IP

35.166.40.229

Network

35.160.0.0/13

Domain(s)

amazonaws.com first-airforce.us

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://35.166.40.229:9404/ 200

Reverse DNS

ec2-35-166-40-229.us-west-2.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign RSA OV SSL CA 2018

Issuer Organization

GlobalSign nv-sa

Subject Common Name

*.first-airforce.us

SHA256 Fingerprint

804700d7d235e1d370cb018a81220f31c3f44dc52c54c3f116403b643422109f

Validity Not Before

2023-11-22T09:59:19Z

Validity Not After

2025-11-21T09:59:19Z

Data MD5

97f64c9c6bf158d0d05d3f05372b5a7a

HTTP Header MD5

9f060a9cb1b31c417a3a68e629ae97e3

HTTP Body MD5

c25cbaf569d22e9f526ff69fe9e61bbf

Favicon MD5

2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3

-1216248324

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Nov 2024 10:07:07 GMT
Server: nginx
Content-Length: 583
Content-Type: text/html

<html style="background:#007cef">
<head>
<meta http-equiv="expires" content="0">
<script type='text/javascript'>
pr=(document.location.protocol == 'https:') ? 'https' : 'http';
pt=(location.port == '') ? '' : ':' + location.port;
redirect_suffix = "/redirect.html?count="+Math.random();
if(location.hostname.indexOf(':') == -1)
{
location.href=pr+"://"+location.hostname+pt+redirect_suffix;
}
else    //could be ipv6 addr
{
var url = "";
url=pr+"://["+ location.hostname.replace(/[\[\]]/g, '') +"]"+pt+redirect_suffix;
location.href = url;
}
</script>
</head>
<body>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T10:14:05.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "c25cbaf569d22e9f526ff69fe9e61bbf",
         "bodymmh3" : 2073015905,
         "headermd5" : "9f060a9cb1b31c417a3a68e629ae97e3",
         "headermmh3" : 1097532503
      },
      "length" : 719
   },
   "asn" : "AS16509",
   "city" : "Boardman",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 10:07:07 GMT\r\nServer: nginx\r\nContent-Length: 583\r\nContent-Type: text/html\r\n\r\n<html style=\"background:#007cef\">\n<head>\n<meta http-equiv=\"expires\" content=\"0\">\n<script type='text/javascript'>\npr=(document.location.protocol == 'https:') ? 'https' : 'http';\npt=(location.port == '') ? '' : ':' + location.port;\nredirect_suffix = \"/redirect.html?count=\"+Math.random();\nif(location.hostname.indexOf(':') == -1)\n{\nlocation.href=pr+\"://\"+location.hostname+pt+redirect_suffix;\n}\nelse    //could be ipv6 addr\n{\nvar url = \"\";\nurl=pr+\"://[\"+ location.hostname.replace(/[\\[\\]]/g, '') +\"]\"+pt+redirect_suffix;\nlocation.href = url;\n}\n</script>\n</head>\n<body>\n</body>\n</html>\n",
   "datamd5" : "97f64c9c6bf158d0d05d3f05372b5a7a",
   "datammh3" : 1079192638,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com",
      "first-airforce.us"
   ],
   "fingerprint" : {
      "md5" : "0f94f895c399bc862b129240825a6230",
      "sha1" : "3e8abc117a18f4d56273723e950d1c1c8d97a705",
      "sha256" : "804700d7d235e1d370cb018a81220f31c3f44dc52c54c3f116403b643422109f"
   },
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZO-ZPDX9",
      "organization" : "Amazon.com, Inc.",
      "subnet" : "35.160.0.0/13"
   },
   "host" : [
      "ec2-35-166-40-229"
   ],
   "hostname" : [
      "ec2-35-166-40-229.us-west-2.compute.amazonaws.com"
   ],
   "ip" : "35.166.40.229",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign RSA OV SSL CA 2018",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "latitude" : "45.8491",
   "location" : "45.8491,-119.7143",
   "longitude" : "-119.7143",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 9404,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "ec2-35-166-40-229.us-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "69:a0:b6:83:ab:df:ef:36:07:3c:37:11:44:8a:f0:50:0b:de:a6:02",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute.amazonaws.com",
      "us-west-2.compute.amazonaws.com"
   ],
   "subject" : {
      "commonname" : "*.first-airforce.us"
   },
   "subnet" : "35.160.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "us"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-21T09:59:19Z",
      "notbefore" : "2023-11-22T09:59:19Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

210.152.155.197

Network

210.152.128.0/18

Domain(s)

absonne.com

Device

<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product <enterprise field>: device.productversion

Operating System

Juniper JunOS

URL

https://210.152.155.197:9404/dana-na/auth/url_default/welcome.cgi 200

HTTP Title

absonne リモートアクセスサイト

ASN

AS4694

Organization

IDC Frontier Inc.

Protocol

http Cert not expired http

Source

datascan::redirect::1

Operating System

Juniper JunOS

HTTP Component(s)

PulseSecure Pulse Connect Secure

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign RSA OV SSL CA 2018

Issuer Organization

GlobalSign nv-sa

Subject Organization

NS Solutions Corporation

Subject Common Name

*.absonne.com

Subject Alt Name

*.absonne.com absonne.com

SHA256 Fingerprint

80ac87a4e3acd3c58f6fa4499a4bffa362295d4687b1e9c4c8470489fa3c3b85

Validity Not Before

2024-03-21T00:36:01Z

Validity Not After

2025-04-22T00:36:00Z

Data MD5

0845ac1807db4df6f43ff3ee69a5c387

HTTP Header MD5

b317455c9c862b554e59f084c0b7fa39

HTTP Body MD5

c6a19560dcfca6466133c1eda70a392e

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Thu, 21 Nov 2024 08:08:05 GMT
x-frame-options: SAMEORIGIN
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
Strict-Transport-Security: max-age=31536000




<html>
<head>
<meta http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html">
<meta name="robots" content="none">
<link rel="icon" href="/dana-na/imgs/Ivanti_favicon.png" type="image/png">
<title>absonne リモートアクセスサイト</title>

<script src="/dana-na/css/ds_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.js"></script>
<script>
        WriteCSS();
</script>
<noscript>
<link rel="stylesheet" href="/dana-na/css/ds_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.css">
</noscript>

<script>
<!--
if (window.top != self) {
	top.location = location;
}
if(window.name == "newpincancel" || window.name == "nexttokencancel") {
   window.close();
}
//--></script>
<script>
<!--
function hideJSWarn() {
    if(window.top == self) {
        document.getElementById('noJSWarn').style.display = "none";
    }
}
//--></script>

<script src="/dana-na/auth/lastauthserverused_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.js"></script>
<script>function deletepreauth() {
    document.cookie = "DSPREAUTH="+ escape("")+ ";path=/dana-na/;expires=12-Nov-1996";
}
</script>

</head>

<body onload="FinishLoad(1);hideJSWarn();" bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0">

<div id="noJSWarn" class="cssSecurityWarning">Your browser is executing scripts on this page. If this message persists, please make sure that you are visiting a correct site and JavaSript support is enabled in your browser, and then try again.</div>
<table id="table_LoginPage_1" border="0" width="100%" cellspacing="0" cellpadding="3">        <tr>
            <td bgcolor="C4C4C4"><img border="0" src="welcome.cgi?p=logo&signinId=url_default" alt="Logo"></td>
            <td bgcolor="C4C4C4" align="right">&nbsp;</td>
        </tr></table>
<table id="table_LoginPage_2" cellpadding="0" cellspacing="0" border="0" width="100%">
        <tr>
                <td bgcolor="#000000" colspan="2"><img border="0" src="/dana-na/imgs/space.gif" width="1" height="1"></td>
        </tr>
</table>
<blockquote><form id="frmLogin_4" name="frmLogin" action="login.cgi" method="POST" autocomplete="off" onsubmit="return Login(1)">
        <input id="tz_offset_5" type="hidden" name="tz_offset">
        <input id="client_mac" type="hidden" name="clientMAC" value="">
        <input id="xsauth_token" type="hidden" name="xsauth_token" value="a4c83818af02c800f04821f3fa39bc4e">
        <table id="table_LoginPage_3" border="0" cellpadding="2" cellspacing="0">
                                        <tr>
                                                <td nowrap  colspan="3"><b></b></td>
                                        </tr>
                                        <tr>
                                                <td nowrap  colspan="3"><span class="cssLarge"><b>absonne リモートアクセスサイト</b></span></td></tr>
                                      
                                        <tr>
                                              <td colspan="3">&nbsp;</td>
                                        </tr>
				<tr>
				
                                <td valign="top">
                                
                                        <table id="table_LoginPage_6" border="0" cellspacing="0" cellpadding="2">													<tr>
														<td>アカウント</td>
														<td>&nbsp;</td>
														<td><input id="username" type="text" name="username" size="20"></td>
													</tr>													<tr>
														<td>パスワード</td>
														<td>&nbsp;</td>
														<td><input id="password" type="password" name="password" size="20"></td>
													</tr>													<tr>
														<td>ワンタイムパスワード</td>
														<td>&nbsp;</td>
														<td><input id="passwordSecondary" type="password" name="password#2" size="20"></td>
													</tr>                                                <tr>                                                                <input id="realm_16" type="hidden" name="realm" value="user_realm">                                                </tr>                                                <tr>
                                                        <td colspan="3">&nbsp;</td>
                                                </tr>
                                                <tr>
                                                        <td>&nbsp;</td>
                                                        <td>&nbsp;</td>
                                                        <td><input id="btnSubmit_6" type="submit" value="ログイン" name="btnSubmit">&nbsp;</td>
                                                </tr>                                        </table>
                              
                        </td>
                        <td valign="top">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td valign="top"><table id="TABLE_LoginPage_1" border="0" cellspacing="0" cellpadding="2">
<tr><td></tr></td></table></td>
	</tr>
        </table>  </form>
</blockquote>

<table id="table_LoginPage_9" border="0" cellspacing="0" cellpadding="0" width="100%">
	<tr>
		<td background="/dana-na/imgs/footerbg.gif">
			<table id="table_LoginPage_10" cellpadding="0" cellspacing="0" border="0" width="100%">
        <tr>
					<td><img src="/dana-na/imgs/space.gif" width="10" height="10"></td>
					<td><img src="/dana-na/imgs/space.gif" width="1" height="2"></td>
					<td><img src="/dana-na/imgs/space.gif" width="10" height="10"></td>
        </tr>
				<tr valign="top">
					<td><img src="/dana-na/imgs/space.gif" width="10" height="1"></td>
					<td nowrap ><br><br><br><br>
					<td align="right"><img src="/dana-na/imgs/space.gif" width="10" height="10"></td>
        </tr>
			</table>
		</td>
        </tr>
        <tr>
		<td colspan="2"><img border="0" src="/dana-na/imgs/space.gif" height="6" width="1" alt=""></td>
        </tr>
</table>

