{"report_id":"11632b85-889e-4185-bda8-aadd3ffedc0b","version":6,"status":"done","tags":[],"date":"2025-10-24T03:58:20Z","url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":0,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"title":"3308维多利亚线路检测中心(中国)有限公司"},"submit":{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":0,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T03:58:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":24,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49308,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.410252+0000\",\"flow_id\":1695034500440201,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49308,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/625087/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":3053,\"start\":\"2025-10-24T03:57:59.909449+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.415961+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2443,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49302,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.424414+0000\",\"flow_id\":1722208758521944,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49302,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2445,\"start\":\"2025-10-24T03:57:59.909400+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49336,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.426532+0000\",\"flow_id\":1708009596641518,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49336,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2165},\"files\":[{\"filename\":\"/Skins/625087/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2165,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":665,\"bytes_toclient\":4662,\"start\":\"2025-10-24T03:57:59.909550+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.430979+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hot.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":609,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49324,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.449481+0000\",\"flow_id\":451542684000448,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49324,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2444,\"start\":\"2025-10-24T03:57:59.909504+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.092649+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2447,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.093786+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.116581+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2007,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.133538+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2442,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.979151+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/625087/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1739,\"bytes_toclient\":7806,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.006337+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1206,\"bytes_toclient\":5273,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.010979+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/625087/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":2550,\"bytes_toclient\":38181,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.038364+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1377,\"bytes_toclient\":10087,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.057848+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":12,\"bytes_toserver\":1432,\"bytes_toclient\":12318,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.076175+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1205,\"bytes_toclient\":5883,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.202441+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":35,\"bytes_toserver\":2604,\"bytes_toclient\":43532,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.246906+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":13,\"bytes_toserver\":1793,\"bytes_toclient\":10033,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.584309+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/625087/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":17,\"bytes_toserver\":2331,\"bytes_toclient\":13707,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.599748+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/625087/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2522,\"bytes_toclient\":16565,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.646640+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":31,\"pkts_toclient\":41,\"bytes_toserver\":3197,\"bytes_toclient\":49173,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.584916+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/625087/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":25,\"bytes_toserver\":2522,\"bytes_toclient\":26103,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.642277+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/625087/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":26,\"bytes_toserver\":2554,\"bytes_toclient\":28226,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.872450+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/625087/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":22,\"bytes_toserver\":2684,\"bytes_toclient\":20168,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"img47.chem17.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2018-01-22T02:37:37Z","last_seen":"2025-10-24T03:19:23.35145Z","alert_count":0,"request_count":2,"received_data":334,"sent_data":858,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.dlchuangrui.com","ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":24,"request_count":25,"received_data":412046,"sent_data":9480,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"img41.chem17.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2016-11-12T23:22:17Z","last_seen":"2025-10-24T03:19:24.147425Z","alert_count":0,"request_count":4,"received_data":687,"sent_data":1716,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.chem17.com","ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":3165666,"first_seen":"2013-06-12T07:47:44Z","last_seen":"2025-10-23T06:05:29.60731Z","alert_count":0,"request_count":2,"received_data":5933,"sent_data":1393,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"img42.chem17.com","ip":{"addr":"106.225.240.24","port":80,"asn":134238,"as":"CHINANET Jiangx province IDC network","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2016-11-19T08:30:48Z","last_seen":"2025-10-04T13:48:12.34334Z","alert_count":0,"request_count":2,"received_data":334,"sent_data":858,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"182.61.244.229","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2025-10-22T03:11:32.073064Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":336,"comment":"","tags":null,"fingerprints":null},{"fqdn":"89tongji.com","ip":{"addr":"94.156.119.89","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"domain_registered":"2023-08-03","domain_rank":3345724,"first_seen":"2023-08-03T16:00:12Z","last_seen":"2025-10-22T10:07:36.573711Z","alert_count":0,"request_count":3,"received_data":69523,"sent_data":1564,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pinganfafa.com","ip":{"addr":"143.92.57.25","port":25858,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2024-12-12","domain_rank":6845800,"first_seen":"2024-12-18T10:35:17.798759Z","last_seen":"2025-10-19T15:13:44.138824Z","alert_count":0,"request_count":1,"received_data":3262,"sent_data":783,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"chat.chem17.com","ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2014-05-27T23:58:43Z","last_seen":"2025-10-23T06:57:34.626665Z","alert_count":0,"request_count":2,"received_data":1797,"sent_data":846,"comment":"","tags":null,"fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"img60.chem17.com","ip":{"addr":"218.60.101.80","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2013-11-27T18:29:53Z","last_seen":"2025-10-16T06:08:27.68932Z","alert_count":0,"request_count":2,"received_data":336,"sent_data":858,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"img55.chem17.com","ip":{"addr":"61.54.86.137","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2003-03-17","domain_rank":0,"first_seen":"2013-10-02T03:25:02Z","last_seen":"2025-10-24T03:19:23.859508Z","alert_count":0,"request_count":2,"received_data":338,"sent_data":858,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.share.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2025-10-21T09:23:10.233185Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":375,"comment":"","tags":null,"fingerprints":null},{"fqdn":"test.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2021-06-25T14:04:50Z","last_seen":"2025-10-22T11:28:57.365548Z","alert_count":0,"request_count":13,"received_data":230864,"sent_data":6203,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"wap.qovwe.com","ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"domain_registered":"2025-02-13","domain_rank":0,"first_seen":"2025-08-20T10:47:10.025727Z","last_seen":"2025-08-20T10:47:10.025727Z","alert_count":0,"request_count":35,"received_data":1004398,"sent_data":13431,"comment":"","tags":null,"fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2025-10-20T01:32:15.93082Z","alert_count":0,"request_count":2,"received_data":721,"sent_data":776,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2025-10-22T06:01:37.957798Z","alert_count":0,"request_count":1,"received_data":3644,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49308,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.410252+0000\",\"flow_id\":1695034500440201,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49308,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/625087/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":3053,\"start\":\"2025-10-24T03:57:59.909449+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.415961+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2443,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49302,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.424414+0000\",\"flow_id\":1722208758521944,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49302,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2445,\"start\":\"2025-10-24T03:57:59.909400+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49336,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.426532+0000\",\"flow_id\":1708009596641518,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49336,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2165},\"files\":[{\"filename\":\"/Skins/625087/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2165,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":665,\"bytes_toclient\":4662,\"start\":\"2025-10-24T03:57:59.909550+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.430979+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hot.