></div><input type="hidden" name="loginForm_SUBMIT" value="1" /><input type="hidden" name="javax.faces.ViewState" id="j_id__v_0:javax.faces.ViewState:3" value="/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=" autocomplete="off" /></form></div></div><div class="LoginPanelDisclaimer"><div class="FooterDiv"><div id="footer">Powered by <a href="https://www.GoAnywhere.com/powered-by" target="_blank">GoAnywhere</a></div></div></div></div></div></div>
		<script>
			var SetLoginTextWidth = function() {
				var wrapperWidth = $('.LoginWidthLimiter').innerWidth();
				$('.LoginText').width(wrapperWidth);
			}();
			//Script to set the LoginText Width equal to the panels max width
		</script></body>
</html>
0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:43:06.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org",
            "goanywhere.com"
         ],
         "hostname" : [
            "www.GoAnywhere.com",
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/1999/xhtml",
            "https://www.GoAnywhere.com/powered-by"
         ]
      },
      "http" : {
         "bodymd5" : "d371e68763e09e7fc706bfa41d936f36",
         "bodymmh3" : -1758896536,
         "component" : [
            {
               "productvendor" : "Oracle",
               "product" : "Java"
            },
            {
               "product" : "GoAnywhere MFT",
               "productvendor" : "Fortra"
            }
         ],
         "headermd5" : "d26d1ffbefbc787e4a2e802a97094d05",
         "headermmh3" : 1363383381,
         "title" : "GoAnywhere Web Client - Login"
      },
      "length" : 10869
   },
   "asn" : "AS197706",
   "ca" : "false",
   "city" : "Tirana",
   "country" : "AL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nSet-Cookie: JSESSIONID=AFE7D54C7734A180E25DD86AD3974414; Path=/; Secure; HttpOnly\r\nX-UA-Compatible: IE=edge\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nSet-Cookie: oam.Flash.RENDERMAP.TOKEN=4tdvdtru0; Path=/; Secure; HttpOnly\r\nContent-Type: text/html;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nDate: Thu, 21 Nov 2024 08:43:06 UTC\r\n\r\n2885\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\"><head id=\"j_id_5\"><link type=\"text/css\" rel=\"stylesheet\" href=\"/javax.faces.resource/theme.css.xhtml?ln=primefaces-aristo\" /><link rel=\"stylesheet\" type=\"text/css\" href=\"/javax.faces.resource/gfacesFNDNMO.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=css\" /><script type=\"text/javascript\" src=\"/javax.faces.resource/jquery/jquery.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/jquery/jquery-plugins.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/core.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/components.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14\"></script><link rel=\"stylesheet\" type=\"text/css\" href=\"/javax.faces.resource/components.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=primefaces&amp;v=7.0.14\" /><script type=\"text/javascript\" src=\"/javax.faces.resource/passwordYIBHPR/password.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=gfaces\"></script><link rel=\"stylesheet\" type=\"text/css\" href=\"/javax.faces.resource/css/styles.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\" /><link rel=\"stylesheet\" type=\"text/css\" href=\"/javax.faces.resource/default/css/theme.css.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=themesCARDNL\" /><script type=\"text/javascript\">if(window.PrimeFaces){PrimeFaces.settings.locale='en';}</script>\n\t\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /><title>GoAnywhere Web Client - Login</title><script type=\"text/javascript\" src=\"/javax.faces.resource/gfacesFNDNMO.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=js\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/languagesFNDNMO.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=js\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/languages.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/scripts.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/base64_jquery.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/placeholder.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/sessionTimeoutWarning.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script>\n\t<script type=\"text/javascript\">\n\t\t// Load SessionTimeoutCounterModule with session timeout from global preferences\n\t\tvar SessionTimeoutCounter = SessionTimeoutCounterModule(300);\n\t</script><script type=\"text/javascript\" src=\"/javax.faces.resource/font-awesome/5.6.1/js/all.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=webjars\"></script>\n\n\n\t<script type=\"text/javascript\">\n\t\tvar sessionURLAllowed = true;\n\t\tvar invalidBrowserLocation = \"/InvalidBrowser.xhtml\";\n\n\t\tif (!sessionURLAllowed) {\n\t\t\t//Try setting the cookie then getting the cookie. if the \n\t\t\t//cookie returns as undefined we know that cookies are not enabled.\n\t\t\tif (!PrimeFaces.cookiesEnabled()) {\n\t\t\t\tlocation.href = invalidBrowserLocation;\n\t\t\t}\n\t\t}\n\t</script><script type=\"text/javascript\" src=\"/javax.faces.resource/js/container.js.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09?ln=commonCARDNL\"></script>\n\t\t<script type=\"text/javascript\">\n\t\t\tcheckForContainer();\n\t\t\tfunction reinitializeLogin() {\n\t\t\t\treinitializeLoginCommand();\n\t\t\t}\n\t\t</script><style>\n\t\t\t.ThemeBackgroundWrapper {position: fixed;width: 100%;height: 100%;}.LoginPanelInner {position: relative;text-align: center;padding: 5px;}.loginForm input {height: 23px;}.loginLinks {text-align: center;font-size: 12px}.LoginLabelField {display: none;}.loginFormPanel {border: none;background: transparent;padding: 0;}#disclaimerHeading {text-align: center;padding: 0;text-transform: uppercase;}.disclaimerContainer {padding: 5px 40px 25px;}.loginForm .ui-panel-content {padding: 0;}.LoginButton.ui-state-default {border-color: #226197 !important;}.inputDiv {margin-bottom: 12px;}.LoginPanelOuter {position: relative;margin: 0;height: 100%;background-color: #F2F5F9;display: inline-block;padding: 0 10px;min-width: 24em;border: 1px solid #dddddd;}.LoginPanelBackground {padding: 20% 32px 0;}.LoginPanelInner .ui-inputfield {width: calc(100% - 15px);display: block;}.LoginButton {width: 100%;}.LoginButtonPanel {display: inline-block;max-width: 100%;position: relative;width: calc(100% - 2px);}.LoginButton.half {width: calc(50% - 6px);}.disclaimerContainer {min-width: 10em;max-width: 320px;text-align: left;margin-top: 20px;}.LoginPanelWrapper {position: relative;height: 100%;}.LoginPanelWrapper:before {content: '';display: inline-block;height: 100%;vertical-align: middle;}.LoginPanelWrapperCentered {position: absolute;top: 50%;left: 50%;transform: translate(-50%, -50%);max-width: 100%;min-width: 24em;}.FooterDiv {margin-top: 20px;position: relative;}.Captcha {text-align: center;}#gotpForm .LoginButtonPanel{width: 370px;}.LoginPanelInner .gotpInput.option{width: 365px;}.LoginPanelInner .gotpInput.email{width: 355px;display: block;}.LoginPanelInner .gotpInput.country {width: 180px;margin-right: 