</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:08:06.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "http" : {
         "bodymd5" : "c6a19560dcfca6466133c1eda70a392e",
         "bodymmh3" : 2069009203,
         "component" : [
            {
               "product" : "Pulse Connect Secure",
               "productvendor" : "PulseSecure"
            }
         ],
         "headermd5" : "b317455c9c862b554e59f084c0b7fa39",
         "headermmh3" : 2134454300,
         "title" : "absonne \u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u30b5\u30a4\u30c8"
      },
      "length" : 6336
   },
   "asn" : "AS4694",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Kitakyushu",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nDate: Thu, 21 Nov 2024 08:08:05 GMT\r\nx-frame-options: SAMEORIGIN\r\nConnection: close\r\nPragma: no-cache\r\nCache-Control: no-store\r\nExpires: -1\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n\n\n\n<html>\n<head>\n<meta http-equiv=\"Content-Language\">\n<meta http-equiv=\"Content-Type\" content=\"text/html\">\n<meta name=\"robots\" content=\"none\">\n<link rel=\"icon\" href=\"/dana-na/imgs/Ivanti_favicon.png\" type=\"image/png\">\n<title>absonne \u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u30b5\u30a4\u30c8</title>\n\n<script src=\"/dana-na/css/ds_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.js\"></script>\n<script>\n        WriteCSS();\n</script>\n<noscript>\n<link rel=\"stylesheet\" href=\"/dana-na/css/ds_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.css\">\n</noscript>\n\n<script>\n<!--\nif (window.top != self) {\n\ttop.location = location;\n}\nif(window.name == \"newpincancel\" || window.name == \"nexttokencancel\") {\n   window.close();\n}\n//--></script>\n<script>\n<!--\nfunction hideJSWarn() {\n    if(window.top == self) {\n        document.getElementById('noJSWarn').style.display = \"none\";\n    }\n}\n//--></script>\n\n<script src=\"/dana-na/auth/lastauthserverused_6e1c5a723b6402359835d9c06de9d0220881eed738003b0469211c38c1b474de.js\"></script>\n<script>function deletepreauth() {\n    document.cookie = \"DSPREAUTH=\"+ escape(\"\")+ \";path=/dana-na/;expires=12-Nov-1996\";\n}\n</script>\n\n</head>\n\n<body onload=\"FinishLoad(1);hideJSWarn();\" bgcolor=\"#FFFFFF\" color=\"#000000\" link=\"#3366CC\" vlink=\"#CC6699\" alink=\"#3366CC\" leftmargin=\"0\" topmargin=\"0\" rightmargin=\"0\" marginwidth=\"0\" marginheight=\"0\">\n\n<div id=\"noJSWarn\" class=\"cssSecurityWarning\">Your browser is executing scripts on this page. If this message persists, please make sure that you are visiting a correct site and JavaSript support is enabled in your browser, and then try again.</div>\n<table id=\"table_LoginPage_1\" border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"3\">        <tr>\n            <td bgcolor=\"C4C4C4\"><img border=\"0\" src=\"welcome.cgi?p=logo&signinId=url_default\" alt=\"Logo\"></td>\n            <td bgcolor=\"C4C4C4\" align=\"right\">&nbsp;</td>\n        </tr></table>\n<table id=\"table_LoginPage_2\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n        <tr>\n                <td bgcolor=\"#000000\" colspan=\"2\"><img border=\"0\" src=\"/dana-na/imgs/space.gif\" width=\"1\" height=\"1\"></td>\n        </tr>\n</table>\n<blockquote><form id=\"frmLogin_4\" name=\"frmLogin\" action=\"login.cgi\" method=\"POST\" autocomplete=\"off\" onsubmit=\"return Login(1)\">\n        <input id=\"tz_offset_5\" type=\"hidden\" name=\"tz_offset\">\n        <input id=\"client_mac\" type=\"hidden\" name=\"clientMAC\" value=\"\">\n        <input id=\"xsauth_token\" type=\"hidden\" name=\"xsauth_token\" value=\"a4c83818af02c800f04821f3fa39bc4e\">\n        <table id=\"table_LoginPage_3\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n                                        <tr>\n                                                <td nowrap  colspan=\"3\"><b></b></td>\n                                        </tr>\n                                        <tr>\n                                                <td nowrap  colspan=\"3\"><span class=\"cssLarge\"><b>absonne \u30ea\u30e2\u30fc\u30c8\u30a2\u30af\u30bb\u30b9\u30b5\u30a4\u30c8</b></span></td></tr>\n                                      \n                                        <tr>\n                                              <td colspan=\"3\">&nbsp;</td>\n                                        </tr>\n\t\t\t\t<tr>\n\t\t\t\t\n                                <td valign=\"top\">\n                                \n                                        <table id=\"table_LoginPage_6\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\t\t\t\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>\u30a2\u30ab\u30a6\u30f3\u30c8</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>&nbsp;</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td><input id=\"username\" type=\"text\" name=\"username\" size=\"20\"></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t</tr>\t\t\t\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>\u30d1\u30b9\u30ef\u30fc\u30c9</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>&nbsp;</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td><input id=\"password\" type=\"password\" name=\"password\" size=\"20\"></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t</tr>\t\t\t\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>\u30ef\u30f3\u30bf\u30a4\u30e0\u30d1\u30b9\u30ef\u30fc\u30c9</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td>&nbsp;</td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<td><input id=\"passwordSecondary\" type=\"password\" name=\"password#2\" size=\"20\"></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t</tr>                                                <tr>                                                                <input id=\"realm_16\" type=\"hidden\" name=\"realm\" value=\"user_realm\">                                                </tr>                                                <tr>\n                                                        <td colspan=\"3\">&nbsp;</td>\n                                                </tr>\n                                                <tr>\n                                                        <td>&nbsp;</td>\n                                                        <td>&nbsp;</td>\n                                                        <td><input id=\"btnSubmit_6\" type=\"submit\" value=\"\u30ed\u30b0\u30a4\u30f3\" name=\"btnSubmit\">&nbsp;</td>\n                                                </tr>                                        </table>\n                              \n                        </td>\n                        <td valign=\"top\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>\n\t\t\t<td valign=\"top\"><table id=\"TABLE_LoginPage_1\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n<tr><td></tr></td></table></td>\n\t</tr>\n        </table>  </form>\n</blockquote>\n\n<table id=\"table_LoginPage_9\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n\t<tr>\n\t\t<td background=\"/dana-na/imgs/footerbg.gif\">\n\t\t\t<table id=\"table_LoginPage_10\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n        <tr>\n\t\t\t\t\t<td><img src=\"/dana-na/imgs/space.gif\" width=\"10\" height=\"10\"></td>\n\t\t\t\t\t<td><img src=\"/dana-na/imgs/space.gif\" width=\"1\" height=\"2\"></td>\n\t\t\t\t\t<td><img src=\"/dana-na/imgs/space.gif\" width=\"10\" height=\"10\"></td>\n        </tr>\n\t\t\t\t<tr valign=\"top\">\n\t\t\t\t\t<td><img src=\"/dana-na/imgs/space.gif\" width=\"10\" height=\"1\"></td>\n\t\t\t\t\t<td nowrap ><br><br><br><br>\n\t\t\t\t\t<td align=\"right\"><img src=\"/dana-na/imgs/space.gif\" width=\"10\" height=\"10\"></td>\n        </tr>\n\t\t\t</table>\n\t\t</td>\n        </tr>\n        <tr>\n\t\t<td colspan=\"2\"><img border=\"0\" src=\"/dana-na/imgs/space.gif\" height=\"6\" width=\"1\" alt=\"\"></td>\n        </tr>\n</table>\n\n</body>\n</html>\n",
   "datamd5" : "0845ac1807db4df6f43ff3ee69a5c387",
   "datammh3" : -1326678492,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor",
      "productversion" : "<enterprise field>: device.productversion"
   },
   "domain" : [
      "absonne.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "750dfed80507acdb1565b305d9930974",
      "sha1" : "3560cb57170af995c8ac3bb53937f0f5315bd4ad",
      "sha256" : "80ac87a4e3acd3c58f6fa4499a4bffa362295d4687b1e9c4c8470489fa3c3b85"
   },
   "forward" : "210.152.155.197",
   "geolocus" : {
      "asn" : "AS4694",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "JP",
      "countryname" : "Japan",
      "domain" : [
         "idc.jp",
         "nic.ad.jp"
      ],
      "isineu" : "false",
      "latitude" : "36.204824",
      "location" : "36.204824,138.252924",
      "longitude" : "138.252924",
      "netname" : "JPNIC-NET-JP",
      "organization" : "Japan Network Information Center",
      "subnet" : "210.152.128.0/19"
   },
   "hostname" : [
      "210.152.155.197",
      "absonne.com"
   ],
   "ip" : "210.152.155.197",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign RSA OV SSL CA 2018",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "33.8483",
   "location" : "33.8483,130.8477",
   "longitude" : "130.8477",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "IDC Frontier Inc.",
   "os" : "JunOS",
   "osvendor" : "Juniper",
   "port" : 9404,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "seen_date" : "2024-11-21",
   "serial" : "1b:5d:9d:3e:34:c7:ed:81:c2:cb:8f:71",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan::redirect::1",
   "status" : 200,
   "subject" : {
      "altname" : [
         "*.absonne.com",
         "absonne.com"
      ],
      "city" : "Minato-ku",
      "commonname" : "*.absonne.com",
      "country" : "JP",
      "organization" : "NS Solutions Corporation"
   },
   "subnet" : "210.152.128.0/18",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/dana-na/auth/url_default/welcome.cgi",
   "validity" : {
      "notafter" : "2025-04-22T00:36:00Z",
      "notbefore" : "2024-03-21T00:36:01Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

210.152.155.197

Network

210.152.128.0/18

Domain(s)

absonne.com

Device

<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

Operating System

Juniper JunOS

URL

https://210.152.155.197:9404/ 302

ASN

AS4694

Organization

IDC Frontier Inc.

Protocol

http Cert not expired http

Source

datascan

Operating System

Juniper JunOS

HTTP Component(s)

PulseSecure Pulse Connect Secure

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign RSA OV SSL CA 2018

Issuer Organization

GlobalSign nv-sa

Subject Organization

NS Solutions Corporation

Subject Common Name

*.absonne.com

Subject Alt Name

*.absonne.com absonne.com

SHA256 Fingerprint

80ac87a4e3acd3c58f6fa4499a4bffa362295d4687b1e9c4c8470489fa3c3b85

Validity Not Before

2024-03-21T00:36:01Z

Validity Not After

2025-04-22T00:36:00Z

Data MD5

8abce088e8e63ce79fedad75ead6f63e

HTTP Header MD5

20dd8e34a95f4c9b73d19038a53be7f8

HTTP Body MD5

d41d8cd98f00b204e9800998ecf8427e

HTTP/1.1 302 Found
Location: /dana-na/auth/url_default/welcome.cgi
Content-Type: text/html; charset=utf-8
Set-Cookie: DSSIGNIN=url_default; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure
Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure
Set-Cookie: DSSignInURL=/; path=/; secure
Connection: close
Content-Length: 0
Strict-Transport-Security: max-age=31536000

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T08:01:57.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "d41d8cd98f00b204e9800998ecf8427e",
         "bodymmh3" : -1636538602,
         "component" : [
            {
               "product" : "Pulse Connect Secure",
               "productvendor" : "PulseSecure"
            }
         ],
         "headermd5" : "20dd8e34a95f4c9b73d19038a53be7f8",
         "headermmh3" : 412410156
      },
      "length" : 409
   },
   "asn" : "AS4694",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Kitakyushu",
   "country" : "JP",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nLocation: /dana-na/auth/url_default/welcome.cgi\r\nContent-Type: text/html; charset=utf-8\r\nSet-Cookie: DSSIGNIN=url_default; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure\r\nSet-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure\r\nSet-Cookie: DSSignInURL=/; path=/; secure\r\nConnection: close\r\nContent-Length: 0\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n",
   "datamd5" : "8abce088e8e63ce79fedad75ead6f63e",
   "datammh3" : 338269091,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "absonne.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "750dfed80507acdb1565b305d9930974",
      "sha1" : "3560cb57170af995c8ac3bb53937f0f5315bd4ad",
      "sha256" : "80ac87a4e3acd3c58f6fa4499a4bffa362295d4687b1e9c4c8470489fa3c3b85"
   },
   "geolocus" : {
      "asn" : "AS4694",
      "continent" : "AS",
      "continentname" : "Asia",
      "country" : "JP",
      "countryname" : "Japan",
      "domain" : [
         "idc.jp",
         "nic.ad.jp"
      ],
      "isineu" : "false",
      "latitude" : "36.204824",
      "location" : "36.204824,138.252924",
      "longitude" : "138.252924",
      "netname" : "JPNIC-NET-JP",
      "organization" : "Japan Network Information Center",
      "subnet" : "210.152.128.0/19"
   },
   "hostname" : [
      "absonne.com"
   ],
   "ip" : "210.152.155.197",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign RSA OV SSL CA 2018",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "33.8483",
   "location" : "33.8483,130.8477",
   "longitude" : "130.8477",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "IDC Frontier Inc.",
   "os" : "JunOS",
   "osvendor" : "Juniper",
   "port" : 9404,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Found",
   "seen_date" : "2024-11-21",
   "serial" : "1b:5d:9d:3e:34:c7:ed:81:c2:cb:8f:71",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 302,
   "subject" : {
      "altname" : [
         "*.absonne.com",
         "absonne.com"
      ],
      "city" : "Minato-ku",
      "commonname" : "*.absonne.com",
      "country" : "JP",
      "organization" : "NS Solutions Corporation"
   },
   "subnet" : "210.152.128.0/18",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-04-22T00:36:00Z",
      "notbefore" : "2024-03-21T00:36:01Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