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":609,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49324,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.449481+0000\",\"flow_id\":451542684000448,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49324,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2444,\"start\":\"2025-10-24T03:57:59.909504+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.092649+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2447,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.093786+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.116581+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2007,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.133538+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2442,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.979151+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/625087/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1739,\"bytes_toclient\":7806,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.006337+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1206,\"bytes_toclient\":5273,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.010979+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/625087/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":2550,\"bytes_toclient\":38181,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.038364+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1377,\"bytes_toclient\":10087,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.057848+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":12,\"bytes_toserver\":1432,\"bytes_toclient\":12318,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.076175+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1205,\"bytes_toclient\":5883,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.202441+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":35,\"bytes_toserver\":2604,\"bytes_toclient\":43532,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.246906+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":13,\"bytes_toserver\":1793,\"bytes_toclient\":10033,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.584309+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/625087/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":17,\"bytes_toserver\":2331,\"bytes_toclient\":13707,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.599748+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/625087/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2522,\"bytes_toclient\":16565,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.646640+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":31,\"pkts_toclient\":41,\"bytes_toserver\":3197,\"bytes_toclient\":49173,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.584916+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/625087/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":25,\"bytes_toserver\":2522,\"bytes_toclient\":26103,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.642277+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/625087/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":26,\"bytes_toserver\":2554,\"bytes_toclient\":28226,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.872450+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/625087/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":22,\"bytes_toserver\":2684,\"bytes_toclient\":20168,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"wap.qovwe.com/jquery.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a75ada17c3011458d74a0e4c5cc17ffa","sha1":"8e57d597b1caeb46af5a4578034187eda8bf8b26","sha256":"8056951f7605e0cc00e96769abe87124de09d74273e83efb7992dddc056390ce","sha512":"b56551f614e99478ac6a0e273fe4bb4b796c29e118732b903d11ec3dfc8368f0872386a3970dad897a0b5dceb21adb5557827c6dad66a642480a1f52c45fef4e","ssdeep":"","tlshash":"d30181d8c7c4d89baecc5e43ea24deca25b3813b97d832838318fe8c01ad157c89c049","size":718,"data":"","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.350899Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/067/ade/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa19716607c7d8137d9cfbe623dba7cb","sha1":"e46242940c345610d692c2b1ce8fe9c1152aa46c","sha256":"cc9193fc7e8e2722b308b5de9881b0442e21363e33b296824381d574816bae16","sha512":"391ff0cdc99fdcfb81af8a0a72425b9e178309d74d5ec96642dbfc1fdd98be8529260af73ac6896dd45266adde8cfcfa96083e4c94a10ef1a3e593de0915d60b","ssdeep":"","tlshash":"4b611f54ef8d20338e133155ae6f958c24be68577d48eca7f84c64d44fa0d38852beac","size":3363,"data":"","first_seen":"2024-12-18T10:35:23.532443Z","last_seen":"2026-04-04T22:13:19.170087Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFCenterBox/625087","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","size":49,"data":"","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"cbfa47b5e5fc32faadd673ad8f45c9fa","sha1":"1e5ba7852d9a411a97ac5f3b46731d4dd1279a04","sha256":"a8284b9754f4a41d0a97474d4485a1170827897e3919e665517c07b3d6acad22","sha512":"86825db1952e0020c8cb35f88978467cebda0229a48d79089eaf5ccef933997879067cc5c704e28c4263f4e1fcbbb81c7e306c2ab84aedcd4386f23dc64ff14f","ssdeep":"","tlshash":"788000228e0200a028230800222c8002208008230020c220380eb80c2f000000a8a8c0","size":28,"data":"","first_seen":"2023-11-01T20:49:01Z","last_seen":"2026-04-04T22:37:14.111737Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/jquery-3.6.0.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89404,"data":"","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5b61a8117595105eb807de7e8a6210d9","sha1":"dd581f525b02d73f46a82c16a24434cd7fd931dc","sha256":"72383e59ca0df2d7c33ac2e7a6328c389abfe5b4ad2b397a6b39401065ce2cfe","sha512":"dba24e2f01953e2101e62b13fb37732ed0fa4697c041ceaaf5438bb53637960efa3ef5df72ddb30166b2a387b96a12a50bd808cbdbd8f3ad37e6981eeb778fc7","ssdeep":"","tlshash":"30a0123f3390730210022003a912094e16f31034c040803caa541184043cc648381c84","size":82,"data":"","first_seen":"2025-10-24T03:58:52.770812Z","last_seen":"2025-10-24T03:58:52.770812Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1db6da33d6fdc0d343b25c19c6054f6","sha1":"94d058f70ab041620ec98930b6e32010b3683c24","sha256":"524a1d2acd08874d1d2c85c71eeb393d8e7df120cd677e10e73541af208fdf87","sha512":"6d0ffd4f7d616bfed0bba02e919b667348df66499203a2463887158cefd3b99dce51a38b06cae07ba9c21571f18e9b917ab84d2a0053bd7d972ead8d350bb077","ssdeep":"","tlshash":"38f097aed841a2685bc269b89babd688d0ae0025d00add47a5d6dccd2c38fd8082134d","size":502,"data":"","first_seen":"2024-08-19T14:43:35.350479Z","last_seen":"2026-03-05T02:18:22.917675Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"89tongji.com/matomo.js","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"94.156.119.89","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67972,"data":"","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-04-05T06:29:55.682027Z","times_seen":13960,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.chem17.com/mystat.aspx?u=dlchuangrui","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"756ca121c7b85221096ca407f1f7b9fc","sha1":"fb7e380fe0505219bfd29372d3ecf5dafb2d77e7","sha256":"d31ecacb7d8330991b2b5601fd9891f92e7679ad26c779b5f4b281556a773c30","sha512":"28346f62be2aa2fb7e249d76154385e228e52e1f63e80222754396dbd4080e0d0195b32fd0eee4a71ff832b8fb7f7e793bde16492689bc25448c3897a7d642a1","ssdeep":"","tlshash":"e9214d541d06c0a4bc36713d89b7c13cd2b11a273865d73278cca9184f78fa565deeea","size":1362,"data":"","first_seen":"2025-10-24T03:58:52.772656Z","last_seen":"2025-10-24T03:58:52.772656Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/swiper.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","size":96097,"data":"","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/asyncstat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"240fea4806c5673ced1882625d34058e","sha1":"795e53c146f6bea40e4f7af2bd39bc0ca65d056f","sha256":"3efac83a55071b656569da819c6b5f2380e60e3df470f88786d5ea91d136a812","sha512":"3b6d9fa7649e714bfb03930c922058faf14aefd5c63803b06b40c3d22b2ca3e88373e01aaebb451c28a86f8446546d47b86ba32cc248b379ea4aa090bb68bfb4","ssdeep":"","tlshash":"05f09e678805e2fe8905b8eddfa1d344c0470f7b3165ea73a12b14912621477f0ac9db","size":500,"data":"","first_seen":"2025-10-24T03:58:52.774467Z","last_seen":"2025-10-24T03:58:52.774467Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d498d6e2634034e28d1b41b3d735db04","sha1":"a00e11e778b617db58bf30f16aa581227b8aad01","sha256":"fb13e5b06a34c53d7ba405f968bef492f9b623165413f0eb577b2645a1e3d661","sha512":"f783c69f36798112351a72c69147c0f994469dddcde57aa09a152b5519085b725f140a6597a9f06e941eb6cd73509f43ad1745bd09726d9f4eadb839dfeb1848","ssdeep":"","tlshash":"b9f00511c59f1dfd622a627b6dfccd1e73ab241ed0b0c0407d50d41475b198185482c8","size":502,"data":"","first_seen":"2025-10-20T21:30:04.170621Z","last_seen":"2025-12-17T06:35:43.619372Z","times_seen":504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a904c56c35f4a92e44df4fdc1758f4c","sha1":"a144c9a850d0b3623c36035da85e7888950a6332","sha256":"b520a3e79c9292de6d8edada1728a2368b1fb9f7c853468b4ff7a8f793286414","sha512":"4c92aae019517ecff625fe217057d25ecfb57060891675ce8cf95fe7b470da9c7b7e15dcebd9c569a8ca979711b7afe42ab0bdfe1cb325cf32f78e03b0a26afa","ssdeep":"","tlshash":"e23108f7e2d604b20ea7d2f7b3305778e8d2401fcd529ad1d5ac13610768d52b117e84","size":1454,"data":"","first_seen":"2025-10-24T03:58:52.776382Z","last_seen":"2025-10-24T03:58:52.776382Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/customer.