HTTP/1.1 200 OK
Content-Length: 4506
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
body {
height: 100%;
font-family: Helvetica, Arial, sans-serif;
color: #6a6a6a;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
}
input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {
color: #262626;
vertical-align: baseline;
margin: .2em;
border-style: solid;
border-width: 1px;
border-color: #a9a9a9;
background-color: #fff;
box-sizing: border-box;
padding: 2px .5em;
appearance: none;
border-radius: 0;
}
input:focus {
border-color: #646464;
box-shadow: 0 0 1px 0 #a2a2a2;
outline: 0;
}
button {
padding: .5em 1em;
border: 1px solid;
border-radius: 3px;
min-width: 6em;
font-weight: 400;
font-size: .8em;
cursor: pointer;
}
button.primary {
color: #fff;
background-color: rgb(47, 113, 178);
border-color: rgb(34, 103, 173);
}
.message-container {
height: 500px;
width: 600px;
padding: 0;
margin: 10px;
}
.logo {
background: url(https://<ip>:8015/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;
height: 267px;
object-fit: contain;
}
table {
background-color: #fff;
border-spacing: 0;
margin: 1em;
}
table > tbody > tr > td:first-of-type:not([colspan]) {
white-space: nowrap;
color: rgba(0,0,0,.5);
}
table > tbody > tr > td:first-of-type {
vertical-align: top;
}
table > tbody > tr > td {
padding: .3em .3em;
}
.field {
display: table-row;
}
.field > :first-child {
display: table-cell;
width: 20%;
}
.field.single > :first-child {
display: inline;
}
.field > :not(:first-child) {
width: auto;
max-width: 100%;
display: inline-flex;
align-items: baseline;
virtical-align: top;
box-sizing: border-box;
margin: .3em;
}
.field > :not(:first-child) > input {
width: 230px;
}
.form-footer {
display: inline-flex;
justify-content: flex-start;
}
.form-footer > * {
margin: 1em;
}
.text-scrollable {
overflow: auto;
height: 150px;
border: 1px solid rgb(200, 200, 200);
padding: 5px;
font-size: 1em;
}
.text-centered {
text-align: center;
}
.text-container {
margin: 1em 1.5em;
}
.flex-container {
display: flex;
}
.flex-container.column {
flex-direction: column;
}
</style>
<title>Web Filter Block Override</title>
</head>
<body><div class="message-container">
<div class="logo"></div>
<h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
<h3>Web Filter Block Override</h3>
<p>Please contact your administrator to gain access to the web page.</p>
<div><font color="#FF0000">Invalid FortiGuard Web Filtering override request.</font></div>
</div></body>
</html>
{
"@category" : "datascan",
"@timestamp" : "2024-11-05T12:13:37.000Z",
"app" : {
"http" : {
"bodymd5" : "5365b88a3d455c70b49b0bcd25ad0436",
"bodymmh3" : 2016893213,
"component" : [
{
"productvendor" : "Fortinet",
"product" : "FortiGuard"
}
],
"headermd5" : "257fdf67bf182740586db7f7fc5f5223",
"headermmh3" : -1373165958,
"title" : "Web Filter Block Override"
},
"length" : 4765
},
"asn" : "AS7545",
"city" : "Melbourne",
"country" : "AU",
"cpe" : "<enterprise field>: cpe",
"cpecount" : "<enterprise field>: cpecount",
"data" : "HTTP/1.1 200 OK\r\nContent-Length: 4506\r\nConnection: close\r\nCache-Control: no-cache\r\nContent-Type: text/html; charset=utf-8\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nContent-Security-Policy: frame-ancestors 'self'\r\n\r\n<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=8; IE=EDGE\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <style type=\"text/css\">\n body {\n height: 100%;\n font-family: Helvetica, Arial, sans-serif;\n color: #6a6a6a;\n margin: 0;\n display: flex;\n align-items: center;\n justify-content: center;\n }\n input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea {\n color: #262626;\n vertical-align: baseline;\n margin: .2em;\n border-style: solid;\n border-width: 1px;\n border-color: #a9a9a9;\n background-color: #fff;\n box-sizing: border-box;\n padding: 2px .5em;\n appearance: none;\n border-radius: 0;\n }\n input:focus {\n border-color: #646464;\n box-shadow: 0 0 1px 0 #a2a2a2;\n outline: 0;\n }\n button {\n padding: .5em 1em;\n border: 1px solid;\n border-radius: 3px;\n min-width: 6em;\n font-weight: 400;\n font-size: .8em;\n cursor: pointer;\n }\n button.primary {\n color: #fff;\n background-color: rgb(47, 113, 178);\n border-color: rgb(34, 103, 173);\n }\n .message-container {\n height: 500px;\n width: 600px;\n padding: 0;\n margin: 10px;\n }\n .logo {\n background: url(https://<ip>:8015/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH) no-repeat left center;\n height: 267px;\n object-fit: contain;\n }\n table {\n background-color: #fff;\n border-spacing: 0;\n margin: 1em;\n }\n table > tbody > tr > td:first-of-type:not([colspan]) {\n white-space: nowrap;\n color: rgba(0,0,0,.5);\n }\n table > tbody > tr > td:first-of-type {\n vertical-align: top;\n }\n table > tbody > tr > td {\n padding: .3em .3em;\n }\n .field {\n display: table-row;\n }\n .field > :first-child {\n display: table-cell;\n width: 20%;\n }\n .field.single > :first-child {\n display: inline;\n }\n .field > :not(:first-child) {\n width: auto;\n max-width: 100%;\n display: inline-flex;\n align-items: baseline;\n virtical-align: top;\n box-sizing: border-box;\n margin: .3em;\n }\n .field > :not(:first-child) > input {\n width: 230px;\n }\n .form-footer {\n display: inline-flex;\n justify-content: flex-start;\n }\n .form-footer > * {\n margin: 1em;\n }\n .text-scrollable {\n overflow: auto;\n height: 150px;\n border: 1px solid rgb(200, 200, 200);\n padding: 5px;\n font-size: 1em;\n }\n .text-centered {\n text-align: center;\n }\n .text-container {\n margin: 1em 1.5em;\n }\n .flex-container {\n display: flex;\n }\n .flex-container.column {\n flex-direction: column;\n }\n </style>\n <title>Web Filter Block Override</title>\n </head>\n <body><div class=\"message-container\">\n <div class=\"logo\"></div>\n <h1>FortiGuard Intrusion Prevention - Access Blocked</h1>\n <h3>Web Filter Block Override</h3>\n <p>Please contact your administrator to gain access to the web page.</p>\n <div><font color=\"#FF0000\">Invalid FortiGuard Web Filtering override request.</font></div>\n</div></body>\n</html>\n\r\n",
"datamd5" : "4718f078b162e3585d6583a75476a22b",
"datammh3" : 1818786752,
"device" : {
"class" : "<enterprise field>: device.class",
"product" : "<enterprise field>: device.product",
"productvendor" : "<enterprise field>: device.productvendor"
},
"geolocus" : {
"asn" : "AS7545",
"continent" : "OC",
"continentname" : "Oceania",
"country" : "AU",
"countryname" : "Australia",
"domain" : [
"intellectit.com.au"
],
"isineu" : "false",
"latitude" : "-25.274398",
"location" : "-25.274398,133.775136",
"longitude" : "133.775136",
"netname" : "IITPL-AS-AP",
"organization" : "INTELLECT INFORMATION TECHNOLOGY PTY LTD",
"subnet" : "103.152.74.0/24"
},
"ip" : "103.152.74.182",
"ipv6" : "false",
"latitude" : "-37.8182",
"location" : "-37.8182,144.9443",
"longitude" : "144.9443",
"node" : {
"country" : "<enterprise field>: node.country",
"groupid" : "<enterprise field>: node.groupid",
"id" : "<enterprise field>: node.id",
"physicalcountry" : "<enterprise field>: node.physicalcountry"
},
"organization" : "TPG Telecom Limited",
"os" : "FortiOS",
"osvendor" : "Fortinet",
"port" : 8015,
"protocol" : "http",
"protocolversion" : "1.1",
"reason" : "OK",
"seen_date" : "2024-11-05",
"source" : "datascan",
"status" : 200,
"subnet" : "103.152.74.0/24",
"tag" : "<enterprise field>: tag",
"tls" : "false",
"transport" : "tcp",
"url" : "/"
}