5px;}.LoginPanelInner .gotpInput.mobileMask {width: 152px;vertical-align: middle;display: inline-block;}\n</style></head><body style=\"height:100%;\"><div class=\"ThemeBackgroundWrapper\"><div class=\"ThemeBackground\"></div></div><div class=\"LoginPanelWrapper\"><div class=\"LoginPanelWrapperCentered\"><div class=\"LoginPanelOuter\"><div class=\"LoginPanelBackground\"><div class=\"LoginPanelInner\"><form id=\"j_id_y\" name=\"j_id_y\" method=\"post\" action=\"/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09\" enctype=\"application/x-www-form-urlencoded\"><input type=\"hidden\" name=\"j_id_y_SUBMIT\" value=\"1\" /><input type=\"hidden\" name=\"javax.faces.ViewState\" id=\"j_id__v_0:javax.faces.ViewState:1\" value=\"/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=\" autocomplete=\"off\" /></form><img src=\"/images/default_logo.png;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09\" alt=\"Logo\" class=\"loginLogo\" /><div class=\"LoginWidthLimiter\"></div><div class=\"loginMessagesContainer LoginText\" style=\"width: 5px;\"><div id=\"j_id_17\" class=\"ui-messages ui-widget\" aria-live=\"polite\"></div></div><form id=\"stayAliveForm\" name=\"stayAliveForm\" method=\"post\" action=\"/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09\" enctype=\"application/x-www-form-urlencoded\"><div><script id=\"stayAliveForm:j_id_1c_s\" type=\"text/javascript\">$(function(){PrimeFaces.cw(\"Poll\",\"widget_stayAliveForm_j_id_1c\",{id:\"stayAliveForm:j_id_1c\",frequency:298,autoStart:true,fn:function(){PrimeFaces.ab({s:\"stayAliveForm:j_id_1c\",f:\"stayAliveForm\",p:\"stayAliveForm\",g:false});}});});</script></div><input type=\"hidden\" name=\"stayAliveForm_SUBMIT\" value=\"1\" /><input type=\"hidden\" name=\"javax.faces.ViewState\" id=\"j_id__v_0:javax.faces.ViewState:2\" value=\"/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=\" autocomplete=\"off\" /></form><form id=\"loginForm\" name=\"loginForm\" method=\"post\" action=\"/webclient/Login.xhtml;JSESSIONID=E3CE8193ED9ED8B525233B7440BD8D09\" enctype=\"application/x-www-form-urlencoded\"><script id=\"j_id_1e\" type=\"text/javascript\">reinitializeLoginCommand = function() {PrimeFaces.ab({s:\"j_id_1e\",f:\"loginForm\",u:\"loginForm\",pa:arguments[0]});}</script><div><div class=\"loginForm\"><div id=\"j_id_1i\" class=\"ui-panel ui-widget ui-widget-content ui-corner-all loginPanel loginFormPanel\" data-widget=\"widget_j_id_1i\"><div id=\"j_id_1i_content\" class=\"ui-panel-content ui-widget-content\"><div class=\"inputDiv\"><input id=\"username\" name=\"username\" type=\"text\" class=\"ui-inputfield ui-inputtext ui-widget ui-state-default ui-corner-all\" autocomplete=\"off\" placeholder=\"User Name\" size=\"41\" tabindex=\"1\" /><script id=\"username_s\" type=\"text/javascript\">$(function(){PrimeFaces.cw(\"InputText\",\"widget_username\",{id:\"username\"});});</script></div><div class=\"inputDiv\"><input id=\"value_hinput\" name=\"value_hinput\" type=\"hidden\" /><input id=\"value\" name=\"value\" type=\"text\" autocomplete=\"off\" placeholder=\"Password\" size=\"41\" tabindex=\"1\" class=\"ui-inputfield ui-inputtext ui-widget ui-state-default ui-corner-all\" /><script id=\"value_s\" type=\"text/javascript\">$(function(){PrimeFaces.cw(\"GFacesPassword\",\"widget_value\",{id:\"value\",allowSaving:false,value:\"\"});});</script></div><div class=\"inputDiv LoginButtonPanel\"><button id=\"j_id_1o\" name=\"j_id_1o\" class=\"ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only LoginButton \" aria-label=\"\" onclick=\"\" tabindex=\"1\" type=\"submit\"><span class=\"ui-button-text ui-c\">Login</span></button><script id=\"j_id_1o_s\" type=\"text/javascript\">$(function(){PrimeFaces.cw(\"CommandButton\",\"widget_j_id_1o\",{id:\"j_id_1o\"});});</script></div><div class=\"inputDiv LoginLinksDiv\"><div class=\"LoginLabelField\"></div></div></div></div><script id=\"j_id_1i_s\" type=\"text/javascript\">$(function(){PrimeFaces.cw(\"Panel\",\"widget_j_id_1i\",{id:\"j_id_1i\"});});</script><span id=\"j_id_24\"></span><script type=\"text/javascript\">$(function(){PrimeFaces.focus();});</script></div></div><input type=\"hidden\" name=\"loginForm_SUBMIT\" value=\"1\" /><input type=\"hidden\" name=\"javax.faces.ViewState\" id=\"j_id__v_0:javax.faces.ViewState:3\" value=\"/XKp864qZx8r8cLmryqag6yaFsAEx00hD3L/5p3kmB9Q8Sq+bAYzqXd/xHr4RObDL/Vo3Ofu53KrAe3D4kcJff0gy+U=\" autocomplete=\"off\" /></form></div></div><div class=\"LoginPanelDisclaimer\"><div class=\"FooterDiv\"><div id=\"footer\">Powered by <a href=\"https://www.GoAnywhere.com/powered-by\" target=\"_blank\">GoAnywhere</a></div></div></div></div></div></div>\n\t\t<script>\n\t\t\tvar SetLoginTextWidth = function() {\n\t\t\t\tvar wrapperWidth = $('.LoginWidthLimiter').innerWidth();\n\t\t\t\t$('.LoginText').width(wrapperWidth);\n\t\t\t}();\n\t\t\t//Script to set the LoginText Width equal to the panels max width\n\t\t</script></body>\n</html>\r\n0\r\n\r\n",
   "datamd5" : "91665c44477990765b8b6a2ffa0662da",
   "datammh3" : 1999482133,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "localhost.localdomain"
   ],
   "fingerprint" : {
      "md5" : "96d51ae2140e7c500036ff4781ab783a",
      "sha1" : "d76fe187df61882866ea581e9706f98345d5599f",
      "sha256" : "f6ecdc01d3e2a2624f36483ecc89078af743b1e9e07f2fd1a85b5e9a5c599a23"
   },
   "forward" : "31.171.154.202",
   "geolocus" : {
      "asn" : "AS197706",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "AL",
      "countryname" : "Albania",
      "domain" : [
         "iregister.al"
      ],
      "isineu" : "false",
      "latitude" : "41.153332",
      "location" : "41.153332,20.168331",
      "longitude" : "20.168331",
      "netname" : "KemiNetDataCenter",
      "organization" : "Keminet Ltd.",
      "subnet" : "31.171.152.0/22"
   },
   "hostname" : [
      "31.171.154.202",
      "localhost.localdomain"
   ],
   "ip" : "31.171.154.202",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Seattle",
      "commonname" : "localhost.localdomain",
      "country" : "US",
      "organization" : "MyCompany",
      "organizationalunit" : "MyOrg"
   },
   "latitude" : "41.3253",
   "location" : "41.3253,19.8184",
   "longitude" : "19.8184",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Keminet SHPK",
   "port" : 33034,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "seen_date" : "2024-11-21",
   "serial" : "49:ba:72:36:40:b7:3e:c3:90:75:76:c5:dc:85:39:b1:99:4f:6e:81",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan::redirect::2",
   "status" : 200,
   "subject" : {
      "altname" : [
         "localhost"
      ],
      "city" : "Seattle",
      "commonname" : "localhost.localdomain",
      "country" : "US",
      "organization" : "MyCompany",
      "organizationalunit" : "MyOrg"
   },
   "subnet" : "31.171.152.0/21",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "localdomain"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/webclient/Login.xhtml",
   "validity" : {
      "notafter" : "2034-10-17T12:05:03Z",
      "notbefore" : "2024-10-19T12:05:03Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