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","size":3880,"data":"","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"210d4f43b382acfb75f0f93b9c50ecbe","sha1":"59b36abd16d11e7df6631e0414001d2a71727bc9","sha256":"0dcc1d68298b80b8746eb95f3e454d036988415a8d6df607edf2f79be8a76911","sha512":"0aa2f0e626fba04f5e58e2e39e2eb1f33033e2eaae7f4e46ea0bbb3b419ff24abedc34e2265c536f899be66f8a015536e24898b7990732cebe90c77425122c30","ssdeep":"","tlshash":"d7b012a3bf0d0c3814893127012443c0b80dc7734f942999983c3a138010c458289f64","size":97,"data":"","first_seen":"2024-10-22T22:01:03.829516Z","last_seen":"2026-04-01T07:16:48.453299Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7aefcc9c0090e31a4a5f268688dfcac6","sha1":"b0f600ad8579722851fee6e753b755af7a7f046e","sha256":"d7c53adf9e997035823407705123f2c5a0670eee693b725123ba064ab76182cb","sha512":"3472fd777376b3a973b83911f5aecc37dda30a4071ea3ece9d8ad82b7a114bb798653629db32348ab7bdf915085960a7798fccce14ec3301422a9ebcd76ddc87","ssdeep":"","tlshash":"75f09eaeec41a9545ac324b897dfd648d15e0028d009c417a5d9c8cd2d38fc5082174c","size":502,"data":"","first_seen":"2023-06-28T06:11:32Z","last_seen":"2026-03-29T21:47:46.939286Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/jquery.la.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4710027609e01772ebdc5a27700b501d","sha1":"e336f43482448ca08728fb6b548050cc72ecafc0","sha256":"60b85f59c03d4cba87acfda83573bee883cf60b55027b2070832fcfee1dbaf45","sha512":"2d3d35b429aadc03b6e67a926fc40691447b0d4ea0c63db67d0c3814c84780d60fb505cb65731ef0b04770549440f319ac2d9c434c79d4f7dc28bfac614113c5","ssdeep":"","tlshash":"5321ac5efc05e2205b512c7637bbe9aca9ae0031600adc0a59ebc4ac6c25ff94912a0d","size":1221,"data":"","first_seen":"2024-08-19T14:43:35.312442Z","last_seen":"2026-03-29T20:57:38.555756Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/js/JSChat.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c585663f5b83e34d09092e44326b9377","sha1":"498b43fec7eb7cb801257cc121f97c12be542abc","sha256":"97da6e4048ee96ed0c9d00a4f87b00c26adb4af9af53df68e5d8b6669f4bb690","sha512":"5e9a059d9ff3f80b3aa58f6411925c2744e579450f08885deaf41bbdfcb95af3254195a4fde2454047d63838ec6a4eb5cd4d3b213bf1d94df9d5d30ba86f44e9","ssdeep":"","tlshash":"7731dfb28913d31609194e63c716174ca267915b9103e9623d3d7e643f88d2bb3997f0","size":1622,"data":"","first_seen":"2024-01-31T06:36:47Z","last_seen":"2026-04-05T04:58:55.073774Z","times_seen":497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFLeftBox/625087","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","size":49,"data":"","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"182.61.244.229","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"89tongji.com/tj.js?id=51","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"94.156.119.89","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f07ff5c725cf522be1b083a9b6f5336","sha1":"b0ffdc146c81f8f338c360caf95bc9ee4576fc2c","sha256":"b9c04e61073b0a84b5a410332017bc6c50fd1a123e95fc96b51f5c15b4eca565","sha512":"0a1aace160ca503acee8c1665063f5e03bc18b6799bbd69ddf070b1c0edff1c384a98f566eceab859bc2f3db39c1530e35d6143642adaee00e50ba4b25916826","ssdeep":"","tlshash":"3df020101d9f6efc2129217b2dbccd7e33bf342ea0a1c0407e80d41565f2ac189483c8","size":533,"data":"","first_seen":"2025-10-20T21:30:04.145942Z","last_seen":"2025-12-17T06:35:43.56554Z","times_seen":774,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"1058b4e5f02fbeccc2907b070c451119","sha1":"fcc2c2fd7a8a4ceb25f8c9bec54eda869e34605f","sha256":"efcb22dc152b256ee7a6600e505de70977024f8e97ee900615faf9371aa46fca","sha512":"a860b8f7f6d8eb92913b620fb3c0364b1ad5bf52c921842a8228b423003b3b18b8db4878543376a7dc974965834c8cd95dfd6717a4fc62b84248adfd3665b906","ssdeep":"","tlshash":"c9f005111ddf5dfd662a627b6dfccd1e73ab241d90b0c0407d80d41575b19c189482c8","size":508,"data":"","first_seen":"2025-10-20T21:30:04.189315Z","last_seen":"2025-12-17T06:35:43.622623Z","times_seen":774,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4d14415e19c22cec55e1f6184cf3bff1","sha1":"76f09bf3037a2de1695e2c4ea49c94c181416153","sha256":"09f90dcb2f46cbf260aea52da1b2cf44ac9ca2a9b8644874eaa252d65ad54502","sha512":"0af3dc47020dddd0dbf7c5eb7bd6fc850dc3f02615cf8acaba854fe209b9a54cde69128b4fd4f8c339c4c22054b8576f61dd3b81af49200afe533551a86feb3e","ssdeep":"","tlshash":"e6c02b835d01c84942004ac4d0a2fc2cd090f0398514dc8dc0d034cc21c05d90c011c4","size":133,"data":"","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.383121Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d28295656310cc32b9b6e3a158ac80a0","sha1":"c046c59fd288b03485bc89a4a49c5860532f1aea","sha256":"6d91f6d536f82efa681bf25e41e84f5ef4650edcff3075d422c56f3ede52b505","sha512":"790623ba51f5336bc05c0bd540b218fd43c1854ccf6db8b02830f98ce563c6df1a35ccbba3dc9cb72f224349199fa3aa1dfb62f9980dd611f912648240591968","ssdeep":"","tlshash":"ded0979b9d030140742c32d0b092eb3743e2050e7fc20f3425ee587cfa00269c4d20a7","size":245,"data":"","first_seen":"2025-10-24T03:58:52.782914Z","last_seen":"2025-10-24T03:58:52.782914Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c3ca4ba6c01c13e6a51ee2c51ccf2d3d","sha1":"41566e9de7847112faa799e017e327b75437bc8c","sha256":"b38f5e3a240aadf59d384c57c408422f1364bde5c499f33ebae59e35ef59abc6","sha512":"d883779ce9b2c6c1c96dce5b9d9535dbdf7cdcb8240801957879c9c9aface04d46970b5238ace6acad7b72532f7b67e433974b14350ec504d59ed680996ffe91","ssdeep":"","tlshash":"aef046771a81580e6370c235f8dab495e8429587866c9896f08831df1ff0f68d4d329d","size":605,"data":"","first_seen":"2024-12-18T10:35:23.553201Z","last_seen":"2026-04-04T22:13:19.184035Z","times_seen":109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4948e87ff90354f9aa958fe3aae5ee9f","sha1":"49a5806481fc3de5de79121750759ad03fee7200","sha256":"d9e8faebcefb68e7ccd4a16e07a49a81692e052c51d869cda30c24615fc2e260","sha512":"ce3980a744ed9afb1d494e387693e29060e0b75204b19c029016e39dfb6176e255a48bee3dd25249e2edede9686eb677522435be416a45a9bb228a78936666cb","ssdeep":"","tlshash":"9ff09eae6c41e9545ad3249897efd24cd15e00281009c417a5d9c8cd3d38fd50c2574c","size":508,"data":"","first_seen":"2023-06-17T18:58:05Z","last_seen":"2026-03-29T21:47:46.968596Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"942e6edff2788cfd48e26d8c86db2d92","sha1":"f69a51428cd37285b10fe17d180bd9fc63a4b680","sha256":"7fad5c31f3949d4d1b44af2059dc59033361b8194de6d92575802c969edd4b25","sha512":"dd591396f6bcdf57b3207bc736208da9ca432e3f5e6da5a680622fa0de3aee9cb41ef0acc464014683add1d09cee61de2eab8aab79bc2ef7b2786ed78bd38357","ssdeep":"","tlshash":"acf097ae9c41e6685bd269a89bbbd28cc06e0025500add47b5d6dccd3c38fe80c2534d","size":508,"data":"","first_seen":"2024-08-19T14:43:35.360974Z","last_seen":"2026-03-29T20:57:38.568084Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ced45f00ebb2e79b6c6a66647bd89fbc","sha1":"0525aaba011f7b314a407d666e5fad6a61370fbc","sha256":"8da60e60c86598053d45c148804f4b0875c5ad94b1e765df389e3f5ef4283904","sha512":"7502d1edb7d811b367aac6f9b0d4741ef7ad65cf67945988b4c4fd36f1639bda25fdb7cf2c2781e641e17042b647092aec0cf31d5c902085a42c40fdd431685a","ssdeep":"","tlshash":"94a022033e02c088ac0200ebb0b0f83cf0a33820a882ec0cccf000282cb33ccce00002","size":78,"data":"","first_seen":"2023-11-23T05:47:09Z","last_seen":"2026-04-02T16:01:36.424947Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"img47.chem17.com/2/20240724/638574349177689440403_500_500_5.jpg","fqdn":"img47.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574349177689440403_500_500_5.jpg HTTP/1.1\r\nHost: img47.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":607,"timings":{"blocked":0,"dns":2,"connect":293,"send":0,"wait":0,"receive":0,"ssl":311},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/flbtbg2.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.796Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/flbtbg2.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6513\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache54.l2cn1823[18,18,200-0,M], cache21.l2cn1823[19,0], kunlun1.cn6425[36,36,200-0,M], kunlun4.cn6425[38,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782809354650e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 119 x 179, 8-bit/color RGBA, non-interlaced","md5":"102ddad9d6e5308044e5fb01afdcf994","sha1":"325342b21806f92d5c495190ee4e7cd0aab0d1cf","sha256":"dcfa4a4b2ebab065e025dd556103ca6817893108bd661f2a0621abefdfc163fe","sha512":"c8e81702089898407cbc2a606700af50708d3e9648956ffb509cdcc1d385f01e52d0e19c7b4f48fb9428ec2eb6be25addb38ec4aec382dc89a9be24ad8b922e0","ssdeep":"192:ZS87F8knEbsigoFp1BSg73JmB3UyA1n2ri/p5a7o+:A8NnEAfoFp1BLC3UFMriH5+","tlshash":"dfd18d0def926a2017dcad95fa99808316771f8092c370c02ccedc4628a44fbc91d6c6","first_seen":"2025-03-09T15:25:07.23129Z","last_seen":"2026-03-20T10:57:50.309523Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1322,"timings":{"blocked":789,"dns":1,"connect":247,"send":0,"wait":283,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.116581+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2007,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://wap.qovwe.com/","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.211Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://wap.qovwe.com/ HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":3,"connect":200,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/style1.css","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/style1.css HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 24 Apr 2023 11:24:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"644666d1-2acf\"\r\nExpires: Fri, 24 Oct 2025 04:58:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10959,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (465), with CRLF line terminators","md5":"9dcee9f3e3a9adc3a8fd044d18aff03a","sha1":"222a22156013ec694b2088c0a92e22e95cadfeb0","sha256":"53143bf9cab52824338170fc6c349fddcec4f52dd1cb999c83f7865365445d8a","sha512":"782456493e261dc963ab94961e51482abd496641b98dc345b87bd8f6d220abddc3b747fd3bad55aefc2d89435f82eccb5bb08438ad29379d05b1094c0c2445e9","ssdeep":"192:YttDBv+hilwO09z0GgvfmLkyGtKwk6NxCiGgxE3M3EEVuo0Kkzxl8AjnHI0rGLd4:YttDBoilwO09z0GgvfmLkyGtKwk6NxCp","tlshash":"48327b2b9340288f745bc77868d77599f639c064fe3dd95ea31a33a6422298e1037fc5","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.057064Z","times_seen":1714,"resource_available":false,"data":null}},"time_used":1987,"timings":{"blocked":851,"dns":28,"connect":273,"send":0,"wait":274,"receive":0,"ssl":558},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/26_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/26_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 22936\r\nLast-Modified: Thu, 29 Sep 2022 10:16:32 GMT\r\nConnection: keep-alive\r\nETag: \"63357080-5998\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22936,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"ce42bf92c86c558c9b16045328f51abe","sha1":"8775d77ae4bfcb40285876e6e99c9fd238df4976","sha256":"627bdc513407920656341f0c334ef6eda80604e98f0f1b706960b76e25946095","sha512":"5dae7dfb4049db9988cae7ac255673eb754b5a5dbcd4a4c232bdde49b1cc6b6199f573379f5fa3a949e873b632c611185e6b1ae8b4b2d473700e34ede43f8c1c","ssdeep":"384:096JUHVMtZg3jGr23KkaFRLg4vjSu8jQShAr6HYEFaJip92nXpuwyD71NCLK2ihG:E6JU1MDgCDNFaMjvkmgkO92n5uwyD71E","tlshash":"77a2d0e7e64141ced83b7375be805f08f60f1726f2557edfd8a26677e2928d50444228","first_seen":"2023-05-07T19:08:48Z","last_seen":"2026-04-04T22:45:47.070459Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":598,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":597,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img41.chem17.com/2/20240724/638574366115012064874_500_500_5.jpg","fqdn":"img41.