100.26.199.113

Network

100.24.0.0/13

Domain(s)

amazonaws.com southinvestment-stealth.ua

Device

<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

Operating System

Juniper JunOS

URL

https://100.26.199.113:9404/ 200

HTTP Title

Ivanti Connect Secure

Reverse DNS

ec2-100-26-199-113.compute-1.amazonaws.com

ASN

AS14618

Organization

AMAZON-AES

Protocol

http Cert not expired http

Source

datascan

Operating System

Juniper JunOS

HTTP Component(s)

Ivanti Connect Secure

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign RSA OV SSL CA 2018

Issuer Organization

GlobalSign nv-sa

Subject Common Name

southinvestment-stealth.ua

SHA256 Fingerprint

91f67458ba396430fe000e09530e18bf50d0d5656398208f495ef45b3852efde

Validity Not Before

2023-11-22T06:50:07Z

Validity Not After

2025-11-21T06:50:07Z

Data MD5

b6d3a241174e5fbb65d88768f526cc4f

HTTP Header MD5

2ad59f08560ff26dde50963eb249438d

HTTP Body MD5

41fdbc9650454476e99026bd7f1a5217

Favicon MD5

2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3

-1216248324

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Nov 2024 06:50:07 GMT
Content-Length: 4680
Content-Type: text/html

<html lang="en">
   <head>
      <meta http-equiv="Content-Language">
      <meta http-equiv="Content-Type" content="text/html">
      <meta name="robots" content="none">
      <link rel="icon" href="/Product_favicon.png" type="image/png">
      <title>Ivanti Connect Secure</title>
   </head>
   <body onload="FinishLoad(1);hideJSWarn();setWin11();" bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0">
      <table id="table_LoginPage_1" border="0" width="100%" cellspacing="0" cellpadding="3">
         <tr>
            <td bgcolor="#FFFFFF"></td>
            <td bgcolor="#FFFFFF" align="right">&nbsp;</td>
         </tr>
      </table>
      <table id="table_LoginPage_2" cellpadding="0" cellspacing="0" border="0" width="100%">
         <tr>
            <td bgcolor="#000000" colspan="2"></td>
         </tr>
      </table>
      <blockquote>
         <form id="frmLogin_4" name="frmLogin" action="login.cgi" method="POST" autocomplete="off" onsubmit="return Login(1)">
            <input id="tz_offset_5" type="hidden" name="tz_offset">
            <input id="win11" type="hidden" name="win11" value="">
            <input id="uach" type="hidden" name="uach" value="">
            <input id="client_mac" type="hidden" name="clientMAC" value="">
            <input id="xsauth_token" type="hidden" name="xsauth_token" value="58fefe3c1b2717c8845c0d630ab035c3">
            <table id="table_LoginPage_3" border="0" cellpadding="2" cellspacing="0">
               <tr>
                  <td nowrap  colspan="3"><b>Welcome to</b></td>
               </tr>
               <tr>
                  <td nowrap  colspan="3"><span class="cssLarge"><b>Ivanti Connect Secure</b></span></td>
               </tr>
               <tr>
                  <td colspan="3">&nbsp;</td>
               </tr>
               <tr>
                  <td valign="top">
                     <table id="table_LoginPage_6" border="0" cellspacing="0" cellpadding="2">
                        <tr>
                           <td><label for="username">Username</label></td>
                           <td>&nbsp;</td>
                           <td><input id="username" type="text" name="username" size="20"></td>
                        </tr>
                        <tr>
                           <td><label for="password">Password</label></td>
                           <td>&nbsp;</td>
                           <td><input id="password" type="password" name="password" size="20"></td>
                        </tr>
                        <tr>                                                                <input id="realm_16" type="hidden" name="realm" value="OTS User Realm">                                                </tr>
                        <tr>
                           <td colspan="3">&nbsp;</td>
                        </tr>
                        <tr>
                           <td>&nbsp;</td>
                           <td>&nbsp;</td>
                           <td><input id="btnSubmit_6" type="submit" value="Sign In" name="btnSubmit">&nbsp;</td>
                        </tr>
                     </table>
                  </td>
                  <td valign="top">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                  <td valign="top">
                     <table tabindex="1" aria-label="instructions for user login page FILTER verbatim" role="alert" id="TABLE_LoginPage_1" border="0" cellspacing="0" cellpadding="2">
                        <tr>
                           <td>
                              Please sign in to begin your secure session.<br><br>
                              <noscript>Note: Javascript is disabled on your browser.</noscript>
                        </tr>
                        </td>
                     </table>
                  </td>
               </tr>
            </table>
         </form>
      </blockquote>
      <table id="table_LoginPage_9" border="0" cellspacing="0" cellpadding="0" width="100%">
         <tr>
            <td>
               <table id="table_LoginPage_10" cellpadding="0" cellspacing="0" border="0" width="100%">
                  <tr>
                     <td></td>
                     <td></td>
                     <td></td>
                  </tr>
                  <tr valign="top">
                     <td></td>
                     <td nowrap ><br><br><br><br>
                     <td align="right"></td>
                  </tr>
               </table>
            </td>
         </tr>
         <tr>
            <td colspan="2"></td>
         </tr>
      </table>
   </body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T06:57:06.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "41fdbc9650454476e99026bd7f1a5217",
         "bodymmh3" : -766336104,
         "component" : [
            {
               "productvendor" : "Ivanti",
               "product" : "Connect Secure"
            }
         ],
         "headermd5" : "2ad59f08560ff26dde50963eb249438d",
         "headermmh3" : -986001592,
         "title" : "Ivanti Connect Secure"
      },
      "length" : 4802
   },
   "asn" : "AS14618",
   "city" : "Ashburn",
   "country" : "US",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 06:50:07 GMT\r\nContent-Length: 4680\r\nContent-Type: text/html\r\n\r\n<html lang=\"en\">\n   <head>\n      <meta http-equiv=\"Content-Language\">\n      <meta http-equiv=\"Content-Type\" content=\"text/html\">\n      <meta name=\"robots\" content=\"none\">\n      <link rel=\"icon\" href=\"/Product_favicon.png\" type=\"image/png\">\n      <title>Ivanti Connect Secure</title>\n   </head>\n   <body onload=\"FinishLoad(1);hideJSWarn();setWin11();\" bgcolor=\"#FFFFFF\" color=\"#000000\" link=\"#3366CC\" vlink=\"#CC6699\" alink=\"#3366CC\" leftmargin=\"0\" topmargin=\"0\" rightmargin=\"0\" marginwidth=\"0\" marginheight=\"0\">\n      <table id=\"table_LoginPage_1\" border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"3\">\n         <tr>\n            <td bgcolor=\"#FFFFFF\"></td>\n            <td bgcolor=\"#FFFFFF\" align=\"right\">&nbsp;</td>\n         </tr>\n      </table>\n      <table id=\"table_LoginPage_2\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n         <tr>\n            <td bgcolor=\"#000000\" colspan=\"2\"></td>\n         </tr>\n      </table>\n      <blockquote>\n         <form id=\"frmLogin_4\" name=\"frmLogin\" action=\"login.cgi\" method=\"POST\" autocomplete=\"off\" onsubmit=\"return Login(1)\">\n            <input id=\"tz_offset_5\" type=\"hidden\" name=\"tz_offset\">\n            <input id=\"win11\" type=\"hidden\" name=\"win11\" value=\"\">\n            <input id=\"uach\" type=\"hidden\" name=\"uach\" value=\"\">\n            <input id=\"client_mac\" type=\"hidden\" name=\"clientMAC\" value=\"\">\n            <input id=\"xsauth_token\" type=\"hidden\" name=\"xsauth_token\" value=\"58fefe3c1b2717c8845c0d630ab035c3\">\n            <table id=\"table_LoginPage_3\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n               <tr>\n                  <td nowrap  colspan=\"3\"><b>Welcome to</b></td>\n               </tr>\n               <tr>\n                  <td nowrap  colspan=\"3\"><span class=\"cssLarge\"><b>Ivanti Connect Secure</b></span></td>\n               </tr>\n               <tr>\n                  <td colspan=\"3\">&nbsp;</td>\n               </tr>\n               <tr>\n                  <td valign=\"top\">\n                     <table id=\"table_LoginPage_6\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n                        <tr>\n                           <td><label for=\"username\">Username</label></td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"username\" type=\"text\" name=\"username\" size=\"20\"></td>\n                        </tr>\n                        <tr>\n                           <td><label for=\"password\">Password</label></td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"password\" type=\"password\" name=\"password\" size=\"20\"></td>\n                        </tr>\n                        <tr>                                                                <input id=\"realm_16\" type=\"hidden\" name=\"realm\" value=\"OTS User Realm\">                                                </tr>\n                        <tr>\n                           <td colspan=\"3\">&nbsp;</td>\n                        </tr>\n                        <tr>\n                           <td>&nbsp;</td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"btnSubmit_6\" type=\"submit\" value=\"Sign In\" name=\"btnSubmit\">&nbsp;</td>\n                        </tr>\n                     </table>\n                  </td>\n                  <td valign=\"top\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>\n                  <td valign=\"top\">\n                     <table tabindex=\"1\" aria-label=\"instructions for user login page FILTER verbatim\" role=\"alert\" id=\"TABLE_LoginPage_1\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n                        <tr>\n                           <td>\n                              Please sign in to begin your secure session.<br><br>\n                              <noscript>Note: Javascript is disabled on your browser.</noscript>\n                        </tr>\n                        </td>\n                     </table>\n                  </td>\n               </tr>\n            </table>\n         </form>\n      </blockquote>\n      <table id=\"table_LoginPage_9\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n         <tr>\n            <td>\n               <table id=\"table_LoginPage_10\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n                  <tr>\n                     <td></td>\n                     <td></td>\n                     <td></td>\n                  </tr>\n                  <tr valign=\"top\">\n                     <td></td>\n                     <td nowrap ><br><br><br><br>\n                     <td align=\"right\"></td>\n                  </tr>\n               </table>\n            </td>\n         </tr>\n         <tr>\n            <td colspan=\"2\"></td>\n         </tr>\n      </table>\n   </body>\n</html>\n",
   "datamd5" : "b6d3a241174e5fbb65d88768f526cc4f",
   "datammh3" : 1285816960,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "amazonaws.com",
      "southinvestment-stealth.ua"
   ],
   "fingerprint" : {
      "md5" : "2b95eddbe0edb36dfe164c286b70e282",
      "sha1" : "cd2c6e5b5f3b11aff1d77104a0558a0cb0d305ac",
      "sha256" : "91f67458ba396430fe000e09530e18bf50d0d5656398208f495ef45b3852efde"
   },
   "geolocus" : {
      "asn" : "AS14618",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZON-IAD",
      "organization" : "Amazon Data Services NoVa",
      "subnet" : "100.24.0.0/13"
   },
   "host" : [
      "ec2-100-26-199-113"
   ],
   "hostname" : [
      "ec2-100-26-199-113.compute-1.amazonaws.com",
      "southinvestment-stealth.ua"
   ],
   "ip" : "100.26.199.113",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign RSA OV SSL CA 2018",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "latitude" : "39.0469",
   "location" : "39.0469,-77.4903",
   "longitude" : "-77.4903",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-AES",
   "os" : "JunOS",
   "osvendor" : "Juniper",
   "port" : 9404,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "ec2-100-26-199-113.compute-1.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "76:c8:33:85:aa:3e:1f:85:54:e5:71:29:bd:06:ca:73:56:df:8c:01",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute-1.amazonaws.com"
   ],
   "subject" : {
      "commonname" : "southinvestment-stealth.ua"
   },
   "subnet" : "100.24.0.0/13",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "ua"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-21T06:50:07Z",
      "notbefore" : "2023-11-22T06:50:07Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

