Entreprise information categories

Entreprise information categories are the ones only accessible to Entreprise View customers. Of course, these customers will also have access to standard information categories.

The following categories are defined as entreprise:

  • onionscan
  • onionshot
  • datashot

Entreprise information categories description

Each collected information is enriched with a timestamp and geolocation information (where applicable).

onionscan category

As well as crawling the clear Net and the clear Web with the datascan information category, we are also crawling the Dark Web (also known as the onion land). As of today, we are only crawling using the HTTP protocol.

{
  "count": 2,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "onionscan",
      "@timestamp": "2018-10-24T19:03:31.000Z",
      "@type": "doc",
      "app": {
        "extract": {
          "domain": [
            "wikipedia.org",
            "wikibooks.org",
            "haskell.org",
            "ats-lang.org"
          ],
          "file": [
            "grdt-popl03.pdf"
          ],
          "hostname": [
            "en.wikibooks.org",
            "en.wikipedia.org",
            "wiki.haskell.org",
            "www.ats-lang.org"
          ],
          "url": [
            "http://www.ats-lang.org/MYDATA/GRDT-popl03.pdf",
            "http://www.ats-lang.org/",
            "https://en.wikibooks.org/wiki/Haskell/GADT",
            "https://wiki.haskell.org/GADTs_for_dummies",
            "https://en.wikipedia.org/wiki/Generalized_algebraic_data_type"
          ]
        },
        "http": {
          "bodymd5": "d41d8cd98f00b204e9800998ecf8427e",
          "headermd5": "297ee2062d5eab6d7a30bd8656730536",
          "title": "Bluish Coder"
        },
        "length": "4096"
      },
      "cpe": [
        "cpe:/a:igor_sysoev:nginx:1.10.3"
      ],
      "data": "HTTP/1.1 200 OK\r\nContent-Length: 93915\r\nETag: \"5bc71236-16edb\"\r\nDate: Wed, 24 Oct 2018 19:03:31 GMT\r\nLast-Modified: Wed, 17 Oct 2018 10:43:02 GMT\r\nServer: nginx/1.10.3 (Ubuntu)\r\nContent-Type: text/html\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\n\r\n\n<!DOCTYPE html>\n<html>\n<head>\n   <meta http-equiv=\"content-type\" content=\"text/html; cha
[..]
      "datamd5": "6f50408650910af16c5f8b229202264e",
      "device": {
        "class": "Web Server"
      },
      "domain": "mh7mkfvezts5j6yu.onion",
      "hostname": "mh7mkfvezts5j6yu.onion",
      "onion": "mh7mkfvezts5j6yu.onion",
      "os": "Linux",
      "osdistribution": "Ubuntu",
      "port": 80,
      "product": "Nginx",
      "productvendor": "Igor Sysoev",
      "productversion": "1.10.3",
      "protocol": "http",
      "protocolversion": "1.1",
      "reason": "OK",
      "seen_date": "2018-10-24",
      "source": "datascan",
      "status": "200",
      "tag": [
        "ok"
      ],
      "tls": "false",
      "url": "/"
    },
[..]
  ],
  "status": "ok",
  "took": "0.004",
  "total": 2
}

onionshot category

As we crawl the Dark Web, we also perform screenshot activities against all onion Web sites. This category of information stores screenshots that have been taken.

{
  "count": 2,
  "error": 0,
  "max_page": 1,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "onionshot",
      "@timestamp": "2019-05-07T15:49:37.000Z",
      "@type": "doc",
      "app": {
        "http": {
          "bodymd5": "d41d8cd98f00b204e9800998ecf8427e",
          "headermd5": "1d4ac9665b20bd9523d1d398e3afb4e6"
        },
        "length": "177",
        "screenshot": {
          "format": "jpg",
          "image": "/9j/4AAQSkZJRgABAQEAZABkAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARC
[..]
          "imagemd5": "de9c6f35276f5fbd045c0f6ef27d7ba3"
        }
      },
      "data": "QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'\nlibpng warning: iCCP: known incorrect sRGB profile\nlibpng warning: iCCP: known incorrect sRGB profile\n",
      "datamd5": "1d4ac9665b20bd9523d1d398e3afb4e6",
      "device": {
        "class": "Web Server"
      },
      "domain": "b2ebtnyz25tr4nxl.onion",
      "forward": "b2ebtnyz25tr4nxl.onion",
      "hostname": "b2ebtnyz25tr4nxl.onion",
      "onion": "b2ebtnyz25tr4nxl.onion",
      "port": 80,
      "protocol": "http",
      "seen_date": "2019-05-07",
      "source": "onionscan",
      "tls": "false",
      "transport": "tcp",
      "url": "/"
    },
[..]
  ],
  "status": "ok",
  "took": "0.184",
  "total": 2
}

datashot category

Some protocols allows to have a graphical view on an interface. So we perform screenshots against the following protocols:

  • x11
  • vnc
  • rdp
  • rtsp
{
  "count": 10,
  "error": 0,
  "max_page": 456,
  "myip": "<redacted>",
  "page": 1,
  "results": [
    {
      "@category": "datashot",
      "@timestamp": "2019-05-08T04:32:30.000Z",
      "@type": "doc",
      "app": {
        "length": "599",
        "screenshot": {
          "format": "jpg",
          "image": "/9j/7gAOQWRvYmUAZAAAAAAA/9sAQwABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB/8AAEQgBkALQA1IRAEcRAEIRAP/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECA
[..]
          "imagemd5": "2c685c23737b6c9d8c0975599088a991"
        },
        "vnc": {
          "authentication": "null",
          "desktopname": "QEMU (opnsense)",
          "screensize": "720x400",
          "version": "3.8"
        }
      },
      "asn": "AS32613",
      "city": "Montreal",
      "country": "CA",
      "data": "VNC server supports protocol version 3.8 (viewer 3.3)\nNo authentication needed\nDesktop name \"QEMU (opnsense)\"\nConnected to VNC server, using protocol version 3.3\nVNC server default format:\n  32 bits per pixel.\n  Least significant byte first in each pixel.\n  True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0\n  32 bits per pixel.\n  Least significant byte first in each pixel.\n  True colour: max red 255 green 255 blue 255, shift red 0 green 8 blue 16",
      "datamd5": "524ba7c9686dcc17075c5c3260be070f",
      "device": {
        "class": "VNC Server"
      },
      "ip": "<redacted>",
      "ipv6": "false",
      "location": "45.4594,-73.5501",
      "organization": "iWeb Technologies Inc.",
      "port": "5901",
      "protocol": "vnc",
      "seen_date": "2019-05-08",
      "source": "datascan",
      "subnet": "<redacted>/22",
      "tag": [
        "admin"
      ],
      "tls": "false",
      "transport": "tcp"
    },
[..]
  ],
  "status": "ok",
  "took": "0.205",
  "total": 4557
}

Other information categories

But we collect more information categories as described in this post.