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574366115012064874_500_500_5.jpg HTTP/1.1\r\nHost: img41.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":602,"timings":{"blocked":-1,"dns":1,"connect":297,"send":0,"wait":0,"receive":0,"ssl":304},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/5_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/5_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9132\r\nLast-Modified: Fri, 22 Oct 2021 07:29:28 GMT\r\nConnection: keep-alive\r\nETag: \"61726858-23ac\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9132,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"a0175d738a1002bc3533d496bfd4cc8d","sha1":"82a4b1d855e51c2f3be325f5f3368cc254934479","sha256":"908a0f4cf34ca2dd0e638ef1bf08f637a29757610ae1b65628ab8cbb22345a5e","sha512":"c115e96a214f15a90c0f66db5b514431ff4577a4f80ea1ae01afae1cc49b65dc37c0fa5d34e10ec477d9a21c78d38b9405eef4cd04a01475bd2365542366954f","ssdeep":"192:/+kSJEbg/KDV2kjb3q3/damug8BGUJYx3fxGD:2GgmVpjb3qvda1gRyYXK","tlshash":"2e125b29b2013becef6fed5311f2d772e73580b2b0b9d6061cbd45530d691906005bd9","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071897Z","times_seen":1334,"resource_available":false,"data":null}},"time_used":720,"timings":{"blocked":422,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/flbtbg2.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.380Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/flbtbg2.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/flbtbg2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6513,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/indbkbg.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.679Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/indbkbg.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 4526\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07dd5319adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache34.l2cn8003[11,11,200-0,M], cache51.l2cn8003[12,0], kunlun5.cn6425[27,27,200-0,M], kunlun1.cn6425[29,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00b17612782805306221e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1100 x 92, 8-bit/color RGBA, non-interlaced","md5":"1ec6c5a407b74f7a61ddf2e9d27ad18c","sha1":"a1b3983c2ef438ebf7888e7e9986a4ea6d98a9ef","sha256":"6026acd143831660c8808a13e1b6e0c377e51ca9462e4f4a395e30e03e7b2ba0","sha512":"1d414c048b713871685babf1c55700472799593996e4298680b52ff4249f1c7568bdf41e966b06a249f3d061b30b9a94eedde4095020451d6e6592ae8e155220","ssdeep":"96:3SYo7FmWlknNJh9mR3Ho/HzNGruZmGpiJWnm693drlwjBtWA34ZMb539osO:3SN7FrknwI/T4TWm6fr2alSN39osO","tlshash":"e7912a84ec839ca2490db14a59fc90926ab34ec94d41389d6fdddc076d248e5eecd6c7","first_seen":"2025-03-09T15:25:07.218972Z","last_seen":"2026-03-20T10:57:50.329833Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1037,"timings":{"blocked":759,"dns":0,"connect":0,"send":0,"wait":277,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.010979+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indbkbg.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":4526},\"files\":[{\"filename\":\"/Skins/625087/images/indbkbg.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":4526,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":31,\"bytes_toserver\":2550,\"bytes_toclient\":38181,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/stat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8\u0026httpreferer=http%3A//wap.qovwe.com/","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.chem17.com/asyncstat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8","date":"2025-10-24T03:57:59.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /stat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8\u0026httpreferer=http%3A//wap.qovwe.com/ HTTP/1.1\r\nHost: www.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.chem17.com/asyncstat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: Tengine\r\ncontent-type: text/html\r\ndate: Fri, 24 Oct 2025 03:57:59 GMT\r\nvary: Accept-Encoding\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=gvx2qbv5kuui4zxprrhlfnci; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_gvx2qbv5kuui4zxprrhlfnci=10.115.3.113:9717; domain=.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.25\r\ncontent-encoding: gzip\r\nvia: cache55.l2cn3021[40,40,404-1280,M], cache16.l2cn3021[40,0], kunlun9.cn7174[46,45,404-1280,M], kunlun9.cn7174[47,0]\r\nali-swift-global-savetime: 1761278279\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-error: orig response 4XX error\r\nx-swift-savetime: Fri, 24 Oct 2025 03:57:59 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921d17612782798854324e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":3692,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (835), with CRLF line terminators","md5":"b2ec41e5f7ad2dac938cf4389bd3a954","sha1":"b4e2fc5408115edcc4c9c4d8e43f6dc57b3f60e3","sha256":"7f7d769ec6cc6e43ad7b71ae9a9889cd2e321689f98505d4d36e95ce874441f1","sha512":"e33427429df1c473c44364a068fc778980f05322dff385cd001b75d4460eec3ef5aa57315ffebc7bee6512857d09aa1b6072cef15782a9672e2437a05f28b6f8","ssdeep":"","tlshash":"2771302155c7213ab237c5e36863764cf996868ba6014b68f1ff36e79f9b5ca5023500","first_seen":"2025-08-30T04:25:16.913929Z","last_seen":"2026-03-31T20:45:38.076178Z","times_seen":147,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":316,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/artico.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.387Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/artico.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/artico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":642,"timings":{"blocked":388,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/footli2.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.389Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli2.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/footli2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":389,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img60.chem17.com/2/20240724/638574351322172864510_500_500_5.jpg","fqdn":"img60.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"218.60.101.80","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.892Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574351322172864510_500_500_5.jpg HTTP/1.1\r\nHost: img60.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img60.chem17.com/2/20240724/638574351322172864510_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 7d8167a91f572fd151d1bca51c85d153\r\nvia: CHN-LNdalian-AREACUCC6-CACHE6[3]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1825,"timings":{"blocked":1065,"dns":213,"connect":272,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/arrows2.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.358Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/arrows2.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/arrows2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img41.chem17.com/2/20240724/638574366113918268114_500_500_5.jpg","fqdn":"img41.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574366113918268114_500_500_5.jpg HTTP/1.1\r\nHost: img41.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":10,"dns":0,"connect":253,"send":0,"wait":0,"receive":0,"ssl":265},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/jquery.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.854Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:57 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 718\r\nLast-Modified: Thu, 15 May 2025 13:18:07 GMT\r\nConnection: keep-alive\r\nETag: \"6825e98f-2ce\"\r\nExpires: Fri, 24 Oct 2025 04:57:57 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":718,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (718), with no line terminators","md5":"a75ada17c3011458d74a0e4c5cc17ffa","sha1":"8e57d597b1caeb46af5a4578034187eda8bf8b26","sha256":"8056951f7605e0cc00e96769abe87124de09d74273e83efb7992dddc056390ce","sha512":"b56551f614e99478ac6a0e273fe4bb4b796c29e118732b903d11ec3dfc8368f0872386a3970dad897a0b5dceb21adb5557827c6dad66a642480a1f52c45fef4e","ssdeep":"","tlshash":"d30181d8c7c4d89baecc5e43ea24deca25b3813b97d832838318fe8c01ad157c89c049","first_seen":"2023-03-07T12:26:46Z","last_seen":"2026-04-02T16:01:36.350899Z","times_seen":124,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":164,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/css/swiper.min.css","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.861Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/css/swiper.min.css HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17483,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (17459)","md5":"38e4982a90c5d5bdbdeffe240a2bfc19","sha1":"a03a3d806f0a0d77278dbd3cab61a8d1765c5878","sha256":"513d915b018f385bcca60beb2c167297dfb701bac48ef65274b3eb58460b4b67","sha512":"9696c4d5c02839aa27e1ab9512df2c01eea678655226c40c121ecf2844968461636bb49218b1c009c63106a7b6d1ee4cd3b4d25f38a8dfc31db418247519f013","ssdeep":"192:b+0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:b+52CXfgWHfyXyzSl68Pe","tlshash":"6672822c17002067f6324f1987c9e77c9715c8839e4368ef6650de48cbba5a9227f7a6","first_seen":"2023-05-10T09:17:05Z","last_seen":"2026-04-04T05:59:34.946491Z","times_seen":245,"resource_available":false,"data":null}},"time_used":340,"timings":{"blocked":145,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img47.chem17.com/2/20240724/638574349177689440403_500_500_5.jpg","fqdn":"img47.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"106.225.240.24","port":80,"asn":134238,"as":"CHINANET Jiangx province IDC network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.881Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574349177689440403_500_500_5.jpg HTTP/1.1\r\nHost: img47.