192.251.198.185

Network

192.251.198.0/23

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://192.251.198.185:33034/ 404

ASN

AS46872

Organization

GLDATACENTRE-1

Protocol

http Cert not expired http

Source

datascan

Operating System

Microsoft Windows

Product

Microsoft HTTPAPI 2.0

HTTP Component(s)

Veeam Backup & Replication

CPE(s)

<enterprise field>: cpe

Issuer Common Name

Veeam Backup Server Certificate

Subject Common Name

Veeam Backup Server Certificate

SHA256 Fingerprint

0e9e99c4141cc36a34a468a6cb1531164141632fcb86a4e9aaa94ea79d91f556

Validity Not Before

2023-04-04T19:01:41Z

Validity Not After

2033-04-04T19:01:41Z

Data MD5

bc8766a43ea1513e06ed18cc070ad700

HTTP Header MD5

b7a1316eeff50763aac726520c4c36ca

HTTP Body MD5

817ae1ffa9d8bb15c6edd06322e71611

HTTP/1.1 404 Not Found
Content-Length: 18
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:38:19 GMT
Connection: close

Resource not found

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:38:06.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "817ae1ffa9d8bb15c6edd06322e71611",
         "bodymmh3" : -1086069816,
         "component" : [
            {
               "product" : "Backup & Replication",
               "productvendor" : "Veeam"
            }
         ],
         "headermd5" : "b7a1316eeff50763aac726520c4c36ca",
         "headermmh3" : -1198705964
      },
      "length" : 151
   },
   "asn" : "AS46872",
   "basicconstraints" : "critical",
   "ca" : "true",
   "country" : "CA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 404 Not Found\r\nContent-Length: 18\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:38:19 GMT\r\nConnection: close\r\n\r\nResource not found",
   "datamd5" : "bc8766a43ea1513e06ed18cc070ad700",
   "datammh3" : 1809419528,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "fingerprint" : {
      "md5" : "6b55ea981d234821886158e17c068e4c",
      "sha1" : "cebbbfbc83f28bdff97d9cd2b20a44c4ef0fde6f",
      "sha256" : "0e9e99c4141cc36a34a468a6cb1531164141632fcb86a4e9aaa94ea79d91f556"
   },
   "geolocus" : {
      "asn" : "AS46872",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "CA",
      "countryname" : "Canada",
      "domain" : [
         "goldline.net"
      ],
      "isineu" : "false",
      "latitude" : "56.130366",
      "location" : "56.130366,-106.346771",
      "longitude" : "-106.346771",
      "netname" : "GL2CLOUD",
      "organization" : "Gold Line Telemanagement,  Inc.",
      "subnet" : "192.251.198.0/23"
   },
   "ip" : "192.251.198.185",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Veeam Backup Server Certificate"
   },
   "latitude" : "43.6319",
   "location" : "43.6319,-79.3716",
   "longitude" : "-79.3716",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "GLDATACENTRE-1",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 33034,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Not Found",
   "seen_date" : "2024-11-21",
   "serial" : "35:71:40:56:15:ca:20:aa:4a:ec:85:26:af:08:38:07",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 404,
   "subject" : {
      "commonname" : "Veeam Backup Server Certificate"
   },
   "subnet" : "192.251.198.0/23",
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2033-04-04T19:01:41Z",
      "notbefore" : "2023-04-04T19:01:41Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

65.21.141.54

Network

65.21.0.0/16

Domain(s)

your-server.de

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://65.21.141.54:33034/ 404

Reverse DNS

static.54.141.21.65.clients.your-server.de

ASN

AS24940

Organization

Hetzner Online GmbH

Protocol

http Cert not expired http

Source

datascan

Operating System

Microsoft Windows

Product

Microsoft HTTPAPI 2.0

HTTP Component(s)

Veeam Backup & Replication

CPE(s)

<enterprise field>: cpe

Issuer Common Name

Veeam Backup Server Certificate

Subject Common Name

Veeam Backup Server Certificate

SHA256 Fingerprint

3102ac792f95a645bb6113ba2c13610d9ff98b942510632233d539b623f7f938

Validity Not Before

2021-09-30T18:57:25Z

Validity Not After

2031-09-30T18:57:25Z

Data MD5

bc8766a43ea1513e06ed18cc070ad700

HTTP Header MD5

b7a1316eeff50763aac726520c4c36ca

HTTP Body MD5

817ae1ffa9d8bb15c6edd06322e71611

HTTP/1.1 404 Not Found
Content-Length: 18
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 08:37:53 GMT
Connection: close

Resource not found

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:37:53.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "817ae1ffa9d8bb15c6edd06322e71611",
         "bodymmh3" : -1086069816,
         "component" : [
            {
               "product" : "Backup & Replication",
               "productvendor" : "Veeam"
            }
         ],
         "headermd5" : "b7a1316eeff50763aac726520c4c36ca",
         "headermmh3" : -1137720048
      },
      "length" : 151
   },
   "asn" : "AS24940",
   "basicconstraints" : "critical",
   "ca" : "true",
   "city" : "Helsinki",
   "country" : "FI",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 404 Not Found\r\nContent-Length: 18\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 08:37:53 GMT\r\nConnection: close\r\n\r\nResource not found",
   "datamd5" : "bc8766a43ea1513e06ed18cc070ad700",
   "datammh3" : 1809419528,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "your-server.de"
   ],
   "fingerprint" : {
      "md5" : "61c4d733875c548a2060f91b85597b90",
      "sha1" : "46ca67c64ab26dcf4f891b3aa06e13ccc0788c88",
      "sha256" : "3102ac792f95a645bb6113ba2c13610d9ff98b942510632233d539b623f7f938"
   },
   "geolocus" : {
      "asn" : "AS24940",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "FI",
      "countryname" : "Finland",
      "domain" : [
         "hetzner.com",
         "your-server.de"
      ],
      "isineu" : "true",
      "latitude" : "61.92411",
      "location" : "61.92411,25.748151",
      "longitude" : "25.748151",
      "netname" : "DE-HETZNER-20010926",
      "organization" : "Hetzner Online GmbH",
      "subnet" : "65.21.128.0/19"
   },
   "host" : [
      "static"
   ],
   "hostname" : [
      "static.54.141.21.65.clients.your-server.de"
   ],
   "ip" : "65.21.141.54",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Veeam Backup Server Certificate"
   },
   "latitude" : "60.1797",
   "location" : "60.1797,24.9344",
   "longitude" : "24.9344",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Hetzner Online GmbH",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 33034,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Not Found",
   "reverse" : [
      "static.54.141.21.65.clients.your-server.de"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "56:4e:cf:55:4a:95:73:b8:40:20:1a:8c:7c:c3:ac:70",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 404,
   "subdomains" : [
      "141.21.65.clients.your-server.de",
      "21.65.clients.your-server.de",
      "54.141.21.65.clients.your-server.de",
      "65.clients.your-server.de",
      "clients.your-server.de"
   ],
   "subject" : {
      "commonname" : "Veeam Backup Server Certificate"
   },
   "subnet" : "65.21.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "de"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2031-09-30T18:57:25Z",
      "notbefore" : "2021-09-30T18:57:25Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