80.70.108.164

Network

80.70.96.0/20

Domain(s)

gutmorgen.ru

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://80.70.108.164:9404/ 404

HTTP Title

Not Found

ASN

AS34351

Organization

MTS PJSC

Protocol

http Cert not expired http

Source

datascan

Operating System

Microsoft Windows

Product

Microsoft HTTPAPI 2.0

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign GCC R3 DV TLS CA 2020

Issuer Organization

GlobalSign nv-sa

Subject Common Name

srv1sweb.gutmorgen.ru

Subject Alt Name

srv1sweb.gutmorgen.ru www.srv1sweb.gutmorgen.ru

SHA256 Fingerprint

dc74d9146a9e05a7160c15b5e317f6f428de5dc54c52baaf6832420d326b05b5

Validity Not Before

2023-12-26T12:16:36Z

Validity Not After

2025-01-26T12:16:35Z

Data MD5

634d5281a64959deb2a0c361a16bcf44

HTTP Header MD5

d30ea3d8118160dd164e28b2fe124279

HTTP Body MD5

344d3f7baff022f79c37992e1bd5d040

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 21 Nov 2024 06:13:20 GMT
Connection: close
Content-Length: 315

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T06:13:30.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org"
         ],
         "hostname" : [
            "www.w3.org"
         ],
         "url" : [
            "http://www.w3.org/TR/html4/strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "344d3f7baff022f79c37992e1bd5d040",
         "bodymmh3" : 225052475,
         "headermd5" : "d30ea3d8118160dd164e28b2fe124279",
         "headermmh3" : -463421788,
         "title" : "Not Found"
      },
      "length" : 492
   },
   "asn" : "AS34351",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Ivanovo",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: Thu, 21 Nov 2024 06:13:20 GMT\r\nConnection: close\r\nContent-Length: 315\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n",
   "datamd5" : "634d5281a64959deb2a0c361a16bcf44",
   "datammh3" : 954872337,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "gutmorgen.ru"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "4eeebf67cb44512c28de21814b60067f",
      "sha1" : "52c28d3613a79cf9ffc79cc64ac4631282d38ded",
      "sha256" : "dc74d9146a9e05a7160c15b5e317f6f428de5dc54c52baaf6832420d326b05b5"
   },
   "geolocus" : {
      "asn" : "AS34351",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "RU",
      "countryname" : "Russia",
      "domain" : [
         "mtu.ru"
      ],
      "isineu" : "false",
      "latitude" : "61.52401",
      "location" : "61.52401,105.318756",
      "longitude" : "105.318756",
      "netname" : "Shuya_pppoe_pool_1",
      "organization" : "AS34351 some block",
      "subnet" : "80.70.108.0/23"
   },
   "host" : [
      "srv1sweb",
      "www"
   ],
   "hostname" : [
      "srv1sweb.gutmorgen.ru",
      "www.srv1sweb.gutmorgen.ru"
   ],
   "ip" : "80.70.108.164",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign GCC R3 DV TLS CA 2020",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "57.0006",
   "location" : "57.0006,40.9720",
   "longitude" : "40.9720",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "MTS PJSC",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "port" : 9404,
   "product" : "HTTPAPI",
   "productvendor" : "Microsoft",
   "productversion" : "2.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "Not Found",
   "seen_date" : "2024-11-21",
   "serial" : "06:3e:77:b4:ff:ca:3f:e4:74:29:90:d3",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 404,
   "subdomains" : [
      "srv1sweb.gutmorgen.ru"
   ],
   "subject" : {
      "altname" : [
         "srv1sweb.gutmorgen.ru",
         "www.srv1sweb.gutmorgen.ru"
      ],
      "commonname" : "srv1sweb.gutmorgen.ru"
   },
   "subnet" : "80.70.96.0/20",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "ru"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-01-26T12:16:35Z",
      "notbefore" : "2023-12-26T12:16:36Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

54.155.180.230

Network

54.154.0.0/15

Domain(s)

amazonaws.com research-aero-future.gc.ca

Device

<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product

Operating System

Juniper JunOS

URL

https://54.155.180.230:9404/ 200

HTTP Title

Ivanti Connect Secure

Reverse DNS

ec2-54-155-180-230.eu-west-1.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http Cert not expired http

Source

datascan

Operating System

Juniper JunOS

HTTP Component(s)

Ivanti Connect Secure

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign Atlas R3 DV TLS CA 2024 Q3

Issuer Organization

GlobalSign nv-sa

Subject Common Name

rtu.research-aero-future.gc.ca

SHA256 Fingerprint

50fa903eca0342e1666adaaffb95394070249d8931708a6b8b6d4d0f89bcb9c4

Validity Not Before

2023-11-22T05:01:54Z

Validity Not After

2025-11-21T05:01:54Z

Data MD5

b6d3a241174e5fbb65d88768f526cc4f

HTTP Header MD5

2ad59f08560ff26dde50963eb249438d

HTTP Body MD5

41fdbc9650454476e99026bd7f1a5217

Favicon MD5

2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3

-1216248324

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Nov 2024 05:01:55 GMT
Content-Length: 4680
Content-Type: text/html

<html lang="en">
   <head>
      <meta http-equiv="Content-Language">
      <meta http-equiv="Content-Type" content="text/html">
      <meta name="robots" content="none">
      <link rel="icon" href="/Product_favicon.png" type="image/png">
      <title>Ivanti Connect Secure</title>
   </head>
   <body onload="FinishLoad(1);hideJSWarn();setWin11();" bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0">
      <table id="table_LoginPage_1" border="0" width="100%" cellspacing="0" cellpadding="3">
         <tr>
            <td bgcolor="#FFFFFF"></td>
            <td bgcolor="#FFFFFF" align="right">&nbsp;</td>
         </tr>
      </table>
      <table id="table_LoginPage_2" cellpadding="0" cellspacing="0" border="0" width="100%">
         <tr>
            <td bgcolor="#000000" colspan="2"></td>
         </tr>
      </table>
      <blockquote>
         <form id="frmLogin_4" name="frmLogin" action="login.cgi" method="POST" autocomplete="off" onsubmit="return Login(1)">
            <input id="tz_offset_5" type="hidden" name="tz_offset">
            <input id="win11" type="hidden" name="win11" value="">
            <input id="uach" type="hidden" name="uach" value="">
            <input id="client_mac" type="hidden" name="clientMAC" value="">
            <input id="xsauth_token" type="hidden" name="xsauth_token" value="58fefe3c1b2717c8845c0d630ab035c3">
            <table id="table_LoginPage_3" border="0" cellpadding="2" cellspacing="0">
               <tr>
                  <td nowrap  colspan="3"><b>Welcome to</b></td>
               </tr>
               <tr>
                  <td nowrap  colspan="3"><span class="cssLarge"><b>Ivanti Connect Secure</b></span></td>
               </tr>
               <tr>
                  <td colspan="3">&nbsp;</td>
               </tr>
               <tr>
                  <td valign="top">
                     <table id="table_LoginPage_6" border="0" cellspacing="0" cellpadding="2">
                        <tr>
                           <td><label for="username">Username</label></td>
                           <td>&nbsp;</td>
                           <td><input id="username" type="text" name="username" size="20"></td>
                        </tr>
                        <tr>
                           <td><label for="password">Password</label></td>
                           <td>&nbsp;</td>
                           <td><input id="password" type="password" name="password" size="20"></td>
                        </tr>
                        <tr>                                                                <input id="realm_16" type="hidden" name="realm" value="OTS User Realm">                                                </tr>
                        <tr>
                           <td colspan="3">&nbsp;</td>
                        </tr>
                        <tr>
                           <td>&nbsp;</td>
                           <td>&nbsp;</td>
                           <td><input id="btnSubmit_6" type="submit" value="Sign In" name="btnSubmit">&nbsp;</td>
                        </tr>
                     </table>
                  </td>
                  <td valign="top">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                  <td valign="top">
                     <table tabindex="1" aria-label="instructions for user login page FILTER verbatim" role="alert" id="TABLE_LoginPage_1" border="0" cellspacing="0" cellpadding="2">
                        <tr>
                           <td>
                              Please sign in to begin your secure session.<br><br>
                              <noscript>Note: Javascript is disabled on your browser.</noscript>
                        </tr>
                        </td>
                     </table>
                  </td>
               </tr>
            </table>
         </form>
      </blockquote>
      <table id="table_LoginPage_9" border="0" cellspacing="0" cellpadding="0" width="100%">
         <tr>
            <td>
               <table id="table_LoginPage_10" cellpadding="0" cellspacing="0" border="0" width="100%">
                  <tr>
                     <td></td>
                     <td></td>
                     <td></td>
                  </tr>
                  <tr valign="top">
                     <td></td>
                     <td nowrap ><br><br><br><br>
                     <td align="right"></td>
                  </tr>
               </table>
            </td>
         </tr>
         <tr>
            <td colspan="2"></td>
         </tr>
      </table>
   </body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T05:08:11.000Z",
   "app" : {
      "extract" : {
         "file" : [
            "login.cgi"
         ]
      },
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "41fdbc9650454476e99026bd7f1a5217",
         "bodymmh3" : -766336104,
         "component" : [
            {
               "product" : "Connect Secure",
               "productvendor" : "Ivanti"
            }
         ],
         "headermd5" : "2ad59f08560ff26dde50963eb249438d",
         "headermmh3" : -1286034095,
         "title" : "Ivanti Connect Secure"
      },
      "length" : 4802
   },
   "asn" : "AS16509",
   "city" : "Dublin",
   "country" : "IE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 05:01:55 GMT\r\nContent-Length: 4680\r\nContent-Type: text/html\r\n\r\n<html lang=\"en\">\n   <head>\n      <meta http-equiv=\"Content-Language\">\n      <meta http-equiv=\"Content-Type\" content=\"text/html\">\n      <meta name=\"robots\" content=\"none\">\n      <link rel=\"icon\" href=\"/Product_favicon.png\" type=\"image/png\">\n      <title>Ivanti Connect Secure</title>\n   </head>\n   <body onload=\"FinishLoad(1);hideJSWarn();setWin11();\" bgcolor=\"#FFFFFF\" color=\"#000000\" link=\"#3366CC\" vlink=\"#CC6699\" alink=\"#3366CC\" leftmargin=\"0\" topmargin=\"0\" rightmargin=\"0\" marginwidth=\"0\" marginheight=\"0\">\n      <table id=\"table_LoginPage_1\" border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"3\">\n         <tr>\n            <td bgcolor=\"#FFFFFF\"></td>\n            <td bgcolor=\"#FFFFFF\" align=\"right\">&nbsp;</td>\n         </tr>\n      </table>\n      <table id=\"table_LoginPage_2\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n         <tr>\n            <td bgcolor=\"#000000\" colspan=\"2\"></td>\n         </tr>\n      </table>\n      <blockquote>\n         <form id=\"frmLogin_4\" name=\"frmLogin\" action=\"login.cgi\" method=\"POST\" autocomplete=\"off\" onsubmit=\"return Login(1)\">\n            <input id=\"tz_offset_5\" type=\"hidden\" name=\"tz_offset\">\n            <input id=\"win11\" type=\"hidden\" name=\"win11\" value=\"\">\n            <input id=\"uach\" type=\"hidden\" name=\"uach\" value=\"\">\n            <input id=\"client_mac\" type=\"hidden\" name=\"clientMAC\" value=\"\">\n            <input id=\"xsauth_token\" type=\"hidden\" name=\"xsauth_token\" value=\"58fefe3c1b2717c8845c0d630ab035c3\">\n            <table id=\"table_LoginPage_3\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\">\n               <tr>\n                  <td nowrap  colspan=\"3\"><b>Welcome to</b></td>\n               </tr>\n               <tr>\n                  <td nowrap  colspan=\"3\"><span class=\"cssLarge\"><b>Ivanti Connect Secure</b></span></td>\n               </tr>\n               <tr>\n                  <td colspan=\"3\">&nbsp;</td>\n               </tr>\n               <tr>\n                  <td valign=\"top\">\n                     <table id=\"table_LoginPage_6\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n                        <tr>\n                           <td><label for=\"username\">Username</label></td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"username\" type=\"text\" name=\"username\" size=\"20\"></td>\n                        </tr>\n                        <tr>\n                           <td><label for=\"password\">Password</label></td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"password\" type=\"password\" name=\"password\" size=\"20\"></td>\n                        </tr>\n                        <tr>                                                                <input id=\"realm_16\" type=\"hidden\" name=\"realm\" value=\"OTS User Realm\">                                                </tr>\n                        <tr>\n                           <td colspan=\"3\">&nbsp;</td>\n                        </tr>\n                        <tr>\n                           <td>&nbsp;</td>\n                           <td>&nbsp;</td>\n                           <td><input id=\"btnSubmit_6\" type=\"submit\" value=\"Sign In\" name=\"btnSubmit\">&nbsp;</td>\n                        </tr>\n                     </table>\n                  </td>\n                  <td valign=\"top\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>\n                  <td valign=\"top\">\n                     <table tabindex=\"1\" aria-label=\"instructions for user login page FILTER verbatim\" role=\"alert\" id=\"TABLE_LoginPage_1\" border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n                        <tr>\n                           <td>\n                              Please sign in to begin your secure session.<br><br>\n                              <noscript>Note: Javascript is disabled on your browser.</noscript>\n                        </tr>\n                        </td>\n                     </table>\n                  </td>\n               </tr>\n            </table>\n         </form>\n      </blockquote>\n      <table id=\"table_LoginPage_9\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">\n         <tr>\n            <td>\n               <table id=\"table_LoginPage_10\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n                  <tr>\n                     <td></td>\n                     <td></td>\n                     <td></td>\n                  </tr>\n                  <tr valign=\"top\">\n                     <td></td>\n                     <td nowrap ><br><br><br><br>\n                     <td align=\"right\"></td>\n                  </tr>\n               </table>\n            </td>\n         </tr>\n         <tr>\n            <td colspan=\"2\"></td>\n         </tr>\n      </table>\n   </body>\n</html>\n",
   "datamd5" : "b6d3a241174e5fbb65d88768f526cc4f",
   "datammh3" : 1285816960,
   "device" : {
      "class" : "<enterprise field>: device.class",
      "product" : "<enterprise field>: device.product",
      "productvendor" : "<enterprise field>: device.productvendor"
   },
   "domain" : [
      "amazonaws.com",
      "research-aero-future.gc.ca"
   ],
   "fingerprint" : {
      "md5" : "a56c2bc5a6bc62ec32631b3b47a2a903",
      "sha1" : "9a20732a6c02a6ec4c083e4e70f86b9d86ce572c",
      "sha256" : "50fa903eca0342e1666adaaffb95394070249d8931708a6b8b6d4d0f89bcb9c4"
   },
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "NA",
      "continentname" : "North America",
      "country" : "US",
      "countryname" : "United States",
      "domain" : [
         "amazon.com",
         "amazonaws.com"
      ],
      "isineu" : "false",
      "latitude" : "37.09024",
      "location" : "37.09024,-95.712891",
      "longitude" : "-95.712891",
      "netname" : "AMAZON",
      "organization" : "Amazon Technologies Inc.",
      "subnet" : "54.154.0.0/15"
   },
   "host" : [
      "ec2-54-155-180-230",
      "rtu"
   ],
   "hostname" : [
      "ec2-54-155-180-230.eu-west-1.compute.amazonaws.com",
      "rtu.research-aero-future.gc.ca"
   ],
   "ip" : "54.155.180.230",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign Atlas R3 DV TLS CA 2024 Q3",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "latitude" : "53.3379",
   "location" : "53.3379,-6.2591",
   "longitude" : "-6.2591",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "JunOS",
   "osvendor" : "Juniper",
   "port" : 9404,
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "ec2-54-155-180-230.eu-west-1.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "7c:6c:6c:8b:44:55:6e:d1:bf:8f:34:05:a1:b2:04:6f:a2:bc:7e:d1",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute.amazonaws.com",
      "eu-west-1.compute.amazonaws.com"
   ],
   "subject" : {
      "commonname" : "rtu.research-aero-future.gc.ca"
   },
   "subnet" : "54.154.0.0/15",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "gc.ca"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-21T05:01:54Z",
      "notbefore" : "2023-11-22T05:01:54Z"
   },
   "version" : "v3",
   "wildcard" : "false"
}