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img47.chem17.com/2/20240724/638574349177689440403_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 49e2bc9a04c0823c3bc0ae82345710fc\r\nvia: CHN-JXnanchang-CT10-CACHE15[0]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1826,"timings":{"blocked":1077,"dns":212,"connect":268,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img41.chem17.com/2/20240724/638574366115012064874_500_500_5.jpg","fqdn":"img41.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"218.11.1.241","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.889Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574366115012064874_500_500_5.jpg HTTP/1.1\r\nHost: img41.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img41.chem17.com/2/20240724/638574366115012064874_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 0bfc69f02831f551110a821a5f0c298f\r\nvia: CHN-HEshijiazhuang-AREACUCC12-CACHE62[4]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1723,"timings":{"blocked":1094,"dns":184,"connect":220,"send":0,"wait":224,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/hengf.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.894Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/hengf.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/hengf.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42508,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1252,"timings":{"blocked":1063,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/flbtbg1.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.378Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/flbtbg1.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/flbtbg1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pinganfafa.com:25858/fcl.php?keyword=3308%E7%BB%B4%E5%A4%9A%E5%88%A9%E4%BA%9A%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B%E4%B8%AD%E5%BF%83(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026from=pc\u0026originUrl=http%3A%2F%2Fwap.qovwe.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=2618","fqdn":"pinganfafa.com","domain":"pinganfafa.com","tld":"com"},"ip":{"addr":"143.92.57.25","port":25858,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pinganfafa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 13:14:50 GMT","end":"Mon, 08 Dec 2025 13:14:49 GMT"},"fingerprint":{"sha1":"51:0D:6F:EF:7F:BB:C7:1D:F1:44:1C:A3:C2:F7:5D:7D:12:5E:74:8D","sha256":"08:65:2C:AD:3E:95:EA:30:AC:57:A7:A9:8F:16:00:3B:9F:CF:2E:F8:26:69:6C:72:28:8D:7A:0F:0D:07:80:8E"}}},"request":{"raw":"GET /fcl.php?keyword=3308%E7%BB%B4%E5%A4%9A%E5%88%A9%E4%BA%9A%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B%E4%B8%AD%E5%BF%83(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026from=pc\u0026originUrl=http%3A%2F%2Fwap.qovwe.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=2618 HTTP/1.1\r\nHost: pinganfafa.com:25858\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://wap.qovwe.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2995,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"8dd7ae4b88b5552d5957e0c0a604008d","sha1":"126a3cf0949f3e63abc010449db8d448393ec83e","sha256":"49871461a65919bc59a8ebf4c1114792155db1a47fe91b623b44c239b306ee9f","sha512":"059d72b3078e2489a0dd76f4655aa0dcb1cc08afd8444be7f54bfcb775456b187a28115fce0b7ff6aa1efc30aca8b89533a3a1b9a01bc6846483fd509aa9ec6f","ssdeep":"","tlshash":"7951adf793c908620a73c2e6b6a07778fce3804fde559982f46d125b0b74e51b443a4c","first_seen":"2025-10-24T03:58:52.705623Z","last_seen":"2025-10-24T03:58:52.705623Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1215,"timings":{"blocked":-1,"dns":59,"connect":282,"send":0,"wait":300,"receive":0,"ssl":574},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFCenterBox/625087","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /chat/KFCenterBox/625087 HTTP/1.1\r\nHost: chat.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 49\r\ndate: Fri, 24 Oct 2025 03:57:58 GMT\r\ncache-control: private\r\nx-aspnetmvc-version: 3.0\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=05h5p41jzkdpbystp0ggpa0x; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_05h5p41jzkdpbystp0ggpa0x=10.115.3.111:9720; domain=chat.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.165\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nvia: cache40.l2cn8123[69,68,200-0,M], cache49.l2cn8123[70,0], kunlun6.cn7174[80,80,200-0,M], kunlun3.cn7174[82,0]\r\nali-swift-global-savetime: 1761278278\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Fri, 24 Oct 2025 03:57:58 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717612782787284956e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":49,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"resource_available":true,"data":null}},"time_used":1446,"timings":{"blocked":727,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":360},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img55.chem17.com/2/20240724/638574355824476962591_500_500_5.jpg","fqdn":"img55.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"61.54.86.137","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.885Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574355824476962591_500_500_5.jpg HTTP/1.1\r\nHost: img55.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img55.chem17.com/2/20240724/638574355824476962591_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 5faeae062ed4a56c1f8f789235ce8a9c\r\nvia: CHN-HAluoyang-AREACUCC7-CACHE11[6]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1828,"timings":{"blocked":1159,"dns":123,"connect":270,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/morejt2.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.806Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/morejt2.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2742\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80409f339adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache67.l2cn8813[15,15,200-0,M], cache25.l2cn8813[16,0], kunlun6.cn6425[32,32,200-0,M], kunlun7.cn6425[33,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782821436006e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"64d50a7e5f4df019d2d2aba0bde8cd28","sha1":"32535dbd6e969f1a42fc22335d1fb25449728b25","sha256":"2d784e9a870833dcf327f2d68353df0d0d4c19a056b66809da7a19718a002a17","sha512":"1b46780c3e1a88fa5bdc48adbf364a7f3662e386594dc6f11d99e6ca6fadaf949185cccf08343fd1ba668158a0a7cb237eabc3dd21a355a6df1cb983ce575461","ssdeep":"","tlshash":"4e510c0dfc6068515a4ef989d9fc924297b71fc08e6168499ecac8135d604f9cdcd9cb","first_seen":"2025-03-09T15:25:07.225187Z","last_seen":"2026-03-20T10:57:50.310609Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2520,"timings":{"blocked":2252,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.599748+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2742},\"files\":[{\"filename\":\"/Skins/625087/images/morejt2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2742,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":18,\"bytes_toserver\":2522,\"bytes_toclient\":16565,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/mulu2.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.276Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/mulu2.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1888\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80409f339adcda1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache32.l2cn2655[50,49,200-0,M], cache29.l2cn2655[52,0], kunlun5.cn6425[75,74,200-0,M], kunlun7.cn6425[77,0]\r\nAli-Swift-Global-Savetime: 1761278281\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:01 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782818325509e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1888,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"eddd0f849fc1c7829832b6f9e8fb4fd9","sha1":"2f8a652e625775bf7a3698f81a0300fef7135d8e","sha256":"6416a6887e980be9597039e8582579cbacfd3f1294ddbd13186aef108d9d7de8","sha512":"1055e73c87f1aae96da68ff07fee60d28f5de434888f7caa91fc8ea93d1bd6dd67c9a75927981f88642b45568f67372b4f08306bff5850d3136ceacfa147d94f","ssdeep":"","tlshash":"be417789f910ec52694dea86bce6a1472b375be185e7b4117cc98c0b14b20f9cd1ecd7","first_seen":"2025-03-09T15:25:07.220556Z","last_seen":"2026-03-20T10:57:50.306774Z","times_seen":15,"resource_available":false,"data":null}},"time_used":1781,"timings":{"blocked":1459,"dns":0,"connect":0,"send":0,"wait":322,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.057848+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":12,\"bytes_toserver\":1432,\"bytes_toclient\":12318,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/banner1.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.875Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner1.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/banner1.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":41332,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1270,"timings":{"blocked":1082,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/indbkbg.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.370Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/indbkbg.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/indbkbg.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4526,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/morejt.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.375Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/morejt.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/morejt.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/morejt.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.680Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/morejt.