31.171.154.202

Network

31.171.152.0/21

Domain(s)

localhost.localdomain

Device

<enterprise field>: device.class

URL

https://31.171.154.202:33034/webclient/Dashboard.xhtml 302

ASN

AS197706

Organization

Keminet SHPK

Protocol

http Cert not expired http

Source

datascan::redirect::1

HTTP Component(s)

Oracle Java

CPE(s)

<enterprise field>: cpe

Issuer Common Name

localhost.localdomain

Issuer Organization

MyCompany

Subject Organization

MyCompany

Subject Common Name

localhost.localdomain

Subject Alt Name

localhost

SHA256 Fingerprint

f6ecdc01d3e2a2624f36483ecc89078af743b1e9e07f2fd1a85b5e9a5c599a23

Validity Not Before

2024-10-19T12:05:03Z

Validity Not After

2034-10-17T12:05:03Z

Data MD5

647a9822dae3216e4a6320f6003f182e

HTTP Header MD5

1c1958f3c84e870233ed2fc0a8e666cb

HTTP Body MD5

d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 302 Found
Set-Cookie: JSESSIONID=B1C6895DCD07A4BC6BC1250757AD536C; Path=/; Secure; HttpOnly
X-UA-Compatible: IE=edge
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: /webclient/Login.xhtml
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Thu, 21 Nov 2024 08:37:08 UTC

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:37:08.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "component" : [
            {
               "product" : "Java",
               "productvendor" : "Oracle"
            }
         ],
         "headermd5" : "1c1958f3c84e870233ed2fc0a8e666cb",
         "headermmh3" : -2049807289
      },
      "length" : 436
   },
   "asn" : "AS197706",
   "ca" : "false",
   "city" : "Tirana",
   "country" : "AL",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nSet-Cookie: JSESSIONID=B1C6895DCD07A4BC6BC1250757AD536C; Path=/; Secure; HttpOnly\r\nX-UA-Compatible: IE=edge\r\nCache-Control: no-cache, no-store, must-revalidate\r\nPragma: no-cache\r\nExpires: Thu, 01 Jan 1970 00:00:00 GMT\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nLocation: /webclient/Login.xhtml\r\nContent-Type: text/html;charset=UTF-8\r\nContent-Length: 0\r\nDate: Thu, 21 Nov 2024 08:37:08 UTC\r\n\r\n",
   "datamd5" : "647a9822dae3216e4a6320f6003f182e",
   "datammh3" : 1661295943,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "localhost.localdomain"
   ],
   "fingerprint" : {
      "md5" : "96d51ae2140e7c500036ff4781ab783a",
      "sha1" : "d76fe187df61882866ea581e9706f98345d5599f",
      "sha256" : "f6ecdc01d3e2a2624f36483ecc89078af743b1e9e07f2fd1a85b5e9a5c599a23"
   },
   "forward" : "31.171.154.202",
   "geolocus" : {
      "asn" : "AS197706",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "AL",
      "countryname" : "Albania",
      "domain" : [
         "iregister.al"
      ],
      "isineu" : "false",
      "latitude" : "41.153332",
      "location" : "41.153332,20.168331",
      "longitude" : "20.168331",
      "netname" : "KemiNetDataCenter",
      "organization" : "Keminet Ltd.",
      "subnet" : "31.171.152.0/22"
   },
   "hostname" : [
      "31.171.154.202",
      "localhost.localdomain"
   ],
   "ip" : "31.171.154.202",
   "ipv6" : "false",
   "issuer" : {
      "city" : "Seattle",
      "commonname" : "localhost.localdomain",
      "country" : "US",
      "organization" : "MyCompany",
      "organizationalunit" : "MyOrg"
   },
   "latitude" : "41.3253",
   "location" : "41.3253,19.8184",
   "longitude" : "19.8184",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Keminet SHPK",
   "port" : 33034,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Found",
   "seen_date" : "2024-11-21",
   "serial" : "49:ba:72:36:40:b7:3e:c3:90:75:76:c5:dc:85:39:b1:99:4f:6e:81",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan::redirect::1",
   "status" : 302,
   "subject" : {
      "altname" : [
         "localhost"
      ],
      "city" : "Seattle",
      "commonname" : "localhost.localdomain",
      "country" : "US",
      "organization" : "MyCompany",
      "organizationalunit" : "MyOrg"
   },
   "subnet" : "31.171.152.0/21",
   "tld" : [
      "localdomain"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/webclient/Dashboard.xhtml",
   "validity" : {
      "notafter" : "2034-10-17T12:05:03Z",
      "notbefore" : "2024-10-19T12:05:03Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

175.194.139.29

Network

175.194.128.0/19

Domain(s)

invalid2.invalid

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://175.194.139.29:33034/ 301

HTTP Title

301 Moved

ASN

AS4766

Organization

Korea Telecom

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

Product

Google GWS

CPE(s)