IP

18.169.106.10

Network

18.168.0.0/14

Domain(s)

amazonaws.com defence-north.mil

Device

<enterprise field>: device.class

Operating System

Linux Linux Kernel

URL

https://18.169.106.10:9404/ 200

HTTP Title

Infocon Holding - EasyIO-30P Sedona

Reverse DNS

ec2-18-169-106-10.eu-west-2.compute.amazonaws.com

ASN

AS16509

Organization

AMAZON-02

Protocol

http Cert not expired http

Source

datascan

Operating System

Linux Linux Kernel

Product

F5 Nginx

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign RSA OV SSL CA 2018

Issuer Organization

GlobalSign nv-sa

Subject Common Name

*.defence-north.mil

SHA256 Fingerprint

767cf2b7e3eac5745e8de048f5a4b9f9bc24362e7056ef6276cf5bf9392dce1e

Validity Not Before

2023-11-22T01:29:10Z

Validity Not After

2025-11-21T01:29:10Z

Data MD5

a0d13f5a8644408f638911c1a4d30bc0

HTTP Header MD5

b93e910767bc7dd35ce0736d46622fe3

HTTP Body MD5

1852f44d5a4231d68b3b2ca70e893cc5

Favicon MD5

2b86aa50c3a66bb77ff07c42cc051dcc

Favicon MMH3

-1216248324

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Nov 2024 02:02:04 GMT
Server: nginx
Content-Type: text/html
Content-Length: 1289

<html><head><link rel=stylesheet type="text/css" href=menu.css><title>Infocon Holding - EasyIO-30P Sedona</title></head><body style="margin:0;" onload="onDocLoad();"><script language=javascript src=menuitem.js></script><script language=javascript src=menusc.js></script><div id=dropMenu onmouseout="onDropMenuMouseout(event);" onmouseover="onDropMenuMouseover();"></div><TABLE width=100% cellSpacing=0 cellPadding=0 bgcolor=#ffffff border=0 align=center><tr><td height=53px><img src=logo.gif class='clsMenu'><img src=btl.jpg></td></tr><tr><td><table width=100% bgcolor=#ece9d8 cellSpacing=0 cellPadding=2 border=1><tr id=menubar><td height=28><span id=mmenu onmouseover="onMenuBarMouseover();"></span></td><td id=login></td><td id=userid></td></tr></table></td></tr><tr height=768 valign=top align=center bgcolor="white"><td><table><tr><td colspan=2 height=10></td></tr><TR><Th colspan=2 id="cTtl"></Th></TR><tr><td align=center colspan=2><br></td></tr><tr><td colspan=2 height=10></td></tr><tr><td colspan=2 ID="cTbl"></td></tr><tr><td colspan=2 height=10></td></tr></table></td></tr></table><script language=javascript src=main.js></script><script language=javascript src=table.js></script><script language=javascript>function onDocLoad(){cTxtTbl();createMenu();}</script></body></html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T02:09:11.000Z",
   "app" : {
      "favicon" : {
         "image" : "AAABAAIAEBAQAAAAAAAoAQAAJgAAACAgEAAAAAAA6AIAAE4BAAAoAAAAEAAAACAAAAABAAQAAAAAAIAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAgAAAgAAAAICAAIAAAACAAIAAgIAAAICAgADAwMAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAABERERERAAABEREREREAABERAAAAAAAAERAAAAAAAAEREAAAAAAAAREREREREQABERERERERAAEREAAAAAAAAREQAAAAAAAAEREAAAAAAAARERAAAAAAAAEREREREQAAAAERERERAAAAAAAAAAAAAAAAAAAAAAA//8AAPADAADgAwAAw/8AAMf/AACH/wAAgAMAAIADAACH/wAAh/8AAMP/AADB/wAA4AMAAPgDAAD//wAA//8AACgAAAAgAAAAQAAAAAEABAAAAAAAAAIAAAAAAAAAAAAAEAAAABAAAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEREREREREREQAAAAAAAAEREREREREREREAAAAAAAERERERERERERERAAAAAAAREREREREREREREQAAAAABEREREREREREREREAAAAAAREREREAAAAAAAAAAAAAABEREREQAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAARERERAAAAAAAAAAAAAAAAEREREQAAAAAAAAAAAAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREREREREREREREAAAABERERERERERERERERAAAAAREREREREREREREREQAAAAEREREQAAAAAAAAAAAAAAAAEREREAAAAAAAAAAAAAAAABEREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREAAAAAAAAAAAAAAAAREREREREREREREQAAAAAAEREREREREREREREAAAAAAAERERERERERERERAAAAAAAAAREREREREREREQAAAAAAAAABEREREREREREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/////////////////4AAP/4AAD/4AAA/8AAAP+AAAD/gD///wB///8A////Af///gH///4B///+AAAA/gAAAP4AAAD+AAAA/gAAAP4B////Af///wD///8Af///gD///8AAAP/AAAD/4AAA//gAAP/+AAD////////////////w==",
         "imagemd5" : "2b86aa50c3a66bb77ff07c42cc051dcc",
         "imagemmh3" : -1216248324,
         "length" : 1078,
         "url" : "/favicon.ico"
      },
      "http" : {
         "bodymd5" : "1852f44d5a4231d68b3b2ca70e893cc5",
         "bodymmh3" : 777722857,
         "headermd5" : "b93e910767bc7dd35ce0736d46622fe3",
         "headermmh3" : -1475215954,
         "title" : "Infocon Holding - EasyIO-30P Sedona"
      },
      "length" : 1426
   },
   "asn" : "AS16509",
   "city" : "London",
   "country" : "GB",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nConnection: close\r\nDate: Thu, 21 Nov 2024 02:02:04 GMT\r\nServer: nginx\r\nContent-Type: text/html\r\nContent-Length: 1289\r\n\r\n<html><head><link rel=stylesheet type=\"text/css\" href=menu.css><title>Infocon Holding - EasyIO-30P Sedona</title></head><body style=\"margin:0;\" onload=\"onDocLoad();\"><script language=javascript src=menuitem.js></script><script language=javascript src=menusc.js></script><div id=dropMenu onmouseout=\"onDropMenuMouseout(event);\" onmouseover=\"onDropMenuMouseover();\"></div><TABLE width=100% cellSpacing=0 cellPadding=0 bgcolor=#ffffff border=0 align=center><tr><td height=53px><img src=logo.gif class='clsMenu'><img src=btl.jpg></td></tr><tr><td><table width=100% bgcolor=#ece9d8 cellSpacing=0 cellPadding=2 border=1><tr id=menubar><td height=28><span id=mmenu onmouseover=\"onMenuBarMouseover();\"></span></td><td id=login></td><td id=userid></td></tr></table></td></tr><tr height=768 valign=top align=center bgcolor=\"white\"><td><table><tr><td colspan=2 height=10></td></tr><TR><Th colspan=2 id=\"cTtl\"></Th></TR><tr><td align=center colspan=2><br></td></tr><tr><td colspan=2 height=10></td></tr><tr><td colspan=2 ID=\"cTbl\"></td></tr><tr><td colspan=2 height=10></td></tr></table></td></tr></table><script language=javascript src=main.js></script><script language=javascript src=table.js></script><script language=javascript>function onDocLoad(){cTxtTbl();createMenu();}</script></body></html>\u0000",
   "datamd5" : "a0d13f5a8644408f638911c1a4d30bc0",
   "datammh3" : -2071317735,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "amazonaws.com",
      "defence-north.mil"
   ],
   "fingerprint" : {
      "md5" : "f2011da61e57ad1a586f1a5dcfa47f0b",
      "sha1" : "835eef29f39c0644e7006115e430ad02b709445a",
      "sha256" : "767cf2b7e3eac5745e8de048f5a4b9f9bc24362e7056ef6276cf5bf9392dce1e"
   },
   "geolocus" : {
      "asn" : "AS16509",
      "continent" : "EU",
      "continentname" : "Europe",
      "country" : "GB",
      "countryname" : "United Kingdom",
      "domain" : [
         "amazon.com",
         "amazonaws.com",
         "aws.com"
      ],
      "isineu" : "false",
      "latitude" : "55.378051",
      "location" : "55.378051,-3.435973",
      "longitude" : "-3.435973",
      "netname" : "AMAZON-LHR",
      "organization" : "Amazon Data Services UK",
      "subnet" : "18.168.0.0/14"
   },
   "host" : [
      "ec2-18-169-106-10"
   ],
   "hostname" : [
      "ec2-18-169-106-10.eu-west-2.compute.amazonaws.com"
   ],
   "ip" : "18.169.106.10",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign RSA OV SSL CA 2018",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "latitude" : "51.5088",
   "location" : "51.5088,-0.0930",
   "longitude" : "-0.0930",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "AMAZON-02",
   "os" : "Linux Kernel",
   "osvendor" : "Linux",
   "port" : 9404,
   "product" : "Nginx",
   "productvendor" : "F5",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "ec2-18-169-106-10.eu-west-2.compute.amazonaws.com"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "61:71:b7:be:e5:36:d9:89:c2:29:60:53:17:cd:b7:28:a4:db:ca:84",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subdomains" : [
      "compute.amazonaws.com",
      "eu-west-2.compute.amazonaws.com"
   ],
   "subject" : {
      "commonname" : "*.defence-north.mil"
   },
   "subnet" : "18.168.0.0/14",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com",
      "mil"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-21T01:29:10Z",
      "notbefore" : "2023-11-22T01:29:10Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