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2464\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80409f339adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: ens-cache8.l2cn7147[30,29,200-0,M], ens-cache1.l2cn7147[31,0], kunlun8.cn6425[50,49,200-0,M], kunlun7.cn6425[51,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782809003670e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2464,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"c831edb956d626cfd991255b172797ae","sha1":"7254408fdec4f8b94a8fb6c4d7b2b90037bb742d","sha256":"29de051144a5f54260ee9b44dc18adb12f155353062bd7439efe0a5b3735266c","sha512":"39d723aedaf152ed101494f9b253c008fbaf37d14b0155d049b12965cb4d8da2cf4066328f1d8a324b02157df41db4ccb28fbef0d9d4d0ab6b56d06eb7fb8c75","ssdeep":"","tlshash":"3b514309bc516c911a0ef58a9efc524397b70fc08f52541aaeddcc525d204f98edd5cb","first_seen":"2025-03-09T15:25:07.227511Z","last_seen":"2026-03-20T10:57:50.320484Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1412,"timings":{"blocked":905,"dns":1,"connect":227,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.092649+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/morejt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":612,\"bytes_toclient\":2447,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/1_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/1_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9995\r\nLast-Modified: Fri, 22 Oct 2021 07:29:22 GMT\r\nConnection: keep-alive\r\nETag: \"61726852-270b\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9995,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"b28d56b08ae1c39178b7ed387cfd1297","sha1":"e1eede6d5d7351d6e98b7afb188c6e1615233027","sha256":"ef09e72ae4d2d62570afb35c6b39a540b3f52db05b3e5e8e8c4cf81c5ff15810","sha512":"e1f4351e2077a20e516a77161dea0f713134f9dce57744a808c7e6ba341a2edb96c30f0bd3c0b790d044fd129caf460d76c1211faad3e2d990f9c1bc1515aafb","ssdeep":"192:g0JO5368nQnrIOA7ob5HWY9Udd7iaNDHecz3avA7ofV:giO5368nC0O+o4C6dnNVrav8ofV","tlshash":"46228c386a36138bd4ce1da2e1fc16e343778b42148a51b9f5b5c5c315333a430a6eee","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.071438Z","times_seen":1347,"resource_available":false,"data":null}},"time_used":2021,"timings":{"blocked":862,"dns":1,"connect":289,"send":0,"wait":287,"receive":1,"ssl":578},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/kefu.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.008Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/kefu.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 14606\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:39 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80136e329adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache60.l2cn8047[35,34,200-0,M], cache59.l2cn8047[38,0], kunlun10.cn6425[64,64,200-0,M], kunlun4.cn6425[66,0]\r\nAli-Swift-Global-Savetime: 1761278281\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:01 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782818286253e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":14606,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"16658b683d9a02bebe05eb5cde7a0777","sha1":"6adff7842cd7dd643d3586ef4ba951035f6026a7","sha256":"b4879663ffec007ad7e56832c8463ee3a0cfaaec037516fbc4c84ce58155fdda","sha512":"936028030ec1ad0950b85fb4a9a20718e32f7a12f11744301c0216fa38741470fb9f3e76c6eea44b1e8889c17aeec4b049f90ce32b0f6dda8e9fec7fe0756c15","ssdeep":"384:QaDnEBgLk55MB6VzHFS5nRSllkWvmMZ64iIJW1sP/RA:VDEw6BeAlkW64LAqPi","tlshash":"2662af41fd230844834aee00a5cdd297ab17138ddbd1e1456ac6c8276f326fd8c5ee9a","first_seen":"2025-07-14T20:47:05.299597Z","last_seen":"2026-01-26T20:16:24.705594Z","times_seen":12,"resource_available":false,"data":null}},"time_used":2050,"timings":{"blocked":1728,"dns":0,"connect":0,"send":0,"wait":302,"receive":20,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.038364+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1377,\"bytes_toclient\":10087,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/2_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 11115\r\nLast-Modified: Fri, 22 Oct 2021 07:29:25 GMT\r\nConnection: keep-alive\r\nETag: \"61726855-2b6b\"\r\nExpires: Sun, 23 Nov 2025 03:58:03 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11115,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"088afa1a19d8f98fe3808e2471d9666e","sha1":"c5580afe6796b562e0cb6ca80516f4fb57504a39","sha256":"e311225d391d6c060f288026fcaf5f70c87230a6a86b16f7acf36e33c29ae14c","sha512":"42258aa415ece74bb59b31813b3bec7c2e39c8d638224e147ff77ca357c63a8f2d9fcc6dada5c4845d38ce450e13b6195274f8b6ffcc7231a18e5e932ad010b1","ssdeep":"192:mE56ohr2Gml8mR9gSc/ucAtPrmZo7/KKmUWNLnWk91PNu/Hm9kzJ:SoJs9EgDmZ0QhNykVuO4","tlshash":"70328e3d6bb1571ae187ec3370ba83ab596e20c1f14f3035b632caeb45751913742d99","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.069306Z","times_seen":1329,"resource_available":false,"data":null}},"time_used":1384,"timings":{"blocked":1108,"dns":0,"connect":0,"send":0,"wait":275,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img42.chem17.com/2/20240724/638574372014691567257_500_500_5.jpg","fqdn":"img42.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"106.225.240.24","port":80,"asn":134238,"as":"CHINANET Jiangx province IDC network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.886Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574372014691567257_500_500_5.jpg HTTP/1.1\r\nHost: img42.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img42.chem17.com/2/20240724/638574372014691567257_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 34a45ce668a44514157ebd2e6a88e868\r\nvia: CHN-JXnanchang-CT10-CACHE10[4]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1760,"timings":{"blocked":1121,"dns":162,"connect":236,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/arrows1.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.356Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/arrows1.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/arrows1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/customer.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.895Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/js/customer.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3883,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"cf45486f36fa46a4b8935adfb7b98079","sha1":"3ca5dcce696db8b2fb47249ca97781c8eefd0703","sha256":"9a8edece99ac33fd722a441e6fb87c04bf6ec46e344c6e7074fdea3cbc2d0a7e","sha512":"4baf16d3017de9a4f8f350d629afe1b7b26df7cdce6249fbfe794fef2f3f91b1841a4ade935db13af7829d7306e9fa979b964508e055868f710450800d48c5a3","ssdeep":"","tlshash":"f5811085d25cb43a42b7677b093f30928e0a0187d4ca58f2f5be5154cfa822d65b7fb0","first_seen":"2025-03-09T15:25:07.247169Z","last_seen":"2026-03-07T04:19:34.372668Z","times_seen":20,"resource_available":true,"data":null}},"time_used":465,"timings":{"blocked":110,"dns":1,"connect":163,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/hot.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.313Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/hot.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 3058\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:38 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07dd5319adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache63.l2cn3130[12,12,200-0,M], cache24.l2cn3130[13,0], kunlun4.cn6425[33,33,200-0,M], kunlun4.cn6425[34,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782802483179e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":3058,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 38, 8-bit/color RGBA, non-interlaced","md5":"607e5a648c5132e67321e9488ab589a1","sha1":"299635e57a3dd5f5f8dc6b5b17d4f43f2cb9f9bf","sha256":"8dc7b5f346c0b9666b7122e180d507492acc1c219bdc903ee00866557387d655","sha512":"ca58b9f8f218d690d300bf985863acb48c6735f74170d838e36113228c2bb9c4cb3fc5521331d786cbdaa06fa26e091c21ff9b3030bc525bc19086545d4b22ca","ssdeep":"","tlshash":"5651c709fc1258914f1dfb8996fe918387b31ec48ea294196eddcc121e208f99d8d9cb","first_seen":"2025-07-14T20:47:05.250067Z","last_seen":"2026-03-07T04:19:34.406187Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1124,"timings":{"blocked":-1,"dns":602,"connect":243,"send":0,"wait":278,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.430979+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hot.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":609,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.chem17.com/asyncstat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8","fqdn":"www.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.112","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /asyncstat.aspx?u=dlchuangrui\u0026referer=\u0026title=3308%u7EF4%u591A%u5229%u4E9A%u7EBF%u8DEF%u68C0%u6D4B%u4E2D%u5FC3%28%u4E2D%u56FD%29%u6709%u9650%u516C%u53F8 HTTP/1.1\r\nHost: www.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 542\r\ndate: Fri, 24 Oct 2025 03:57:59 GMT\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=t5rqnv1f3lanxzk4p3ht0m1l; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_t5rqnv1f3lanxzk4p3ht0m1l=10.115.3.114:9717; domain=.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-hg4.21\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;\r\nvia: cache32.l2cn3021[68,67,200-0,M], cache62.l2cn3021[70,0], kunlun8.cn7174[74,74,200-0,M], kunlun9.cn7174[77,0]\r\nali-swift-global-savetime: 1761278279\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Fri, 24 Oct 2025 03:57:59 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921d17612782794743364e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":542,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (508), with CRLF line terminators","md5":"0761469a0b391acf3496edbf3133597f","sha1":"49b4c0db6af19c703499a9c57048162b083862c5","sha256":"0ebc6142c77afdd064b9931a830de3284dfff775add3ee7a6c26dda0143dceba","sha512":"c3ed97042b256596fd8f2da74e1a3e4f29214683e33e4bad39b782b74849c1f60167e5a35d91c5d70fd144963cff814efec569069610e9556adca65cd65c061e","ssdeep":"","tlshash":"2bf0c0178c05e2e98c0468ecdeb1d388c04b0f7b3165da72a127109532115b7b4ac9db","first_seen":"2025-10-24T03:58:52.724189Z","last_seen":"2025-10-24T03:58:52.724189Z","times_seen":1,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img60.chem17.com/2/20240724/638574351322172864510_500_500_5.jpg","fqdn":"img60.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574351322172864510_500_500_5.jpg HTTP/1.1\r\nHost: img60.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":614,"timings":{"blocked":4,"dns":0,"connect":302,"send":0,"wait":0,"receive":0,"ssl":308},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/mulu2.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.093Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/mulu2.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/mulu2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1888,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/flbtbg1.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.680Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/flbtbg1.