103.140.186.11:54984 (tcp/http) - last seen on 2024-11-07 at 02:35:06 UTC
-
- IP
- 103.140.186.11
- Network
- 103.140.186.0/23
- Device
-
<enterprise field>: device.class <enterprise field>: device.productvendor <enterprise field>: device.product
- Operating System
- PaloAltoNetworks PAN-OS
- URL
-
http://103.140.186.11:54984/global-protect/login.esp 200
- HTTP Title
- GlobalProtect Portal
- ASN
- AS206804
- Organization
- EstNOC OY
- Protocol
- http
- Source
- urlscan::redirect
-
- Operating System
- PaloAltoNetworks PAN-OS
- CPE(s)
-
<enterprise field>: cpe
This feature requires at least a "Lion View" to unlock. Go to our Pricing page for more.
-
- Data MD5
- 1e5922cfcac7b286f34561940861ccf1
- HTTP Header MD5
- ee055f170d3b7e8be4a2d2d17250a4bf
- HTTP Body MD5
- 2715d525cd77bcf687257b69a082d9a7
-
HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 02:35:02 UTC Content-Type: text/html; charset=UTF-8 Content-Length: 11443 Connection: keep-alive Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Set-Cookie: SESSID=60a052f2-3b27-4879-9871-de87745aa496; Path=/; SameSite=Lax; HttpOnly; Secure X-Frame-Options: DENY Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; <html> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=.85"> <meta http-equiv="pragma" content="no-cache"> <title>GlobalProtect Portal</TITLE> <link rel="shortcut icon" type="image/x-icon" href="portal/images/favicon.ico"> <link rel="stylesheet" href="/global-protect/portal/css/bootstrap.min.css"> <link rel="stylesheet" href="/global-protect/portal/css/latofonts.css"> <script src="portal/js/jquery.min.js"></script> <script src="portal/js/ie10-viewport-bug-workaround.js"></script> <link rel="stylesheet" href="/global-protect/portal/css/ie10-viewport-bug-workaround.css"> <link rel="stylesheet" href="/global-protect/portal/css/login.css"> <style type="text/css"> html, body { overflow: auto; } </style> <script type="text/javascript"> function loadPage() { if (typeof window.Storage !== 'undefined') { window.localStorage.clear(); } if (document.login.user.value == '') document.login.user.value = ""; if (document.login.user.value == '') document.login.user.focus(); var errMsg = ""; var respStatus = "Success"; var respMsg = "Authentication failure: Invalid username or password"; var autoSubmit = "false"; var needpasswd = ""; var labelUsername = "Username"; var labelPassword= "Password"; var isChangePasswdForm = 0 ; var valueUser = ""; var divNewPassword = document.getElementById("dNewPassword"); divNewPassword.style.display = "none"; var divConfirmNewPassword = document.getElementById("dConfirmNewPassword"); divConfirmNewPassword.style.display = "none"; var divChangePasswordMsg = document.getElementById("dChangePasswordMsg"); divChangePasswordMsg.style.display = "none"; var changePasswordMsg = ""; if (respStatus == "Warning") { } else if (respStatus == "Error") { var divUserTitle = document.getElementById("user"); if (labelUsername != '') divUserTitle.placeholder = labelUsername; var divPasswdTitle = document.getElementById("passwd"); if (labelPassword != '') divPasswdTitle.placeholder = labelPassword; if (isChangePasswdForm == 1) { document.getElementById("user").value = valueUser; divNewPassword.style.display = ""; divConfirmNewPassword.style.display = ""; if (changePasswordMsg != "") { divChangePasswordMsg.style.display = ""; divChangePasswordMsg.innerHTML = changePasswordMsg; } } else { if (autoSubmit == "true") { var divUserName = document.getElementById("dUserName"); document.login.user.disabled = true; var divPassword = document.getElementById("dPassword"); if (needpasswd == "false") { divPassword.style.display = "none"; } } } if (errMsg != "") errMsg += "<br><br>"; errMsg += "<li>"+respMsg; } else if (respStatus == "Challenge") { var divUserName = document.getElementById("dUserName"); divUserName.style.display = "none"; var divInputStr = document.getElementById("dInputStr"); divInputStr.style.display = "block"; divInputStr.innerHTML = respMsg; var divPasswdTitle = document.getElementById("passwd"); divPasswdTitle.placeholder = ""; } else if (respStatus == "Success") { var divUserTitle = document.getElementById("user"); if (labelUsername != '') divUserTitle.placeholder = labelUsername; var divPasswdTitle = document.getElementById("passwd"); if (labelPassword != '') divPasswdTitle.placeholder = labelPassword; if (autoSubmit == "true") { var divUserName = document.getElementById("dUserName"); document.login.user.disabled = true; var divPassword = document.getElementById("dPassword"); if (needpasswd == "false") { divPassword.style.display = "none"; } if (respMsg != "") { if (errMsg != "") errMsg += "<br><br>"; errMsg += "<li>"+respMsg; } else { var cac = document.getElementById("dCAC"); cac.style.display = "block"; cac.innerHTML = "The credentials are successfully verified and you will be logged in as user ''. Please click Login button to continue."; } } } if (errMsg != "") { var divObj = document.getElementById("dError"); divObj.style.display = "block"; divObj.innerHTML = errMsg; } } function submitClicked() { var thisForm = document.getElementById("login_form"); var divObj = document.getElementById("dError"); var in_change_passwd = 0 ; if (in_change_passwd == 1) { if (thisForm.passwd.value == "") { divObj.style.display = "block"; divObj.innerHTML = "The current password is empty!"; thisForm.passwd.focus(); return false; } else if ((thisForm.new_passwd.value == "") || (thisForm.new_passwd.value != thisForm.confirm_new_passwd.value)) { divObj.style.display = "block"; divObj.innerHTML = "The passwords you entered did not match!"; thisForm.new_passwd.focus(); return false; } } divObj.style.display = "none"; divObj.innerHTML = ""; var divTaLogin = document.getElementById("taLogin"); divTaLogin.style.display = "none"; var prot = window.location.protocol; var server = window.location.host; thisForm.prot.value = prot; thisForm.server.value = server; thisForm.inputStr.value = ""; thisForm.action.value = "getsoftware"; document.login.user.disabled = false; } function checkCapsLock(e) { var el = document.getElementById('divcl'); if (!el) return; var keycode = e.keyCode? e.keyCode : e.which; var shift = e.shiftKey? e.shiftKey : ((keycode == 16) ? true : false); if ((keycode >= 65 && keycode <= 90 && !shift) || (keycode >= 97 && keycode <= 122 && shift)) el.style.visibility = 'visible'; else el.style.visibility = 'hidden'; } </script> <script> window.onload = loadPage; </script> <script> $(document).ready(function() { if ((favicon != null) && (favicon != '')) { $('link[rel="shortcut icon"]').attr('href', favicon); } if ((logo != null) && (logo != '')) { $('#logo img').attr('src', logo); } if ((bg_color != null) && (bg_color != '')) { $('body').css('background', bg_color); } if ((gp_portal_name != null) && (gp_portal_name != '')) { $('#heading').html(gp_portal_name); } if ((gp_portal_name_color != null) && (gp_portal_name_color != '')) { $('#heading').css('color', gp_portal_name_color); } if ((error_text_color != null) && (error_text_color != '')) { $('#dError').css('color', error_text_color); } }); </script> <script> // Customizations - pass in values below. Used in GlobalProtect login page // and also getsoftwarepage // Change customization of 'GlobalProtect Portal Home Page' to get uniform look var favicon = ''; // URL to the icon displayed in browser's address bar var logo = ''; // URL to the company logo var bg_color = ''; // Background color var gp_portal_name = ''; // Text under company logo var gp_portal_name_color = ''; // Color for text under company logo var error_text_color = ''; // Text color for logon failure message </script> </head> <body> <div class="loginscreen_logo"> <div id="logo"> <img src="portal/images/logo-pan-48525a.svg" onerror="this.onerror=null; this.src='portal/images/logo-pan-48525a.png'" alt=""> </div> <div id="activearea"> <div id="heading">GlobalProtect Portal</div> <div id="formdiv"> <pan_form/> <div id="activearea"> <div id="formdiv"> <form name="login" id="login_form" method="post" autocomplete="off"> <input type="hidden" name="prot" value=""> <input type="hidden" name="server" value=""> <input type='hidden' name="inputStr" value=""> <input type='hidden' name="action" value=""> <div id="taLogin"> <div class="login_fields"> <div id="dUserName"> <input type="text" id="user" name="user" size="19" placeholder="Name"> </div> <div id="dInputStr" style="display:none"><br></div> <div id="dPassword"> <input type="password" id="passwd" maxlength="128" size="19" name="passwd" placeholder="Password"> </div> <div id="dNewPassword" style="display:none"> <input type="password" maxlength="128" size="19" name="new-passwd" id="new_passwd" placeholder="New Password"> </div> <div id="dConfirmNewPassword" style="display:none"> <input type="password" maxlength="128" size="19" name="confirm-new-passwd" id="confirm_new_passwd" placeholder="confirm New Password"> </div> <div id="submitbutton"> <input class="buttonFixed" type="submit" id="submit" name="ok" value="Log In" onclick="return submitClicked()"> </div> </div> </div> <div id="dError" class="error_msg" style="display:none"> </div> <div id="dChangePasswordMsgArea"> <div id="dChangePasswordMsgBorder" class="msg"> <div id="dChangePasswordMsg" class="msg"> </div> </div> </div> </form> </div> </div> </div> </div> </div> <!-- IE10 viewport hack for Surface/desktop Windows 8 bug --> <script src="portal/js/ie10-viewport-bug-workaround.js"></script> </body> </html> -
{ "@category" : "datascan", "@timestamp" : "2024-11-07T02:35:06.000Z", "app" : { "favicon" : { "url" : "/portal/images/favicon.ico" }, "http" : { "bodymd5" : "2715d525cd77bcf687257b69a082d9a7", "bodymmh3" : -789252299, "headermd5" : "ee055f170d3b7e8be4a2d2d17250a4bf", "headermmh3" : -756361133, "title" : "GlobalProtect Portal" }, "length" : 12029 }, "asn" : "AS206804", "city" : "Singapore", "country" : "SG", "cpe" : "<enterprise field>: cpe", "cpecount" : "<enterprise field>: cpecount", "data" : "HTTP/1.1 200 OK\r\nDate: Thu, 07 Nov 2024 02:35:02 UTC\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 11443\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nSet-Cookie: SESSID=60a052f2-3b27-4879-9871-de87745aa496; Path=/; SameSite=Lax; HttpOnly; Secure\r\nX-Frame-Options: DENY\r\nStrict-Transport-Security: max-age=31536000;\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';\r\n\r\n<html>\n <!DOCTYPE html>\n\n <html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=.85\">\n <meta http-equiv=\"pragma\" content=\"no-cache\">\n <title>GlobalProtect Portal</TITLE>\n <link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"portal/images/favicon.ico\">\n <link rel=\"stylesheet\" href=\"/global-protect/portal/css/bootstrap.min.css\">\n <link rel=\"stylesheet\" href=\"/global-protect/portal/css/latofonts.css\">\n <script src=\"portal/js/jquery.min.js\"></script>\n \n <script src=\"portal/js/ie10-viewport-bug-workaround.js\"></script>\n <link rel=\"stylesheet\" href=\"/global-protect/portal/css/ie10-viewport-bug-workaround.css\">\n <link rel=\"stylesheet\" href=\"/global-protect/portal/css/login.css\">\n \n\n <style type=\"text/css\">\n html, body {\n overflow: auto;\n }\n </style>\n\n\n <script type=\"text/javascript\">\n\n function loadPage() {\n \n\n if (typeof window.Storage !== 'undefined') {\n window.localStorage.clear();\n }\n\n \n if (document.login.user.value == '')\n document.login.user.value = \"\";\n\n if (document.login.user.value == '')\n document.login.user.focus();\n\n var errMsg = \"\";\n var respStatus = \"Success\";\n var respMsg = \"Authentication failure: Invalid username or password\";\n var autoSubmit = \"false\";\n var needpasswd = \"\";\n var labelUsername = \"Username\";\n var labelPassword= \"Password\";\n var isChangePasswdForm = 0 ;\n var valueUser = \"\";\n\n \n var divNewPassword = document.getElementById(\"dNewPassword\");\n divNewPassword.style.display = \"none\";\n var divConfirmNewPassword = document.getElementById(\"dConfirmNewPassword\");\n divConfirmNewPassword.style.display = \"none\";\n var divChangePasswordMsg = document.getElementById(\"dChangePasswordMsg\");\n divChangePasswordMsg.style.display = \"none\";\n var changePasswordMsg = \"\";\n\n if (respStatus == \"Warning\") {\n \n } else if (respStatus == \"Error\") {\n\n \n var divUserTitle = document.getElementById(\"user\");\n if (labelUsername != '')\n divUserTitle.placeholder = labelUsername;\n var divPasswdTitle = document.getElementById(\"passwd\");\n if (labelPassword != '')\n divPasswdTitle.placeholder = labelPassword;\n\n if (isChangePasswdForm == 1) {\n \n document.getElementById(\"user\").value = valueUser;\n\n divNewPassword.style.display = \"\";\n divConfirmNewPassword.style.display = \"\";\n\n if (changePasswordMsg != \"\") {\n divChangePasswordMsg.style.display = \"\";\n divChangePasswordMsg.innerHTML = changePasswordMsg;\n }\n } else {\n \n if (autoSubmit == \"true\") {\n var divUserName = document.getElementById(\"dUserName\");\n document.login.user.disabled = true;\n var divPassword = document.getElementById(\"dPassword\");\n if (needpasswd == \"false\") {\n divPassword.style.display = \"none\";\n }\n }\n }\n if (errMsg != \"\")\n errMsg += \"<br><br>\";\n errMsg += \"<li>\"+respMsg;\n } else if (respStatus == \"Challenge\") {\n var divUserName = document.getElementById(\"dUserName\");\n divUserName.style.display = \"none\";\n var divInputStr = document.getElementById(\"dInputStr\");\n divInputStr.style.display = \"block\";\n divInputStr.innerHTML = respMsg;\n var divPasswdTitle = document.getElementById(\"passwd\");\n divPasswdTitle.placeholder = \"\";\n } else if (respStatus == \"Success\") {\n \n var divUserTitle = document.getElementById(\"user\");\n if (labelUsername != '')\n divUserTitle.placeholder = labelUsername;\n var divPasswdTitle = document.getElementById(\"passwd\");\n if (labelPassword != '')\n divPasswdTitle.placeholder = labelPassword;\n\n if (autoSubmit == \"true\") {\n var divUserName = document.getElementById(\"dUserName\");\n document.login.user.disabled = true;\n var divPassword = document.getElementById(\"dPassword\");\n if (needpasswd == \"false\") {\n divPassword.style.display = \"none\";\n }\n if (respMsg != \"\") {\n if (errMsg != \"\")\n errMsg += \"<br><br>\";\n errMsg += \"<li>\"+respMsg;\n } else {\n var cac = document.getElementById(\"dCAC\");\n cac.style.display = \"block\";\n cac.innerHTML = \"The credentials are successfully verified and you will be logged in as user ''. Please click Login button to continue.