41.213.206.34

Network

41.213.128.0/17

Domain(s)

grpisa.fr zeop.re

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://41.213.206.34:9404/ 200

HTTP Title

IIS Windows Server

Reverse DNS

41-213-206-34.zeop.re

ASN

AS37002

Organization

Reunicable

Protocol

http Cert not expired http

Source

datascan

Operating System

Microsoft Windows

Product

Microsoft IIS 10.0

HTTP Component(s)

Microsoft ASP.NET Microsoft IIS

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign GCC R6 AlphaSSL CA 2023

Issuer Organization

GlobalSign nv-sa

Subject Common Name

*.grpisa.fr

Subject Alt Name

*.grpisa.fr grpisa.fr

SHA256 Fingerprint

3a21c2db2da94d4736a1c46de05f28387e62faf66a1d13fc66f7091683213a89

Validity Not Before

2024-10-23T13:35:17Z

Validity Not After

2025-11-24T13:35:16Z

Data MD5

0ca775a6b65f845f5163e490398a9acf

HTTP Header MD5

c45e463ffd89b34a781c977b38f3ecbc

HTTP Body MD5

654ae82705924352d2363b1d797997ce

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 14 Apr 2022 09:06:14 GMT
Accept-Ranges: bytes
ETag: "295eede4de4fd81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 21 Nov 2024 01:17:29 GMT
Connection: close
Content-Length: 703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
	color:#000000;
	background-color:#0072C6;
	margin:0;
}

#container {
	margin-left:auto;
	margin-right:auto;
	text-align:center;
	}

a img {
	border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-21T01:17:30.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org",
            "microsoft.com"
         ],
         "hostname" : [
            "go.microsoft.com",
            "www.w3.org"
         ],
         "url" : [
            "http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409",
            "http://www.w3.org/1999/xhtml",
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
         ]
      },
      "http" : {
         "bodymd5" : "654ae82705924352d2363b1d797997ce",
         "bodymmh3" : 703707298,
         "component" : [
            {
               "productvendor" : "Microsoft",
               "product" : "IIS"
            },
            {
               "productvendor" : "Microsoft",
               "product" : "ASP.NET"
            }
         ],
         "header" : [
            {
               "name" : "Last-Modified",
               "value" : "Thu, 14 Apr 2022 09:06:14 GMT"
            },
            {
               "value" : "295eede4de4fd81:0",
               "name" : "ETag"
            }
         ],
         "headermd5" : "c45e463ffd89b34a781c977b38f3ecbc",
         "headermmh3" : -99786615,
         "title" : "IIS Windows Server"
      },
      "length" : 970
   },
   "asn" : "AS37002",
   "basicconstraints" : "critical",
   "ca" : "false",
   "city" : "Saint-Pierre",
   "country" : "RE",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Thu, 14 Apr 2022 09:06:14 GMT\r\nAccept-Ranges: bytes\r\nETag: \"295eede4de4fd81:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 21 Nov 2024 01:17:29 GMT\r\nConnection: close\r\nContent-Length: 703\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />\r\n<title>IIS Windows Server</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody {\r\n\tcolor:#000000;\r\n\tbackground-color:#0072C6;\r\n\tmargin:0;\r\n}\r\n\r\n#container {\r\n\tmargin-left:auto;\r\n\tmargin-right:auto;\r\n\ttext-align:center;\r\n\t}\r\n\r\na img {\r\n\tborder:none;\r\n}\r\n\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"container\">\r\n<a href=\"http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409\"><img src=\"iisstart.png\" alt=\"IIS\" width=\"960\" height=\"600\" /></a>\r\n</div>\r\n</body>\r\n</html>",
   "datamd5" : "0ca775a6b65f845f5163e490398a9acf",
   "datammh3" : 1065540519,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "grpisa.fr",
      "zeop.re"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "3fd9d2727f81e9f4160509ebcb4fe9dc",
      "sha1" : "245cec6f68d75a2d710b8e948fcc44e681937c0b",
      "sha256" : "3a21c2db2da94d4736a1c46de05f28387e62faf66a1d13fc66f7091683213a89"
   },
   "geolocus" : {
      "asn" : "AS37002",
      "continent" : "AF",
      "continentname" : "Africa",
      "country" : "RE",
      "countryname" : "R\u00e9union",
      "domain" : [
         "zeop.net",
         "zeop.re"
      ],
      "isineu" : "true",
      "latitude" : "-21.115141",
      "location" : "-21.115141,55.536384",
      "longitude" : "55.536384",
      "netname" : "RCABLE-FTTH-SG1",
      "organization" : "REUNICABLE-NET6",
      "subnet" : "41.213.192.0/18"
   },
   "host" : [
      "41-213-206-34"
   ],
   "hostname" : [
      "41-213-206-34.zeop.re",
      "grpisa.fr"
   ],
   "ip" : "41.213.206.34",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign GCC R6 AlphaSSL CA 2023",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature",
      "keyEncipherment"
   ],
   "latitude" : "-21.3427",
   "location" : "-21.3427,55.4792",
   "longitude" : "55.4792",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Reunicable",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 9404,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "rsaEncryption",
      "length" : 2048
   },
   "reason" : "OK",
   "reverse" : [
      "41-213-206-34.zeop.re"
   ],
   "seen_date" : "2024-11-21",
   "serial" : "3c:40:52:3e:65:bb:39:4e:69:85:df:50",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan",
   "status" : 200,
   "subject" : {
      "altname" : [
         "*.grpisa.fr",
         "grpisa.fr"
      ],
      "commonname" : "*.grpisa.fr"
   },
   "subnet" : "41.213.128.0/17",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "fr",
      "re"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/",
   "validity" : {
      "notafter" : "2025-11-24T13:35:16Z",
      "notbefore" : "2024-10-23T13:35:17Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

93.90.220.115

Network

93.90.220.0/22

Domain(s)

leaseplanrus.com

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://93.90.220.115:9404/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx 200

HTTP Title

Error: Unable to display RD Web Access

ASN

AS47723

Organization

Softline Pjsc

Protocol

http Cert not expired http

Source

datascan::redirect::4

Operating System

Microsoft Windows

Product

Microsoft IIS 10.0

HTTP Component(s)

Microsoft RD Web Access

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign GCC R3 DV TLS CA 2020

Issuer Organization

GlobalSign nv-sa

Subject Common Name

*.leaseplanrus.com

Subject Alt Name

*.leaseplanrus.com leaseplanrus.com

SHA256 Fingerprint

ba1112bd9caf192160e32bbfecaa9edb69b87bdc7f7e8449ccb67a226b52077b

Validity Not Before

2023-12-18T17:29:42Z

Validity Not After

2025-01-18T17:29:41Z

Data MD5

1012278cbd6c2abd551caa3f13ea2189

HTTP Header MD5

d57512e73af08273498ec70b5b2f1ef7

HTTP Body MD5

c2cef1bdc78e6ab097597367bfefc075

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/10.0
Set-Cookie: TSWAFeatureCheckCookie=true; path=/RDWeb/
Date: Wed, 20 Nov 2024 23:45:05 GMT
Connection: close
Content-Length: 14780

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="../Site.xsl"?>
<?xml-stylesheet type="text/css" href="../RenderFail.css"?>

<RDWAPage 
    helpurl="http://go.microsoft.com/fwlink/?LinkId=141038" 
    workspacename="Work&#32;Resources" 
    baseurl="https://<ip>:9404/RDWeb/Pages/en-US/"
    privacyurl=""
    >
  <RenderFailureMessage>
    <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
            <title>Error: Unable to display RD Web Access</title>
        </head>
        <body>
            <h1>Error: Unable to display RD Web Access</h1>
            <p>An unexpected error has occurred that is preventing this page from being displayed correctly.</p>
            <p>Viewing this page in Internet Explorer with the Enhanced Security Configuration enabled can cause such an error.</p>
            <p>Please try loading this page without the Enhanced Security Configuration enabled. If this error continues to be displayed, please contact your administrator.</p>
        </body>
    </html> 
  </RenderFailureMessage>
  <BodyAttr 
    onload="onLoginPageLoad(event)" 
    onunload="onPageUnload(event)"/>
  <HTMLMainContent>
  
      <form id="FrmLogin" name="FrmLogin" action="login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx" method="post" onsubmit="return onLoginFormSubmit()">

        <input type="hidden" name="WorkSpaceID" value="LPRURDCB0001.leaseplanrus.net"/>
        <input type="hidden" name="RDPCertificates" value=""/>
        <input type="hidden" name="PublicModeTimeout" value="20"/>
        <input type="hidden" name="PrivateModeTimeout" value="240"/>
        <input type="hidden" name="WorkspaceFriendlyName" value="Work%20Resources"/>
        <input type="hidden" name="EventLogUploadAddress" value=""/>
        <input type="hidden" name="RedirectorName" value="LPRURDCB0001.leaseplanrus.net"/>
        <input type="hidden" name="ClaimsHint" value=""/>
        <input type="hidden" name="ClaimsToken" value=""/>

        <input name="isUtf8" type="hidden" value="1"/>
        <input type="hidden" name="flags" value="0"/>


        <table id="tableLoginDisabled" width="300" border="0" align="center" cellpadding="0" cellspacing="0" style="display:none">

            <tr id="trWrongAxVersion" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">You don't have the right version of Remote Desktop Connection to use RD Web Access.</span></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr id="trUnsupportedBrowser" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your web browser isn't supported by Microsoft RemoteApp Service. Please use a supported browser.</span></td>
                </tr>
                </table>
            </td>
            </tr> 

            <tr id="trSupportedBrowserAxLoadError" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your browser has ActiveX controls turned off. Go to your browser's settings to turn on ActiveX controls.</span></td>
                </tr>
                </table>
            </td>
            </tr> 

            <tr id="trCookiesDisabled" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your browser has cookies disabled. Go to your browser's settings to enable cookies.</span></td>
                </tr>
                </table>
            </td>
            </tr> 

            <tr>
                <td height="50">&#160;</td>
            </tr>

        </table>

        <table id="tableLoginForm" width="300" border="0" align="center" cellpadding="0" cellspacing="0" style="display:none">

            <tr>
            <td height="20">&#160;</td>
            </tr>

            <tr>
            <td>
                <table width="300" border="0" cellpadding="0" cellspacing="0">
                <tr>
                    <td id="tdDomainUserNameLabel" width="130" align="right" style="display:none">Domain\user name:</td>
                    <td id="tdClaimsDomainUserNameLable" width="130" align="right" style="display:none">Username@domain:</td>
                    <td width="7"></td>
                    <td align="right">
                    <label><input name="DomainUserName" type="text" id="DomainUserName" class="textInputField" size="25" autocomplete="off" /></label>
                    </td>
                </tr>
                </table>
            </td>
            </tr>
            <tr>
            <td height="7"></td>
            </tr>

