- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-09-2024 08:41 AM
I have the following message in the User Agent field of my Apache log:
Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
How does Expanse know to scan my website?
Here's why I'm asking:
Just two people know about this subdomain.
So... which software spied on who and how?
The subdomain most likely only appeared in a Firefox browser for one of us before Expanse and a bunch of other scanners started accessing the site
02-09-2024 08:48 AM
Two things
02-09-2024 09:00 AM
Option 1 doesn't apply, because the subdomain is resolved via a wildcard DNS resolver. It's not itself present in DNS, and it's a subdomain of a another registered domain.
For Option 2 though, after a some brief brainstorming with my colleague, I think I have a candidate shortlist: either Let's Encrypt, or Certificate Transparency logs. My website uses Let's Encrypt for its SSL. All other variables appear to be controlled for: it's my container, behind my reverse proxy, built on my Docker image, using my PHP code and everything is, to the best of my knowledge, not blabbing to outside services. The only places where the subdomain is known are: Traefik, Let's Encrypt, CT logs. The container doesn't know its subdomain beforehand.
I could validate this hypothesis at some point be also replacing the PHP code with some hello world HTML.
I was just surprised, because this site is only meant for our temporary software development purposes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!