\";\n }\n }\n }\n \n\n if (errMsg != \"\") {\n var divObj = document.getElementById(\"dError\");\n\n divObj.style.display = \"block\";\n divObj.innerHTML = errMsg;\n }\n } \n\nfunction submitClicked() {\n var thisForm = document.getElementById(\"login_form\");\n var divObj = document.getElementById(\"dError\");\n\n \n var in_change_passwd = 0 ;\n if (in_change_passwd == 1) {\n if (thisForm.passwd.value == \"\") {\n divObj.style.display = \"block\";\n divObj.innerHTML = \"The current password is empty!\";\n thisForm.passwd.focus();\n return false;\n } else if ((thisForm.new_passwd.value == \"\") ||\n (thisForm.new_passwd.value != thisForm.confirm_new_passwd.value)) {\n divObj.style.display = \"block\";\n divObj.innerHTML = \"The passwords you entered did not match!\";\n thisForm.new_passwd.focus();\n return false;\n }\n }\n\n \n divObj.style.display = \"none\";\n divObj.innerHTML = \"\";\n\n\n var divTaLogin = document.getElementById(\"taLogin\");\n divTaLogin.style.display = \"none\";\n\n \n var prot = window.location.protocol;\n var server = window.location.host;\n\n thisForm.prot.value = prot;\n thisForm.server.value = server;\n thisForm.inputStr.value = \"\";\n\n thisForm.action.value = \"getsoftware\";\n document.login.user.disabled = false;\n} \n\nfunction checkCapsLock(e) {\n var el = document.getElementById('divcl');\n if (!el) return;\n\n var keycode = e.keyCode? e.keyCode : e.which;\n var shift = e.shiftKey? e.shiftKey : ((keycode == 16) ? true : false);\n\n if ((keycode >= 65 && keycode <= 90 && !shift) || (keycode >= 97 && keycode <= 122 && shift))\n el.style.visibility = 'visible';\n else\n el.style.visibility = 'hidden';\n} \n\n\n\n\n</script>\n\n<script>\n \n window.onload = loadPage;\n</script>\n\n<script>\n \n $(document).ready(function() {\n if ((favicon != null) && (favicon != '')) {\n $('link[rel=\"shortcut icon\"]').attr('href', favicon);\n }\n\n if ((logo != null) && (logo != '')) {\n $('#logo img').attr('src', logo);\n }\n\n if ((bg_color != null) && (bg_color != '')) {\n $('body').css('background', bg_color);\n }\n\n if ((gp_portal_name != null) && (gp_portal_name != '')) {\n $('#heading').html(gp_portal_name);\n }\n\n if ((gp_portal_name_color != null) && (gp_portal_name_color != '')) {\n $('#heading').css('color', gp_portal_name_color);\n }\n\n if ((error_text_color != null) && (error_text_color != '')) {\n $('#dError').css('color', error_text_color);\n }\n });\n \n</script>\n <script>\n // Customizations - pass in values below. Used in GlobalProtect login page\n // and also getsoftwarepage\n // Change customization of 'GlobalProtect Portal Home Page' to get uniform look\n\n var favicon = ''; // URL to the icon displayed in browser's address bar\n var logo = ''; // URL to the company logo\n var bg_color = ''; // Background color\n var gp_portal_name = ''; // Text under company logo\n var gp_portal_name_color = ''; // Color for text under company logo\n var error_text_color = ''; // Text color for logon failure