            <tr>
            <td>
                <table width="300" border="0" cellpadding="0" cellspacing="0">
                <tr>
                    <td width="130" align="right">Password:</td>
                    <td width="7"></td>
                    <td align="right">
                    <label><input name="UserPass" type="password" id="UserPass" class="textInputField" size="25" autocomplete="off" /></label>
                    </td>
                </tr>
                </table>
            </td>
            </tr>

    
            <tr id="trPasswordExpiredNoChange" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your password is expired. Please contact your administrator for assistance.</span></td>
                </tr>
                </table>
            </td>
            </tr>
               
    
            <tr id="trPasswordExpired" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your password is expired. Click <a id = "passwordchangelink" href="password.aspx">here</a> to change it.</span></td>
                </tr>
                </table>
            </td>
            </tr>

    
            <tr id="trErrorWorkSpaceInUse" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Another user of your computer is currently using this connection.  This user must disconnect before you can log on.</span></td>
                </tr>
                </table>
            </td>
            </tr>

    
            <tr id="trErrorWorkSpaceDisconnected" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Another user of your computer has disconnected from this connection.  Please type your user name and password again.</span></td>
                </tr>
                </table>
            </td>
            </tr>

    
            <tr id="trErrorIncorrectCredentials" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">The user name or password that you entered is not valid. Try typing it again.</span></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr id="trErrorDomainNameMissing" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">You must enter a valid domain name.</span></td>
                </tr>
                </table>
            </td>
            </tr> 

    
            <tr id="trErrorUnauthorizedAccess" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">You aren’t authorized to log on to this connection.  Contact your system administrator for authorization.</span></td>
                </tr>
                </table>
            </td>
            </tr>

    
            <tr id="trErrorServerConfigChanged" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">Your RD Web Access session expired due to configuration changes on the remote computer.  Please sign in again.</span></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr id="trErrorGenericClaimsAuthFailure" style="display:none" >
            <td>
                <table>
                <tr>
                    <td height="20">&#160;</td>
                </tr>
                <tr>
                    <td><span class="wrng">We can't sign you in right now. Please try again later.</span></td>
                </tr>
                </table>
            </td>
            </tr> 

            <tr>
            <td height="20">&#160;</td>
            </tr>
            <tr>
            <td height="1" bgcolor="#CCCCCC"></td>
            </tr>
            <tr>
            <td height="20">&#160;</td>
            </tr>

            <tr>
            <td>
                <table border="0" cellspacing="0" cellpadding="0">
                <tr>
                    <td>Security&#160;<span id="spanToggleSecExplanation" style="display:none">(<a href="javascript:onclickExplanation('lnkShwSec')" id="lnkShwSec">show explanation</a><a href="javascript:onclickExplanation('lnkHdSec')" id="lnkHdSec" style="display:none">hide explanation</a>)</span></td>
                </tr>
                </table>
            </td>
            </tr>
            <tr>
            <td height="5"></td>
            </tr>

            <tr>
            <td>
                <table border="0" cellspacing="0" cellpadding="0" style="display:none" id="tablePublicOption" >
                <tr>
                    <td width="30">
                    <label><input id="rdoPblc" type="radio" name="MachineType" value="public" class="rdo" onclick="onClickSecurity()" /></label>
                    </td>
                    <td>This is a public or shared computer</td>
                </tr>
                <tr id="trPubExp" style="display:none" >
                    <td width="30"></td>
                    <td><span class="expl">Select this option if you use RD Web Access on a public computer.  Be sure to log off when you have finished using RD Web Access and close all windows to end your session.</span></td>
                </tr>
                <tr>
                    <td height="7"></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr>
            <td>
                <table border="0" cellspacing="0" cellpadding="0" style="display:none" id="tablePrivateOption" >
                <tr>
                    <td width="30">
                    <label><input id="rdoPrvt" type="radio" name="MachineType" value="private" class="rdo" onclick="onClickSecurity()" checked="checked" /></label>
                    </td>
                    <td>This is a private computer</td>
                </tr>
                <tr id="trPrvtExp" style="display:none" >
                    <td width="30"></td>
                    <td><span class="expl">Select this option if you are the only person who uses this computer.  Your server will allow a longer period of inactivity before logging you off.</span></td>
                </tr>
                <tr>
                    <td height="7"></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr>
            <td>
                <table border="0" cellspacing="0" cellpadding="0">
                <tr id="trPrvtWrn" style="display:none" >
                    <td width="30"></td>
                    <td><span class="wrng">Warning:  By selecting this option, you confirm that this computer complies with your organization's security policy.</span></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr>
            <td>
                <table border="0" cellspacing="0" cellpadding="0">
                <tr id="trPrvtWrnNoAx" style="display:none">
                    <td><span class="wrng">Warning:  By logging in to this web page, you confirm that this computer complies with your organization's security policy.</span></td>
                </tr>
                </table>
            </td>
            </tr>

            <tr>
            <td height="20">&#160;</td>
            </tr>

            <tr>
            <td height="20">&#160;</td>
            </tr>
            <tr>
            <td align="right"><label><input type="submit" class="formButton" id="btnSignIn" value="Sign in" /></label>
            </td>
            </tr>

            <tr>
            <td height="20">&#160;</td>
            </tr>
            <tr>
            <td height="1" bgcolor="#CCCCCC"></td>
            </tr>

            <tr>
            <td height="20">&#160;</td>
            </tr>
            <tr>
            <td>To protect against unauthorized access, your RD Web Access session will automatically time out after a period of inactivity.  If your session ends, refresh your browser and sign in again.</td>
            </tr>