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 8691\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-114.4.179\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache58.l2cn8045[37,37,200-0,M], cache49.l2cn8045[39,0], kunlun10.cn6425[71,71,200-0,M], kunlun7.cn6425[73,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782809123699e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":8691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 165, 8-bit/color RGBA, non-interlaced","md5":"3cece6dd8e07bd31d6eaf22b0bbbea77","sha1":"8abbe997fb0eb2b83919d569087af5750d4a1a65","sha256":"7f622ddebc9d52e35bdc347ec3c5bb1585f74469719c71cf227cc2266a3b6895","sha512":"63a1d9043818e0d61b647e8520d8e00796ec48dd98bb4e8924e24d4aa760a96a732e63c4fbe1b8c657e3aa19fa2aa4b2ac3a39f139a449a77560e01c68d0e286","ssdeep":"192:VSr7F8knErDDig0Cg97CBk/XfjTgiuf+6I63q/Exnix2ZEaO:0rNnEbf0Cs7ES7TgBftq/Ec8eaO","tlshash":"8c028d08efe0281489ced9b6bdfdd59b26335a80d6e28000fccd8c0634551b9d55ebdb","first_seen":"2025-03-09T15:25:07.219889Z","last_seen":"2026-03-20T10:57:50.297275Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1455,"timings":{"blocked":905,"dns":1,"connect":233,"send":0,"wait":314,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.133538+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/flbtbg1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2442,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/indnew_bg.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.808Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/indnew_bg.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 108281\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:39 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80136e329adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache14.l2cn2647[20,20,200-0,M], cache40.l2cn2647[22,0], kunlun9.cn6425[30,30,200-0,M], kunlun6.cn6425[31,0]\r\nAli-Swift-Global-Savetime: 1761278281\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:01 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01017612782818325009e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1000, components 3","md5":"96f0c31c06171e79f85eef31c2cb7164","sha1":"56720360680ea1c34854b391810c1d26b3376f22","sha256":"f5b0b25d9c674106c99c9b3a525eeeb54b99aa54fdfa8c40236f7bc38c9033a2","sha512":"a49fcfa65a38143a76fb502535cfcb2246b4e7e1a3eda80eee44b0fafd9e1c1042546d815e8cd4491905d58e84ff93494ba087eca2e5ccda3d7a300e0650d319","ssdeep":"3072:N0o1FdMTq7K2r/y9TtGZAPuaU4H1hZkE2:NZwwFy9TtGZRaX1hZe","tlshash":"78b3128b0f63484bcf100a379c5beb13f768d8ea396b051994d6a92b0573538ae2d5f1","first_seen":"2025-03-09T15:25:07.243169Z","last_seen":"2026-03-20T10:57:50.322935Z","times_seen":22,"resource_available":false,"data":null}},"time_used":2678,"timings":{"blocked":1928,"dns":0,"connect":0,"send":0,"wait":270,"receive":480,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.006337+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/indnew_bg.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1206,\"bytes_toclient\":5273,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/mulu0.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.805Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/mulu0.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1915\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:41 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80409f339adcda1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache32.l2cn3022[24,25,200-0,M], cache9.l2cn3022[25,0], kunlun4.cn6425[33,32,200-0,M], kunlun6.cn6425[34,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01017612782809173392e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 31, 8-bit/color RGBA, non-interlaced","md5":"ecc7e1803e00fdc502b6f6f63b0fec66","sha1":"c32a08ee6da27babe92dc9de6f0ac671a818e53e","sha256":"f2b4c3f3506100ef8674d52bf491f97e426668d72c0d921ed5cef821f14611c2","sha512":"1c34d93e65bf77ae3ff4f1bc7ea9b6fc4c312b50a3da3b3606509abc01f58ef1703fe0cca9e3c7afd4f2e14a2da897ecf49f7da1dfa7af4d3ebfb4ee18e11f4f","ssdeep":"","tlshash":"2a41848af910bc51584df946bdfba2572b375be186d26811bcca884324b20f9cc0d4da","first_seen":"2025-03-09T15:25:07.224556Z","last_seen":"2026-03-20T10:57:50.327111Z","times_seen":26,"resource_available":false,"data":null}},"time_used":1287,"timings":{"blocked":780,"dns":1,"connect":236,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49390,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.093786+0000\",\"flow_id\":1506700184581225,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49390,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/mulu0.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":611,\"bytes_toclient\":2440,\"start\":\"2025-10-24T03:58:00.586857+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/kefu-tb.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.031Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/kefu-tb.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 20057\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:39 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80136e329adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache28.l2cn8003[96,95,200-0,M], cache3.l2cn8003[97,0], kunlun8.cn6425[111,111,200-0,M], kunlun7.cn6425[112,0]\r\nAli-Swift-Global-Savetime: 1761278281\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:01 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782818225493e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 352, 8-bit/color RGBA, non-interlaced","md5":"e648dfa2af5453b685eaa5bbcb2f0167","sha1":"3984283d711aa4c5e708de9897f7261b51e5189e","sha256":"b1bbda71b09c371b332cc2d35e19261f7890ffad8988cbf4b2a5785ccd390e56","sha512":"eea07a06349ca60e3ead89eeeba915af14a78be3de8e638d3fae815686bf03f942ad09d475e41531fe283b0b795d655bcca0b96905a28b74040a5999d89f60a7","ssdeep":"96:2ScSuYkEWmvo/JbTpMxNX7sc5RlDqVcH7H7Bkr/LBXPdc4XN6Zkjr7H7q:2SjJk6v22pDq6bbBk51TkZqnbq","tlshash":"3c92e82cfef2b2784a99563235c316420f774ac7e7815c80b6de8e15af60bad8c6b541","first_seen":"2024-12-01T20:37:15.574315Z","last_seen":"2026-03-02T03:23:27.650321Z","times_seen":42,"resource_available":false,"data":null}},"time_used":2063,"timings":{"blocked":1705,"dns":0,"connect":0,"send":0,"wait":340,"receive":18,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.076175+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/kefu-tb.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":1205,\"bytes_toclient\":5883,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/swiper.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.865Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/js/swiper.min.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":96097,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"fa463c1f651de45cc98496d25bd18c91","sha1":"354442c52638f8320457ec2410c234fb65a6b096","sha256":"6f27c84b0bd60093b2eeec91c207bcd2b013572839549e243151474b78dedfc4","sha512":"ea568af5d9b2c1fac3f70c7ad3e0cc51df896c22fbc9e0331af3d3e56e3111aa9bec490e01c130727982194411cb32161d6102c2cc84b6cacaa3880a91dae1b2","ssdeep":"1536:dyOkN3TklR3ZIFD7+Y7n2L5ydUTq0tSQfCBTq:QTF73uTqY","tlshash":"5893d66db314f3e295d3214a679ac64122f21706b849dae870b54c4a68bcc5d03bffbd","first_seen":"2023-09-16T23:58:26Z","last_seen":"2026-03-26T10:35:32.902064Z","times_seen":42,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":137,"dns":1,"connect":161,"send":0,"wait":195,"receive":160,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/logo.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.873Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/logo.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/logo.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":30462,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1260,"timings":{"blocked":1084,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/banner2.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.877Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner2.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/banner2.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":41332,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1260,"timings":{"blocked":1080,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/banner3.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.878Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner3.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/banner3.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":41904,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1266,"timings":{"blocked":1079,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/zxbtn.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.383Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/zxbtn.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/zxbtn.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":6189,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":394,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/indnew_bg.jpg","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.384Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/indnew_bg.jpg HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/indnew_bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108281,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/morejt2.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.386Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/morejt2.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/morejt2.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2742,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":388,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img42.chem17.com/2/20240724/638574372014691567257_500_500_5.jpg","fqdn":"img42.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574372014691567257_500_500_5.jpg HTTP/1.1\r\nHost: img42.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":577,"timings":{"blocked":-1,"dns":1,"connect":285,"send":0,"wait":0,"receive":0,"ssl":291},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/js/JSChat.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.867Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /js/JSChat.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1596,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"5122b87041a34991740a2418cf688de4","sha1":"ae0142e84d1e0f3c4749ea58827ae56d2a32fbbc","sha256":"40061d6dc948529ad974ca45b9b63d65ff87037086f65629d1e958cb1de10ccd","sha512":"a96700940fd242137764811caa4748780c79b6925f05ad2b31238126ee24d24ab70c05f0c72de11fde17efd99247a5b3225dbdc708249c59f9b047d5e435a481","ssdeep":"","tlshash":"de31edb24a53931209094ea3c71a134ce267915b9117e8623d3d6d643f88927b7997f0","first_seen":"2025-04-06T23:54:49.048059Z","last_seen":"2026-04-05T04:58:55.064088Z","times_seen":470,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":136,"dns":1,"connect":163,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/arrows1.