<enterprise field>: cpe

Issuer Common Name

invalid2.invalid

Subject Common Name

invalid2.invalid

SHA256 Fingerprint

d5129635a050f63dd607ffa9271eefaab597c0975809765dad253973fc554d25

Validity Not Before

2015-01-01T00:00:00Z

Validity Not After

2030-01-01T00:00:00Z

Data MD5

34e0dc92869ac5a13646236e658c091e

HTTP Header MD5

cefd9a8dba25d7526370154af1b55f6e

HTTP Body MD5

97271fa3826f7429a07da5fa59d4c9d0

Favicon MD5

f3418a443e7d841097c714d69ec4bcb8

Favicon MMH3

708578229

HTTP/1.1 301 Moved Permanently
Location: http://www.google.com:33034/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-7fAtDxadchC0mibtfacjKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Date: Thu, 21 Nov 2024 08:29:07 GMT
Expires: Sat, 21 Dec 2024 08:29:07 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com:33034/">here</A>.
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:36:10.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "withgoogle.com",
            "google.com"
         ],
         "hostname" : [
            "csp.withgoogle.com",
            "www.google.com"
         ],
         "url" : [
            "http://www.google.com:33034/",
            "https://csp.withgoogle.com/csp/gws/other-hp",
            "https://csp.withgoogle.com/csp/report-to/gws/other"
         ]
      },
      "favicon" : {
         "image" : "AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///zD9/f2W/f392P39/fn9/f35/f391/39/ZT+/v4uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v7+Cf39/Zn///////////////////////////////////////////39/ZX///8IAAAAAAAAAAAAAAAA/v7+Cf39/cH/////+v35/7TZp/92ul3/WKs6/1iqOv9yuFn/rNWd//j79v///////f39v////wgAAAAAAAAAAP39/Zn/////7PXp/3G3WP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP+Or1j//vDo///////9/f2VAAAAAP///zD/////+vz5/3G3V/9TqDT/WKo6/6LQkf/U6cz/1urO/6rUm/+Zo0r/8IZB//adZ////v7///////7+/i79/f2Y/////4nWzf9Lqkj/Vqo4/9Xqzv///////////////////////ebY//SHRv/0hUL//NjD///////9/f2U/f392v////8sxPH/Ebzt/43RsP/////////////////////////////////4roL/9IVC//i1jf///////f391/39/fr/////Cr37/wW8+/+16/7/////////////////9IVC//SFQv/0hUL/9IVC//SFQv/3pnX///////39/fn9/f36/////wu++/8FvPv/tuz+//////////////////SFQv/0hUL/9IVC//SFQv/0hUL/96p7///////9/f35/f392/////81yfz/CrL5/2uk9v///////////////////////////////////////////////////////f392P39/Zn/////ks/7/zdS7P84Rur/0NT6///////////////////////9/f////////////////////////39/Zb+/v4y//////n5/v9WYu3/NUPq/ztJ6/+VnPT/z9L6/9HU+v+WnfT/Ul7t/+Hj/P////////////////////8wAAAAAP39/Z3/////6Or9/1hj7v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v9sdvD////////////9/f2YAAAAAAAAAAD///8K/f39w//////5+f7/paz2/11p7v88Suv/Okfq/1pm7v+iqfX/+fn+///////9/f3B/v7+CQAAAAAAAAAAAAAAAP///wr9/f2d///////////////////////////////////////////9/f2Z/v7+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/jL9/f2Z/f392/39/fr9/f36/f392v39/Zj///8wAAAAAAAAAAAAAAAAAAAAAPAPAADAAwAAgAEAAIABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIABAACAAQAAwAMAAPAPAAAoAAAAIAAAAEAAAAABACAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/g3+/v5X/f39mf39/cj9/f3q/f39+f39/fn9/f3q/f39yP39/Zn+/v5W////DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/iT9/f2c/f399f/////////////////////////////////////////////////////9/f31/f39mv7+/iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/gn9/f2K/f39+////////////////////////////////////////////////////////////////////////////f39+v39/Yf///8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/v4k/f390v////////////////////////////////////////////////////////////////////////////////////////////////39/dD///8iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////MP39/er//////////////////////////+r05v+v16H/gsBs/2WxSf9Wqjj/Vqk3/2OwRv99vWX/pdKV/97u2P////////////////////////////39/ej+/v4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/iT9/f3q/////////////////////+v15/+Pxnv/VKk2/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/36+Z//d7tf///////////////////////39/ej///8iAAAAAAAAAAAAAAAAAAAAAAAAAAD///8K/f390//////////////////////E4bn/XKw+/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1apN/+x0pv///////////////////////39/dD///8IAAAAAAAAAAAAAAAAAAAAAP39/Yv/////////////////////sdij/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/YKU1/8qOPv/5wZ////////////////////////39/YcAAAAAAAAAAAAAAAD+/v4l/f39+////////////////8Lgt/9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9utlT/n86N/7faqv+426v/pdKV/3u8ZP9UqDX/U6g0/3egN//jiUH/9IVC//SFQv/82MP//////////////////f39+v7+/iMAAAAAAAAAAP39/Z3////////////////q9Ob/W6w+/1OoNP9TqDT/U6g0/1OoNP9nskz/zOXC/////////////////////////////////+Dv2v+osWP/8YVC//SFQv/0hUL/9IVC//WQVP/++fb//////////////////f39mgAAAAD+/v4O/f399v///////////////4LHj/9TqDT/U6g0/1OoNP9TqDT/dblc//L58P/////////////////////////////////////////////8+v/3p3f/9IVC//SFQv/0hUL/9IVC//rIqf/////////////////9/f31////DP7+/ln////////////////f9v7/Cbz2/zOwhv9TqDT/U6g0/2KwRv/v9+z///////////////////////////////////////////////////////738//1kFT/9IVC//SFQv/0hUL/9plg///////////////////////+/v5W/f39nP///////////////4jf/f8FvPv/Bbz7/yG1s/9QqDz/vN2w//////////////////////////////////////////////////////////////////rHqP/0hUL/9IVC//SFQv/0hUL//vDn//////////////////39/Zn9/f3L////////////////R878/wW8+/8FvPv/Bbz7/y7C5P/7/fr//////////////////////////////////////////////////////////////////ere//SFQv/0hUL/9IVC//SFQv/718H//////////////////f39yP39/ez///////////////8cwvv/Bbz7/wW8+/8FvPv/WNL8///////////////////////////////////////0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//rIqv/////////////////9/f3q/f39+v///////////////we9+/8FvPv/Bbz7/wW8+/993P3///////////////////////////////////////SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/+cGf//////////////////39/fn9/f36////////////////B737/wW8+/8FvPv/Bbz7/33c/f//////////////////////////////////////9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/6xaX//////////////////f39+f39/e3///////////////8cwvv/Bbz7/wW8+/8FvPv/WdP8///////////////////////////////////////0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//vVv//////////////////9/f3q/f39y////////////////0bN/P8FvPv/Bbz7/wW8+/8hrvn/+/v///////////////////////////////////////////////////////////////////////////////////////////////////////////////////39/cj9/f2c////////////////ht/9/wW8+/8FvPv/FZP1/zRJ6/+zuPf//////////////////////////////////////////////////////////////////////////////////////////////////////////////////f39mf7+/lr////////////////d9v7/B7n7/yB38f81Q+r/NUPq/0hV7P/u8P3////////////////////////////////////////////////////////////////////////////////////////////////////////////+/v5X////D/39/ff///////////////9tkPT/NUPq/zVD6v81Q+r/NUPq/2Fs7//y8v7////////////////////////////////////////////09f7//////////////////////////////////////////////////f399f7+/g0AAAAA/f39n////////////////+Tm/P89Suv/NUPq/zVD6v81Q+r/NUPq/1Bc7f/IzPn/////////////////////////////////x8v5/0xY7P+MlPP////////////////////////////////////////////9/f2cAAAAAAAAAAD+/v4n/f39/P///////////////7W69/81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v9ZZe7/k5v0/6609/+vtff/lJv0/1pm7v81Q+r/NUPq/zVD6v+GjvL//v7//////////////////////////////f39+/7+/iQAAAAAAAAAAAAAAAD9/f2N/////////////////////6Cn9f81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v+BivL////////////////////////////9/f2KAAAAAAAAAAAAAAAAAAAAAP7+/gv9/f3V/////////////////////7W69/8+S+v/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/P0zr/7q/+P///////////////////////f390v7+/gkAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/ib9/f3r/////////////////////+Xn/P94gfH/NkTq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NkTq/3Z/8f/l5/z///////////////////////39/er+/v4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/jL9/f3r///////////////////////////k5vz/nqX1/2p08P9IVez/OEbq/zdF6v9GU+z/aHLv/5qh9f/i5Pz////////////////////////////9/f3q////MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/ib9/f3V/////////////////////////////////////////////////////////////////////////////////////////////////f390v7+/iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wr9/f2N/f39/P///////////////////////////////////////////////////////////////////////////f39+/39/Yv+/v4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/v4n/f39n/39/ff//////////////////////////////////////////////////////f399v39/Z3+/v4lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v7+Dv7+/lr9/f2c/f39y/39/e39/f36/f39+v39/ez9/f3L/f39nP7+/ln+/v4OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/AA///AAD//AAAP/gAAB/wAAAP4AAAB8AAAAPAAAADgAAAAYAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABgAAAAcAAAAPAAAAD4AAAB/AAAA/4AAAf/AAAP/8AAP//wAP/",
         "imagemd5" : "f3418a443e7d841097c714d69ec4bcb8",
         "imagemmh3" : 708578229,
         "length" : 5430,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "97271fa3826f7429a07da5fa59d4c9d0",
         "bodymmh3" : -186790014,
         "headermd5" : "cefd9a8dba25d7526370154af1b55f6e",
         "headermmh3" : 434744088,
         "title" : "301 Moved"
      },
      "length" : 1053
   },
   "asn" : "AS4766",
   "basicconstraints" : "critical",
   "ca" : "true",
   "city" : "Guri-si",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved Permanently\r\nLocation: http://www.google.com:33034/\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-7fAtDxadchC0mibtfacjKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp\r\nCross-Origin-Opener-Policy: same-origin-allow-popups; report-to=\"gws\"\r\nReport-To: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\nDate: Thu, 21 Nov 2024 08:29:07 GMT\r\nExpires: Sat, 21 Dec 2024 08:29:07 GMT\r\nCache-Control: public, max-age=2592000\r\nServer: gws\r\nContent-Length: 225\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\nAlt-Svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nConnection: close\r\n\r\n<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"http://www.google.com:33034/\">here</A>.\r\n</BODY></HTML>\r\n",
   "datamd5" : "34e0dc92869ac5a13646236e658c091e",
   "datammh3" : -1721529601,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "invalid2.invalid"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "904ac8d5445ad06a8a10ffcd8b11be16",
      "sha1" : "4259517cd4e48a289d332ab3f0ab52a366322824",
      "sha256" : "d5129635a050f63dd607ffa9271eefaab597c0975809765dad253973fc554d25"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "175.194.128.0/19"
   },
   "hostname" : [
      "invalid2.invalid"
   ],
   "ip" : "175.194.139.29",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "invalid2.invalid",
      "organizationalunit" : "No SNI provided; please fix your client."
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment",
      "keyCertSign"
   ],
   "latitude" : "37.5945",
   "location" : "37.5945,127.1321",
   "longitude" : "127.1321",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 33034,
   "product" : "GWS",
   "productvendor" : "Google",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Moved Permanently",
   "seen_date" : "2024-11-21",
   "serial" : "90:76:89:18:e9:33:93:a0",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 301,
   "subject" : {
      "commonname" : "invalid2.invalid",
      "organizationalunit" : "No SNI provided; please fix your client."
   },
   "subnet" : "175.194.128.0/19",
   "tld" : [
      "invalid"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2030-01-01T00:00:00Z",
      "notbefore" : "2015-01-01T00:00:00Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