            <tr>
            <td height="30">&#160;</td>
            </tr>

        </table>

      </form>

  
  </HTMLMainContent>
</RDWAPage>

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-20T23:45:07.000Z",
   "app" : {
      "extract" : {
         "domain" : [
            "w3.org",
            "microsoft.com"
         ],
         "hostname" : [
            "go.microsoft.com",
            "www.w3.org"
         ],
         "url" : [
            "http://go.microsoft.com/fwlink/?LinkId=141038",
            "http://www.w3.org/1999/xhtml"
         ]
      },
      "http" : {
         "bodymd5" : "c2cef1bdc78e6ab097597367bfefc075",
         "bodymmh3" : 1014099781,
         "component" : [
            {
               "product" : "RD Web Access",
               "productvendor" : "Microsoft"
            }
         ],
         "headermd5" : "d57512e73af08273498ec70b5b2f1ef7",
         "headermmh3" : -1289854325,
         "title" : "Error: Unable to display RD Web Access"
      },
      "length" : 15047
   },
   "asn" : "AS47723",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 200 OK\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nContent-Type: text/xml; charset=utf-8\r\nExpires: -1\r\nServer: Microsoft-IIS/10.0\r\nSet-Cookie: TSWAFeatureCheckCookie=true; path=/RDWeb/\r\nDate: Wed, 20 Nov 2024 23:45:05 GMT\r\nConnection: close\r\nContent-Length: 14780\r\n\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<?xml-stylesheet type=\"text/xsl\" href=\"../Site.xsl\"?>\r\n<?xml-stylesheet type=\"text/css\" href=\"../RenderFail.css\"?>\r\n\r\n<RDWAPage \r\n    helpurl=\"http://go.microsoft.com/fwlink/?LinkId=141038\" \r\n    workspacename=\"Work&#32;Resources\" \r\n    baseurl=\"https://<ip>:9404/RDWeb/Pages/en-US/\"\r\n    privacyurl=\"\"\r\n    >\r\n  <RenderFailureMessage>\r\n    <html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n        <head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>\r\n            <title>Error: Unable to display RD Web Access</title>\r\n        </head>\r\n        <body>\r\n            <h1>Error: Unable to display RD Web Access</h1>\r\n            <p>An unexpected error has occurred that is preventing this page from being displayed correctly.</p>\r\n            <p>Viewing this page in Internet Explorer with the Enhanced Security Configuration enabled can cause such an error.</p>\r\n            <p>Please try loading this page without the Enhanced Security Configuration enabled. If this error continues to be displayed, please contact your administrator.</p>\r\n        </body>\r\n    </html> \r\n  </RenderFailureMessage>\r\n  <BodyAttr \r\n    onload=\"onLoginPageLoad(event)\" \r\n    onunload=\"onPageUnload(event)\"/>\r\n  <HTMLMainContent>\r\n  \r\n      <form id=\"FrmLogin\" name=\"FrmLogin\" action=\"login.aspx?ReturnUrl=%2FRDWeb%2FPages%2Fen-US%2FDefault.aspx\" method=\"post\" onsubmit=\"return onLoginFormSubmit()\">\r\n\r\n        <input type=\"hidden\" name=\"WorkSpaceID\" value=\"LPRURDCB0001.leaseplanrus.net\"/>\r\n        <input type=\"hidden\" name=\"RDPCertificates\" value=\"\"/>\r\n        <input type=\"hidden\" name=\"PublicModeTimeout\" value=\"20\"/>\r\n        <input type=\"hidden\" name=\"PrivateModeTimeout\" value=\"240\"/>\r\n        <input type=\"hidden\" name=\"WorkspaceFriendlyName\" value=\"Work%20Resources\"/>\r\n        <input type=\"hidden\" name=\"EventLogUploadAddress\" value=\"\"/>\r\n        <input type=\"hidden\" name=\"RedirectorName\" value=\"LPRURDCB0001.leaseplanrus.net\"/>\r\n        <input type=\"hidden\" name=\"ClaimsHint\" value=\"\"/>\r\n        <input type=\"hidden\" name=\"ClaimsToken\" value=\"\"/>\r\n\r\n        <input name=\"isUtf8\" type=\"hidden\" value=\"1\"/>\r\n        <input type=\"hidden\" name=\"flags\" value=\"0\"/>\r\n\r\n\r\n        <table id=\"tableLoginDisabled\" width=\"300\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" style=\"display:none\">\r\n\r\n            <tr id=\"trWrongAxVersion\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">You don't have the right version of Remote Desktop Connection to use RD Web Access.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr id=\"trUnsupportedBrowser\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your web browser isn't supported by Microsoft RemoteApp Service. Please use a supported browser.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr> \r\n\r\n            <tr id=\"trSupportedBrowserAxLoadError\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your browser has ActiveX controls turned off. Go to your browser's settings to turn on ActiveX controls.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr> \r\n\r\n            <tr id=\"trCookiesDisabled\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your browser has cookies disabled. Go to your browser's settings to enable cookies.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr> \r\n\r\n            <tr>\r\n                <td height=\"50\">&#160;</td>\r\n            </tr>\r\n\r\n        </table>\r\n\r\n        <table id=\"tableLoginForm\" width=\"300\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" style=\"display:none\">\r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table width=\"300\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\r\n                <tr>\r\n                    <td id=\"tdDomainUserNameLabel\" width=\"130\" align=\"right\" style=\"display:none\">Domain\\user name:</td>\r\n                    <td id=\"tdClaimsDomainUserNameLable\" width=\"130\" align=\"right\" style=\"display:none\">Username@domain:</td>\r\n                    <td width=\"7\"></td>\r\n                    <td align=\"right\">\r\n                    <label><input name=\"DomainUserName\" type=\"text\" id=\"DomainUserName\" class=\"textInputField\" size=\"25\" autocomplete=\"off\" /></label>\r\n                    </td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n            <tr>\r\n            <td height=\"7\"></td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table width=\"300\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\r\n                <tr>\r\n                    <td width=\"130\" align=\"right\">Password:</td>\r\n                    <td width=\"7\"></td>\r\n                    <td align=\"right\">\r\n                    <label><input name=\"UserPass\" type=\"password\" id=\"UserPass\" class=\"textInputField\" size=\"25\" autocomplete=\"off\" /></label>\r\n                    </td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n    \r\n            <tr id=\"trPasswordExpiredNoChange\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your password is expired. Please contact your administrator for assistance.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n               \r\n    \r\n            <tr id=\"trPasswordExpired\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your password is expired. Click <a id = \"passwordchangelink\" href=\"password.aspx\">here</a> to change it.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n    \r\n            <tr id=\"trErrorWorkSpaceInUse\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Another user of your computer is currently using this connection.  This user must disconnect before you can log on.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n    \r\n            <tr id=\"trErrorWorkSpaceDisconnected\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Another user of your computer has disconnected from this connection.  Please type your user name and password again.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n    \r\n            <tr id=\"trErrorIncorrectCredentials\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">The user name or password that you entered is not valid. Try typing it again.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr id=\"trErrorDomainNameMissing\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">You must enter a valid domain name.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr> \r\n\r\n    \r\n            <tr id=\"trErrorUnauthorizedAccess\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">You aren\u2019t authorized to log on to this connection.  Contact your system administrator for authorization.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n    \r\n            <tr id=\"trErrorServerConfigChanged\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">Your RD Web Access session expired due to configuration changes on the remote computer.  Please sign in again.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr id=\"trErrorGenericClaimsAuthFailure\" style=\"display:none\" >\r\n            <td>\r\n                <table>\r\n                <tr>\r\n                    <td height=\"20\">&#160;</td>\r\n                </tr>\r\n                <tr>\r\n                    <td><span class=\"wrng\">We can't sign you in right now. Please try again later.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr> \r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n            <tr>\r\n            <td height=\"1\" bgcolor=\"#CCCCCC\"></td>\r\n            </tr>\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\r\n                <tr>\r\n                    <td>Security&#160;<span id=\"spanToggleSecExplanation\" style=\"display:none\">(<a href=\"javascript:onclickExplanation('lnkShwSec')\" id=\"lnkShwSec\">show explanation</a><a href=\"javascript:onclickExplanation('lnkHdSec')\" id=\"lnkHdSec\" style=\"display:none\">hide explanation</a>)</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n            <tr>\r\n            <td height=\"5\"></td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" style=\"display:none\" id=\"tablePublicOption\" >\r\n                <tr>\r\n                    <td width=\"30\">\r\n                    <label><input id=\"rdoPblc\" type=\"radio\" name=\"MachineType\" value=\"public\" class=\"rdo\" onclick=\"onClickSecurity()\" /></label>\r\n                    </td>\r\n                    <td>This is a public or shared computer</td>\r\n                </tr>\r\n                <tr id=\"trPubExp\" style=\"display:none\" >\r\n                    <td width=\"30\"></td>\r\n                    <td><span class=\"expl\">Select this option if you use RD Web Access on a public computer.  Be sure to log off when you have finished using RD Web Access and close all windows to end your session.</span></td>\r\n                </tr>\r\n                <tr>\r\n                    <td height=\"7\"></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" style=\"display:none\" id=\"tablePrivateOption\" >\r\n                <tr>\r\n                    <td width=\"30\">\r\n                    <label><input id=\"rdoPrvt\" type=\"radio\" name=\"MachineType\" value=\"private\" class=\"rdo\" onclick=\"onClickSecurity()\" checked=\"checked\" /></label>\r\n                    </td>\r\n                    <td>This is a private computer</td>\r\n                </tr>\r\n                <tr id=\"trPrvtExp\" style=\"display:none\" >\r\n                    <td width=\"30\"></td>\r\n                    <td><span class=\"expl\">Select this option if you are the only person who uses this computer.  Your server will allow a longer period of inactivity before logging you off.</span></td>\r\n                </tr>\r\n                <tr>\r\n                    <td height=\"7\"></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\r\n                <tr id=\"trPrvtWrn\" style=\"display:none\" >\r\n                    <td width=\"30\"></td>\r\n                    <td><span class=\"wrng\">Warning:  By selecting this option, you confirm that this computer complies with your organization's security policy.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td>\r\n                <table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\r\n                <tr id=\"trPrvtWrnNoAx\" style=\"display:none\">\r\n                    <td><span class=\"wrng\">Warning:  By logging in to this web page, you confirm that this computer complies with your organization's security policy.</span></td>\r\n                </tr>\r\n                </table>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n            <tr>\r\n            <td align=\"right\"><label><input type=\"submit\" class=\"formButton\" id=\"btnSignIn\" value=\"Sign in\" /></label>\r\n            </td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n            <tr>\r\n            <td height=\"1\" bgcolor=\"#CCCCCC\"></td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td height=\"20\">&#160;</td>\r\n            </tr>\r\n            <tr>\r\n            <td>To protect against unauthorized access, your RD Web Access session will automatically time out after a period of inactivity.  If your session ends, refresh your browser and sign in again.</td>\r\n            </tr>\r\n\r\n            <tr>\r\n            <td height=\"30\">&#160;</td>\r\n            </tr>\r\n\r\n        </table>\r\n\r\n      </form>\r\n\r\n  \r\n  </HTMLMainContent>\r\n</RDWAPage>\r\n",
   "datamd5" : "1012278cbd6c2abd551caa3f13ea2189",
   "datammh3" : -1154139938,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "leaseplanrus.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "ec1314a5bf51a24c4359b250aab26172",
      "sha1" : "765170ddc9f95cb3451bf2ee16893b9bc98577f9",
      "sha256" : "ba1112bd9caf192160e32bbfecaa9edb69b87bdc7f7e8449ccb67a226b52077b"
   },
   "forward" : "93.90.220.115",
   "hostname" : [
      "93.90.220.115",
      "leaseplanrus.com"
   ],
   "ip" : "93.90.220.115",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign GCC R3 DV TLS CA 2020",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature"
   ],
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Softline Pjsc",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 9404,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "id-ecPublicKey",
      "length" : 256
   },
   "reason" : "OK",
   "seen_date" : "2024-11-20",
   "serial" : "1d:dc:dc:14:2a:91:ec:90:eb:bd:27:9a",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan::redirect::4",
   "status" : 200,
   "subject" : {
      "altname" : [
         "*.leaseplanrus.com",
         "leaseplanrus.com"
      ],
      "commonname" : "*.leaseplanrus.com"
   },
   "subnet" : "93.90.220.0/22",
   "tag" : "<enterprise field>: tag",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx",
   "validity" : {
      "notafter" : "2025-01-18T17:29:41Z",
      "notbefore" : "2023-12-18T17:29:42Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}

IP

93.90.220.115

Network

93.90.220.0/22

Domain(s)

leaseplanrus.com

Device

<enterprise field>: device.class

Operating System

Microsoft Windows

URL

https://93.90.220.115:9404/RDWeb/Pages/en-US/Default.aspx 302

HTTP Title

Object moved

ASN

AS47723

Organization

Softline Pjsc

Protocol

http Cert not expired http

Source

datascan::redirect::3

Operating System

Microsoft Windows

Product

Microsoft IIS 10.0

HTTP Component(s)

Microsoft RD Web Access

CPE(s)

<enterprise field>: cpe

Issuer Common Name

GlobalSign GCC R3 DV TLS CA 2020

Issuer Organization

GlobalSign nv-sa

Subject Common Name

*.leaseplanrus.com

Subject Alt Name

*.leaseplanrus.com leaseplanrus.com

SHA256 Fingerprint

ba1112bd9caf192160e32bbfecaa9edb69b87bdc7f7e8449ccb67a226b52077b

Validity Not Before

2023-12-18T17:29:42Z

Validity Not After

2025-01-18T17:29:41Z

Data MD5

0b824aaa42b92db6dcfd118250dba42b

HTTP Header MD5

1f61a80274b79276f516ed8988ad69c0

HTTP Body MD5

007e64fb0eb6c14340e2446c6bd51f4f

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://<ip>:9404/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx
Server: Microsoft-IIS/10.0
Set-Cookie: TSWAFeatureCheckCookie=true; path=/RDWeb/
Date: Wed, 20 Nov 2024 23:39:05 GMT
Connection: close

d6
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://<ip>:9404/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx">here</a>.</h2>
</body></html>

0

{
   "@category" : "datascan",
   "@timestamp" : "2024-11-20T23:39:06.000Z",
   "app" : {
      "http" : {
         "bodymd5" : "007e64fb0eb6c14340e2446c6bd51f4f",
         "bodymmh3" : 1846982204,
         "component" : [
            {
               "productvendor" : "Microsoft",
               "product" : "RD Web Access"
            }
         ],
         "headermd5" : "1f61a80274b79276f516ed8988ad69c0",
         "headermmh3" : 825175222,
         "title" : "Object moved"
      },
      "length" : 601
   },
   "asn" : "AS47723",
   "basicconstraints" : "critical",
   "ca" : "false",
   "country" : "RU",
   "cpe" : "<enterprise field>: cpe",
   "cpecount" : "<enterprise field>: cpecount",
   "data" : "HTTP/1.1 302 Found\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=utf-8\r\nExpires: -1\r\nLocation: https://<ip>:9404/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx\r\nServer: Microsoft-IIS/10.0\r\nSet-Cookie: TSWAFeatureCheckCookie=true; path=/RDWeb/\r\nDate: Wed, 20 Nov 2024 23:39:05 GMT\r\nConnection: close\r\n\r\nd6\r\n<html><head><title>Object moved</title></head><body>\r\n<h2>Object moved to <a href=\"https://<ip>:9404/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx\">here</a>.</h2>\r\n</body></html>\r\n\r\n0\r\n\r\n",
   "datamd5" : "0b824aaa42b92db6dcfd118250dba42b",
   "datammh3" : -157563849,
   "device" : {
      "class" : "<enterprise field>: device.class"
   },
   "domain" : [
      "leaseplanrus.com"
   ],
   "extkeyusage" : [
      "serverAuth",
      "clientAuth"
   ],
   "fingerprint" : {
      "md5" : "ec1314a5bf51a24c4359b250aab26172",
      "sha1" : "765170ddc9f95cb3451bf2ee16893b9bc98577f9",
      "sha256" : "ba1112bd9caf192160e32bbfecaa9edb69b87bdc7f7e8449ccb67a226b52077b"
   },
   "forward" : "93.90.220.115",
   "hostname" : [
      "93.90.220.115",
      "leaseplanrus.com"
   ],
   "ip" : "93.90.220.115",
   "ipv6" : "false",
   "issuer" : {
      "commonname" : "GlobalSign GCC R3 DV TLS CA 2020",
      "country" : "BE",
      "organization" : "GlobalSign nv-sa"
   },
   "keyusage" : [
      "digitalSignature"
   ],
   "latitude" : "55.7386",
   "location" : "55.7386,37.6068",
   "longitude" : "37.6068",
   "node" : {
      "country" : "<enterprise field>: node.country",
      "groupid" : "<enterprise field>: node.groupid",
      "id" : "<enterprise field>: node.id",
      "physicalcountry" : "<enterprise field>: node.physicalcountry"
   },
   "organization" : "Softline Pjsc",
   "os" : "Windows",
   "osvendor" : "Microsoft",
   "osversion" : [
      "Server 2016",
      10
   ],
   "port" : 9404,
   "product" : "IIS",
   "productvendor" : "Microsoft",
   "productversion" : "10.0",
   "protocol" : "http",
   "protocolversion" : "1.1",
   "publickey" : {
      "algorithm" : "id-ecPublicKey",
      "length" : 256
   },
   "reason" : "Found",
   "seen_date" : "2024-11-20",
   "serial" : "1d:dc:dc:14:2a:91:ec:90:eb:bd:27:9a",
   "signature" : {
      "algorithm" : "sha256WithRSAEncryption"
   },
   "source" : "datascan::redirect::3",
   "status" : 302,
   "subject" : {
      "altname" : [
         "*.leaseplanrus.com",
         "leaseplanrus.com"
      ],
      "commonname" : "*.leaseplanrus.com"
   },
   "subnet" : "93.90.220.0/22",
   "tld" : [
      "com"
   ],
   "tls" : "true",
   "transport" : "tcp",
   "url" : "/RDWeb/Pages/en-US/Default.aspx",
   "validity" : {
      "notafter" : "2025-01-18T17:29:41Z",
      "notbefore" : "2023-12-18T17:29:42Z"
   },
   "version" : "v3",
   "wildcard" : "true"
}