message\n </script>\n </head>\n <body>\n <div class=\"loginscreen_logo\">\n <div id=\"logo\">\n <img src=\"portal/images/logo-pan-48525a.svg\" \n onerror=\"this.onerror=null; this.src='portal/images/logo-pan-48525a.png'\"\n alt=\"\">\n </div>\n \n <div id=\"activearea\">\n <div id=\"heading\">GlobalProtect Portal</div>\n <div id=\"formdiv\">\n <pan_form/>\n<div id=\"activearea\">\n <div id=\"formdiv\">\n <form name=\"login\" id=\"login_form\" method=\"post\" autocomplete=\"off\">\n \n <input type=\"hidden\" name=\"prot\" value=\"\">\n <input type=\"hidden\" name=\"server\" value=\"\">\n <input type='hidden' name=\"inputStr\" value=\"\">\n <input type='hidden' name=\"action\" value=\"\">\n\n <div id=\"taLogin\">\n <div class=\"login_fields\">\n <div id=\"dUserName\">\n <input type=\"text\" id=\"user\" name=\"user\" size=\"19\" placeholder=\"Name\">\n </div>\n <div id=\"dInputStr\" style=\"display:none\"><br></div>\n <div id=\"dPassword\">\n <input type=\"password\" id=\"passwd\" maxlength=\"128\" size=\"19\" name=\"passwd\" placeholder=\"Password\">\n </div>\n <div id=\"dNewPassword\" style=\"display:none\">\n <input type=\"password\" maxlength=\"128\" size=\"19\" name=\"new-passwd\" id=\"new_passwd\" placeholder=\"New Password\">\n </div>\n <div id=\"dConfirmNewPassword\" style=\"display:none\">\n <input type=\"password\" maxlength=\"128\" size=\"19\" name=\"confirm-new-passwd\" id=\"confirm_new_passwd\" placeholder=\"confirm New Password\">\n </div>\n <div id=\"submitbutton\">\n <input class=\"buttonFixed\" type=\"submit\" id=\"submit\" name=\"ok\" value=\"Log In\" onclick=\"return submitClicked()\">\n </div>\n </div>\n </div>\n\n <div id=\"dError\" class=\"error_msg\" style=\"display:none\"> </div>\n\n <div id=\"dChangePasswordMsgArea\">\n <div id=\"dChangePasswordMsgBorder\" class=\"msg\">\n <div id=\"dChangePasswordMsg\" class=\"msg\">\n </div>\n </div>\n </div>\n\n </form>\n </div>\n</div>\n\n\n\n\n </div>\n </div>\n </div>\n\n <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->\n <script src=\"portal/js/ie10-viewport-bug-workaround.js\"></script>\n </body>\n</html>", "datamd5" : "1e5922cfcac7b286f34561940861ccf1", "datammh3" : 1592299858, "device" : { "class" : "<enterprise field>: device.class", "product" : "<enterprise field>: device.product", "productvendor" : "<enterprise field>: device.productvendor" }, "forward" : "103.140.186.11", "geolocus" : { "asn" : "AS206804", "continent" : "AS", "continentname" : "Asia", "country" : "SG", "countryname" : "Singapore", "domain" : [ "estnoc.ee" ], "isineu" : "false", "latitude" : "1.352083", "location" : "1.352083,103.819836", "longitude" : "103.819836", "netname" : "EstNOC-Singapore", "organization" : "EstNOC OY", "subnet" : "103.140.186.0/24" }, "hostname" : [ "103.140.186.11" ], "ip" : "103.140.186.11", "ipv6" : "false", "latitude" : "1.3264", "location" : "1.3264,103.9394", "longitude" : "103.9394", "node" : { "country" : "<enterprise field>: node.country", "groupid" : "<enterprise field>: node.groupid", "id" : "<enterprise field>: node.id", "physicalcountry" : "<enterprise field>: node.physicalcountry" }, "organization" : "EstNOC OY", "os" : "PAN-OS", "osvendor" : "PaloAltoNetworks", "port" : 54984, "protocol" : "http", "protocolversion" : "1.1", "reason" : "OK", "seen_date" : "2024-11-07", "source" : "urlscan::redirect", "status" : 200, "subnet" : "103.140.186.0/23", "tag" : "<enterprise field>: tag", "tls" : "false", "transport" : "tcp", "url" : "/global-protect/login.esp" }