125.143.82.244

Network

125.143.0.0/17

Domain(s)

invalid2.invalid

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://125.143.82.244:33034/ 301

HTTP Title

301 Moved

ASN

AS4766

Organization

Korea Telecom

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

Product

Google GWS

CPE(s)

<enterprise field>: cpe

Issuer Common Name

invalid2.invalid

Subject Common Name

invalid2.invalid

SHA256 Fingerprint

d5129635a050f63dd607ffa9271eefaab597c0975809765dad253973fc554d25

Validity Not Before

2015-01-01T00:00:00Z

Validity Not After

2030-01-01T00:00:00Z

Data MD5

6722b8c3cb4717e4235a7132e4132290

HTTP Header MD5

e4e64d3ab258cb27820efc3116436f66

HTTP Body MD5

97271fa3826f7429a07da5fa59d4c9d0

Favicon MD5

f3418a443e7d841097c714d69ec4bcb8

Favicon MMH3

708578229

HTTP/1.1 301 Moved Permanently
Location: http://www.google.com:33034/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-niDpla6-wjoXnniBtzLYNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Date: Thu, 21 Nov 2024 08:29:22 GMT
Expires: Sat, 21 Dec 2024 08:29:22 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 225
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com:33034/">here</A>.
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:36:07.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "google.com",
            "withgoogle.com"
         ],
         "hostname" : [
            "csp.withgoogle.com",
            "www.google.com"
         ],
         "url" : [
            "http://www.google.com:33034/",
            "https://csp.withgoogle.com/csp/gws/other-hp",
            "https://csp.withgoogle.com/csp/report-to/gws/other"
         ]
      },
      "favicon" : {
         "image" : "AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///zD9/f2W/f392P39/fn9/f35/f391/39/ZT+/v4uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v7+Cf39/Zn///////////////////////////////////////////39/ZX///8IAAAAAAAAAAAAAAAA/v7+Cf39/cH/////+v35/7TZp/92ul3/WKs6/1iqOv9yuFn/rNWd//j79v///////f39v////wgAAAAAAAAAAP39/Zn/////7PXp/3G3WP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP+Or1j//vDo///////9/f2VAAAAAP///zD/////+vz5/3G3V/9TqDT/WKo6/6LQkf/U6cz/1urO/6rUm/+Zo0r/8IZB//adZ////v7///////7+/i79/f2Y/////4nWzf9Lqkj/Vqo4/9Xqzv///////////////////////ebY//SHRv/0hUL//NjD///////9/f2U/f392v////8sxPH/Ebzt/43RsP/////////////////////////////////4roL/9IVC//i1jf///////f391/39/fr/////Cr37/wW8+/+16/7/////////////////9IVC//SFQv/0hUL/9IVC//SFQv/3pnX///////39/fn9/f36/////wu++/8FvPv/tuz+//////////////////SFQv/0hUL/9IVC//SFQv/0hUL/96p7///////9/f35/f392/////81yfz/CrL5/2uk9v///////////////////////////////////////////////////////f392P39/Zn/////ks/7/zdS7P84Rur/0NT6///////////////////////9/f////////////////////////39/Zb+/v4y//////n5/v9WYu3/NUPq/ztJ6/+VnPT/z9L6/9HU+v+WnfT/Ul7t/+Hj/P////////////////////8wAAAAAP39/Z3/////6Or9/1hj7v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v9sdvD////////////9/f2YAAAAAAAAAAD///8K/f39w//////5+f7/paz2/11p7v88Suv/Okfq/1pm7v+iqfX/+fn+///////9/f3B/v7+CQAAAAAAAAAAAAAAAP///wr9/f2d///////////////////////////////////////////9/f2Z/v7+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/jL9/f2Z/f392/39/fr9/f36/f392v39/Zj///8wAAAAAAAAAAAAAAAAAAAAAPAPAADAAwAAgAEAAIABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIABAACAAQAAwAMAAPAPAAAoAAAAIAAAAEAAAAABACAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/g3+/v5X/f39mf39/cj9/f3q/f39+f39/fn9/f3q/f39yP39/Zn+/v5W////DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/iT9/f2c/f399f/////////////////////////////////////////////////////9/f31/f39mv7+/iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/gn9/f2K/f39+////////////////////////////////////////////////////////////////////////////f39+v39/Yf///8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/v4k/f390v////////////////////////////////////////////////////////////////////////////////////////////////39/dD///8iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////MP39/er//////////////////////////+r05v+v16H/gsBs/2WxSf9Wqjj/Vqk3/2OwRv99vWX/pdKV/97u2P////////////////////////////39/ej+/v4vAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/iT9/f3q/////////////////////+v15/+Pxnv/VKk2/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/36+Z//d7tf///////////////////////39/ej///8iAAAAAAAAAAAAAAAAAAAAAAAAAAD///8K/f390//////////////////////E4bn/XKw+/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1apN/+x0pv///////////////////////39/dD///8IAAAAAAAAAAAAAAAAAAAAAP39/Yv/////////////////////sdij/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9TqDT/YKU1/8qOPv/5wZ////////////////////////39/YcAAAAAAAAAAAAAAAD+/v4l/f39+////////////////8Lgt/9TqDT/U6g0/1OoNP9TqDT/U6g0/1OoNP9utlT/n86N/7faqv+426v/pdKV/3u8ZP9UqDX/U6g0/3egN//jiUH/9IVC//SFQv/82MP//////////////////f39+v7+/iMAAAAAAAAAAP39/Z3////////////////q9Ob/W6w+/1OoNP9TqDT/U6g0/1OoNP9nskz/zOXC/////////////////////////////////+Dv2v+osWP/8YVC//SFQv/0hUL/9IVC//WQVP/++fb//////////////////f39mgAAAAD+/v4O/f399v///////////////4LHj/9TqDT/U6g0/1OoNP9TqDT/dblc//L58P/////////////////////////////////////////////8+v/3p3f/9IVC//SFQv/0hUL/9IVC//rIqf/////////////////9/f31////DP7+/ln////////////////f9v7/Cbz2/zOwhv9TqDT/U6g0/2KwRv/v9+z///////////////////////////////////////////////////////738//1kFT/9IVC//SFQv/0hUL/9plg///////////////////////+/v5W/f39nP///////////////4jf/f8FvPv/Bbz7/yG1s/9QqDz/vN2w//////////////////////////////////////////////////////////////////rHqP/0hUL/9IVC//SFQv/0hUL//vDn//////////////////39/Zn9/f3L////////////////R878/wW8+/8FvPv/Bbz7/y7C5P/7/fr//////////////////////////////////////////////////////////////////ere//SFQv/0hUL/9IVC//SFQv/718H//////////////////f39yP39/ez///////////////8cwvv/Bbz7/wW8+/8FvPv/WNL8///////////////////////////////////////0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//rIqv/////////////////9/f3q/f39+v///////////////we9+/8FvPv/Bbz7/wW8+/993P3///////////////////////////////////////SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/+cGf//////////////////39/fn9/f36////////////////B737/wW8+/8FvPv/Bbz7/33c/f//////////////////////////////////////9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/6xaX//////////////////f39+f39/e3///////////////8cwvv/Bbz7/wW8+/8FvPv/WdP8///////////////////////////////////////0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//SFQv/0hUL/9IVC//vVv//////////////////9/f3q/f39y////////////////0bN/P8FvPv/Bbz7/wW8+/8hrvn/+/v///////////////////////////////////////////////////////////////////////////////////////////////////////////////////39/cj9/f2c////////////////ht/9/wW8+/8FvPv/FZP1/zRJ6/+zuPf//////////////////////////////////////////////////////////////////////////////////////////////////////////////////f39mf7+/lr////////////////d9v7/B7n7/yB38f81Q+r/NUPq/0hV7P/u8P3////////////////////////////////////////////////////////////////////////////////////////////////////////////+/v5X////D/39/ff///////////////9tkPT/NUPq/zVD6v81Q+r/NUPq/2Fs7//y8v7////////////////////////////////////////////09f7//////////////////////////////////////////////////f399f7+/g0AAAAA/f39n////////////////+Tm/P89Suv/NUPq/zVD6v81Q+r/NUPq/1Bc7f/IzPn/////////////////////////////////x8v5/0xY7P+MlPP////////////////////////////////////////////9/f2cAAAAAAAAAAD+/v4n/f39/P///////////////7W69/81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v9ZZe7/k5v0/6609/+vtff/lJv0/1pm7v81Q+r/NUPq/zVD6v+GjvL//v7//////////////////////////////f39+/7+/iQAAAAAAAAAAAAAAAD9/f2N/////////////////////6Cn9f81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v+BivL////////////////////////////9/f2KAAAAAAAAAAAAAAAAAAAAAP7+/gv9/f3V/////////////////////7W69/8+S+v/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/P0zr/7q/+P///////////////////////f390v7+/gkAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/ib9/f3r/////////////////////+Xn/P94gfH/NkTq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NUPq/zVD6v81Q+r/NkTq/3Z/8f/l5/z///////////////////////39/er+/v4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/jL9/f3r///////////////////////////k5vz/nqX1/2p08P9IVez/OEbq/zdF6v9GU+z/aHLv/5qh9f/i5Pz////////////////////////////9/f3q////MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7+/ib9/f3V/////////////////////////////////////////////////////////////////////////////////////////////////f390v7+/iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wr9/f2N/f39/P///////////////////////////////////////////////////////////////////////////f39+/39/Yv+/v4JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/v4n/f39n/39/ff//////////////////////////////////////////////////////f399v39/Z3+/v4lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v7+Dv7+/lr9/f2c/f39y/39/e39/f36/f39+v39/ez9/f3L/f39nP7+/ln+/v4OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/AA///AAD//AAAP/gAAB/wAAAP4AAAB8AAAAPAAAADgAAAAYAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAABgAAAAcAAAAPAAAAD4AAAB/AAAA/4AAAf/AAAP/8AAP//wAP/",
         "imagemd5" : "f3418a443e7d841097c714d69ec4bcb8",
         "imagemmh3" : 708578229,
         "length" : 5430,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "97271fa3826f7429a07da5fa59d4c9d0",
         "bodymmh3" : -186790014,
         "headermd5" : "e4e64d3ab258cb27820efc3116436f66",
         "headermmh3" : 901506548,
         "title" : "301 Moved"
      },
      "length" : 1053
   },
   "asn" : "AS4766",
   "basicconstraints" : "critical",
   "ca" : "true",
   "city" : "Goryeong-gun",
   "country" : "KR",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 301 Moved Permanently\r\nLocation: http://www.google.com:33034/\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-niDpla6-wjoXnniBtzLYNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp\r\nCross-Origin-Opener-Policy: same-origin-allow-popups; report-to=\"gws\"\r\nReport-To: {\"group\":\"gws\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gws/other\"}]}\r\nDate: Thu, 21 Nov 2024 08:29:22 GMT\r\nExpires: Sat, 21 Dec 2024 08:29:22 GMT\r\nCache-Control: public, max-age=2592000\r\nServer: gws\r\nContent-Length: 225\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\nAlt-Svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nConnection: close\r\n\r\n<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"http://www.google.com:33034/\">here</A>.\r\n</BODY></HTML>\r\n",
   "datamd5" : "6722b8c3cb4717e4235a7132e4132290",
   "datammh3" : 813657210,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "invalid2.invalid"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "904ac8d5445ad06a8a10ffcd8b11be16",
      "sha1" : "4259517cd4e48a289d332ab3f0ab52a366322824",
      "sha256" : "d5129635a050f63dd607ffa9271eefaab597c0975809765dad253973fc554d25"
   },
   "geolocus" : {
      "asn" : "AS4766",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "KR",
      "countryname" : "South Korea",
      "domain" : [
         "kt.com",
         "nic.or.kr"
      ],
      "isineu" : "false",
      "latitude" : "35.907757",
      "location" : "35.907757,127.766922",
      "longitude" : "127.766922",
      "netname" : "KORNET",
      "organization" : "Korea Telecom",
      "subnet" : "125.140.0.0/14"
   },
   "hostname" : [
      "invalid2.invalid"
   ],
   "ip" : "125.143.82.244",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "invalid2.invalid",
      "organizationalunit" : "No SNI provided; please fix your client."
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment",
      "keyCertSign"
   ],
   "latitude" : "35.7496",
   "location" : "35.7496,128.2971",
   "longitude" : "128.2971",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Korea Telecom",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 33034,
   "product" : "GWS",
   "productvendor" : "Google",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Moved Permanently",
   "seen_date" : "2024-11-21",
   "serial" : "90:76:89:18:e9:33:93:a0",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 301,
   "subject" : {
      "commonname" : "invalid2.invalid",
      "organizationalunit" : "No SNI provided; please fix your client."
   },
   "subnet" : "125.143.0.0/17",
   "tld" : [
      "invalid"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2030-01-01T00:00:00Z",
      "notbefore" : "2015-01-01T00:00:00Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

99.79.72.183

Network

99.79.0.0/16

Domain(s)

amazonaws.com defence-state.gc.ca

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://99.79.72.183:33034/ 200

HTTP Title

Login page

Reverse DNS

ec2-99-79-72-183.ca-central-1.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

HTTP Component(s)

expressjs Express

CPE(s)

<enterprise field>: cpe

Issuer Common Name

Amazon RSA 2048 M01

Issuer Organization

Amazon

Subject Common Name

preprod.defence-state.gc.ca

SHA256 Fingerprint

01bf556075e56a3a5759e2b8ba6a7668bb6a000a40b631f7a7cd5cec73625be3

Validity Not Before

2023-11-22T08:20:33Z

Validity Not After

2025-11-21T08:20:33Z

Data MD5

1e5f7a6930a955f8b62f9569fc89d5d7

HTTP Header MD5

f3736a2bbf3563dafc294636fe77e854

HTTP Body MD5

5c145f4eedb61f6bd371896620dacd64

Favicon MD5

2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3

-1216248324

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Nov 2024 08:29:30 GMT
Server: NetApp//8.1RC2
X-Powered-By: Express
Content-Length: 557
Content-Type: text/html
Set-Cookie: csrftoken=j2Xwp3v9l8984cVVd2xM

<html><head><link rel="icon" href="/favicon_3d69a2f7-92c9-431e-a4a6-cac5fe2a4f50.ico"><title>Login page</title></head><body><div>8bcqbubvsxbg1beljv94t7wqdsmcap</div><span>f3eihktdwjfkmxnclevgcz55v</span><div>zf6l2v08zyoyq8</div><h2>wjf8kpvbz8pqq6yx651ica</h2><p>x7zs6ntyow7i3ined7pyiv</p><h1>gw830</h1><h1>l0uyf</h1><h3>04kf8f48r</h3><p>j6zavhyu</p><p>3jic565gzfu4z</p><p>7g3meh8g</p><span>ff00yu</span><h2>mu3qeyb</h2><h2>kpjgl1u</h2><span>1qgan5o</span><h3>mkwb2qi1udj56dpuz49p3hsm73a</h3><h2>teyau3qlfaugz7oo</h2><h1>35wj8kxzccc2zwyuvb</h1></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:36:06.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "5c145f4eedb61f6bd371896620dacd64",
         "bodymmh3" : -1313380406,
         "component" : [
            {
               "product" : "Express",
               "productvendor" : "expressjs"
            }
         ],
         "headermd5" : "f3736a2bbf3563dafc294636fe77e854",
         "headermmh3" : 2034403735,
         "title" : "Login page"
      },
      "length" : 769
   },
   "asn" : "AS16509",
   "city" : "Montreal",
   "country" : "CA",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 08:29:30 GMT\r\nServer: NetApp//8.1RC2\r\nX-Powered-By: Express\r\nContent-Length: 557\r\nContent-Type: text/html\r\nSet-Cookie: csrftoken=j2Xwp3v9l8984cVVd2xM\r\n\r\n<html><head><link rel=\"icon\" href=\"/favicon_3d69a2f7-92c9-431e-a4a6-cac5fe2a4f50.ico\"><title>Login page</title></head><body><div>8bcqbubvsxbg1beljv94t7wqdsmcap</div><span>f3eihktdwjfkmxnclevgcz55v</span><div>zf6l2v08zyoyq8</div><h2>wjf8kpvbz8pqq6yx651ica</h2><p>x7zs6ntyow7i3ined7pyiv</p><h1>gw830</h1><h1>l0uyf</h1><h3>04kf8f48r</h3><p>j6zavhyu</p><p>3jic565gzfu4z</p><p>7g3meh8g</p><span>ff00yu</span><h2>mu3qeyb</h2><h2>kpjgl1u</h2><span>1qgan5o</span><h3>mkwb2qi1udj56dpuz49p3hsm73a</h3><h2>teyau3qlfaugz7oo</h2><h1>35wj8kxzccc2zwyuvb</h1></body></html>",
   "datamd5" : "1e5f7a6930a955f8b62f9569fc89d5d7",
   "datammh3" : -1239876065,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com",
      "defence-state.gc.ca"
   ],
   "fingerprint" : {
      "md5" : "fc24fbd130cd4102533a9ef3bf86bcf0",
      "sha1" : "fb76c6d93621e2689dc9a0c60d4a20e8f1738428",
      "sha256" : "01bf556075e56a3a5759e2b8ba6a7668bb6a000a40b631f7a7cd5cec73625be3"
   },
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "CA",
      "countryname" : "Canada",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "56.130366",
      "location" : "56.130366,-106.346771",
      "longitude" : "-106.346771",
      "netname" : "AMAZON-YUL",
      "organization" : "Amazon Data Services Canada",
      "subnet" : "99.79.0.0/16"
   },
   "host" : [
      "ec2-99-79-72-183",
      "preprod"
   ],
   "hostname" : [
      "ec2-99-79-72-183.ca-central-1.compute.amazonaws.com",
      "preprod.defence-state.gc.ca"
   ],
   "ip" : "99.79.72.183",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "Amazon RSA 2048 M01",
      "country" : "US",
      "organization" : "Amazon"
   },
   "latitude" : "45.5075",
   "location" : "45.5075,-73.5887",
   "longitude" : "-73.5887",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 33034,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "ec2-99-79-72-183.ca-central-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "5d:40:ee:cd:ab:7d:d3:91:cd:ef:6a:d4:c9:de:92:15:8c:f8:b9:f5",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "ca-central-1.compute.amazonaws.com",
      "compute.amazonaws.com"
   ],
   "subject" : {
      "commonname" : "preprod.defence-state.gc.ca"
   },
   "subnet" : "99.79.0.0/16",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "gc.ca"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-21T08:20:33Z",
      "notbefore" : "2023-11-22T08:20:33Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}