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.673Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/arrows1.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1360\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:27 GMT\r\nAccept-Ranges: bytes\r\nETag: \"805472b9adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache48.l2cn8047[202,202,200-0,M], cache43.l2cn8047[204,0], kunlun10.cn6425[265,265,200-0,M], kunlun4.cn6425[267,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782818316258e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ca18c3400f1ccb39f1b891a315f9a2b8","sha1":"ca6c69282f82f17db11a115bc1428308b30320e5","sha256":"a799ce0e4e9e26454e8950dabef8eb6725bfb96afd5ac732bbefe9395168d684","sha512":"353ee8aa7765a7d8194f9997950a7be2ec716f1a592d96c887949f6251f066126b2868ffee43f31867c74d5799c989e95281d8378f91a987d3adecf058c32cd4","ssdeep":"","tlshash":"842141defd74d881d5a5a49135f72517e8560e4082e0ac477d8bd012483b0e1b97d1ce","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.032611Z","times_seen":133,"resource_available":false,"data":null}},"time_used":2575,"timings":{"blocked":2063,"dns":0,"connect":0,"send":0,"wait":511,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.246906+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":13,\"bytes_toserver\":1793,\"bytes_toclient\":10033,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/artico.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.041Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/artico.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2706\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:28 GMT\r\nAccept-Ranges: bytes\r\nETag: \"09cdf2b9adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache38.l2cn8045[54,54,200-0,M], cache27.l2cn8045[57,0], kunlun4.cn6425[90,90,200-0,M], kunlun4.cn6425[91,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782823427079e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2706,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 30, 8-bit/color RGBA, non-interlaced","md5":"673e1e71335d50688414e84e7ec3ac8d","sha1":"184273452c6334cc20127b7c8a5e0110fca90719","sha256":"93cb041e55b0b50b58477084dd5a742f490a1ffaf20ee7b121687604c6f5a717","sha512":"1a4553c4c2348911d21da0c64cead29c7f31484a952841076893fa94acffca9b55d092424b5eeb31aff36b4b3a433838554ee531e07861ad2297fb8b5a7d88ae","ssdeep":"","tlshash":"94516106f8a1ac44551df18996fca24357b34ed48ed2285daecd8c020d609edcd8d9e7","first_seen":"2025-03-09T15:25:07.240412Z","last_seen":"2026-03-20T10:57:50.321321Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2545,"timings":{"blocked":2207,"dns":0,"connect":0,"send":0,"wait":335,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.584309+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/artico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2168},\"files\":[{\"filename\":\"/Skins/625087/images/artico.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2168,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":15,\"pkts_toclient\":17,\"bytes_toserver\":2331,\"bytes_toclient\":13707,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/3_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/3_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 8660\r\nLast-Modified: Fri, 22 Oct 2021 07:29:26 GMT\r\nConnection: keep-alive\r\nETag: \"61726856-21d4\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"bd5b31f1e7d18e29d6c10312eb6661da","sha1":"73d597ea109cd53140943270b6629ab8ebd3e69c","sha256":"62f4ab1a75135e43fb19419972b6ec12b8ba3ac8337feae4023bd7b9b0e9d59a","sha512":"eef274c9b0fa072a6039e3bb58653792462653c97df74d609b5f491918d94341af6e11b9f9a396d61cb45d73636a4cade653d36b8dfc8b6c08a42df25326105e","ssdeep":"192:xChGKgyRvOj4GUHxnizS7NobBIEkgOOhyKAKU5ny:kh5OvUHBR7UBhBhGny","tlshash":"8c026c01a6912fdecf4f256365b3c339e6c91d30f062fa692abd54931e125715012b9a","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.070951Z","times_seen":1351,"resource_available":false,"data":null}},"time_used":1984,"timings":{"blocked":847,"dns":1,"connect":281,"send":0,"wait":282,"receive":0,"ssl":571},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/hengf.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.312Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/hengf.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 65600\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache42.l2cn8813[17,16,200-0,M], cache56.l2cn8813[18,0], kunlun6.cn6425[40,40,200-0,M], kunlun5.cn6425[42,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00f17612782802332531e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":42508,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x243, components 3","md5":"ed26550979c82670b6081984d95ae52f","sha1":"0623d36512c6afeae2c6210978e4225a0470a161","sha256":"74bc81349b5b27c8f7a35b7c92d6df4ca69ba022bbe293d8de9005f7b950b414","sha512":"ed0ae6e59d9ccd0f041fc7df943eb362d856be2f8f9402ea637f3746ed7486668026528e818931cdcb3938a5f2596a81a8854068c9e11907b25a50502f459e85","ssdeep":"768:rAsrwzB3DPz+ukp1Fn3Tvn+Pee8z+dGnJXdA4G4/hXrgbiEWX4bfVL2oQ4RLyeIZ:lrYB3Dr+u+19Dv+Pee8wybp0bq47VLLY","tlshash":"5a13f13fb3568173551f3ab214f31c73856942f3afcd0aca88e05906b95a1d1d28b7a7","first_seen":"2025-10-24T03:58:52.742533Z","last_seen":"2025-10-24T03:58:52.742533Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1277,"timings":{"blocked":-1,"dns":603,"connect":239,"send":0,"wait":277,"receive":158,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49336,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.426532+0000\",\"flow_id\":1708009596641518,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49336,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/hengf.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2165},\"files\":[{\"filename\":\"/Skins/625087/images/hengf.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":2165,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":5,\"bytes_toserver\":665,\"bytes_toclient\":4662,\"start\":\"2025-10-24T03:57:59.909550+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/10_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/10_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 13615\r\nLast-Modified: Fri, 22 Oct 2021 07:28:54 GMT\r\nConnection: keep-alive\r\nETag: \"61726836-352f\"\r\nExpires: Sun, 23 Nov 2025 03:58:03 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13615,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x80, components 3","md5":"f860a0ae2877d285a9b6f43db503fb56","sha1":"87decfe2d27573e7644708d1576fa2946316a747","sha256":"d481b75f9bef9a376d5a1fc9a4e320826d6dcfe0d766a83f769db6f32df66009","sha512":"9397bdf16ea70be5bd66e8c0b87cfa9e980f64bf0fd91329466b70d94a730a783b389f709960f97ff138a6cc5f8634090c7c5b280b4975c4b46acbe814759442","ssdeep":"384:b9SWr9C1xUnpYviGg2iEwls3WfltfrXAWi9/sJcRldO:kWr9mxTPils3WfltGswjO","tlshash":"f352aea03afd98feda690bd060881171cb3f019c5e0c472183957169f7a9a6bd46f12f","first_seen":"2023-11-07T02:53:14Z","last_seen":"2026-04-04T19:54:36.523709Z","times_seen":1096,"resource_available":false,"data":null}},"time_used":1423,"timings":{"blocked":1122,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/kefu.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.390Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/kefu.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/kefu.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":14606,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":603,"timings":{"blocked":379,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/banner2.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.309Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner2.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 231855\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Fri, 14 Feb 2025 03:52:21 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80863d9937edb1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache11.l2ea120-8[21,21,200-0,M], cache74.l2ea120-8[22,0], kunlun4.cn6425[31,31,200-0,M], kunlun8.cn6425[33,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01217612782802458386e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":41332,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"26c97c9aa2b91c1a2b2eb3eda5eabfd1","sha1":"2e7aefcf0a94b40eabacb7872aef421e239c5b9b","sha256":"9f508953d97316bd13832b9c41c339c2771b0ac88d0c282d9a56f0913e3e6655","sha512":"f44247a876c368e2b365121187ff9e97437a0f0d97625fa3a63e36f95112f443a2c65d78447e05c49255792bfbf324ca887766fc9e7c8f44ade58ebe7135862a","ssdeep":"768:8LR//4+ZOaoZ+wOZkHMZOMJjIG2MVn+G2qMNfj671eErAT6/iGYX8y:8Lxw+4MPJ0G2Mx85u71lr5A8y","tlshash":"f203023fab8c0e80a52ca9573467cf88171671a6ecd21b4326ccf523a563718d9653ad","first_seen":"2025-10-24T03:58:52.745829Z","last_seen":"2025-10-24T03:58:52.745829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1281,"timings":{"blocked":-1,"dns":606,"connect":241,"send":0,"wait":274,"receive":160,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49302,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.424414+0000\",\"flow_id\":1722208758521944,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49302,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner2.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2445,\"start\":\"2025-10-24T03:57:59.909400+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/ssico.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.363Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/ssico.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/ssico.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/footli3.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.213Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli3.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2636\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache8.l2cn8047[26,25,200-0,M], cache9.l2cn8047[27,0], kunlun6.cn6425[49,49,200-0,M], kunlun7.cn6425[51,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782824116467e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"e219780f2dc9c2e082c44507df3b50d5","sha1":"0fecbfe7541cf18218e369255d2baa5c5d609da4","sha256":"09d36a2a12fe418eb1ae90744d345dbd7e4c8f9994294a8e437240a5d1580272","sha512":"520008d3969d5c04eb7199ff71cbebf4400a8b861a5ed3d56c83ba8fb155fc0310f2789896580c2858e827d3f3c44f1ec18dda07040f4776f7874f0692bd9dfe","ssdeep":"","tlshash":"db516348fc929c80591df449a5fc614763bb0ec09e9124495ec8c8239d309fdded96cb","first_seen":"2025-03-09T15:25:07.221793Z","last_seen":"2026-03-20T10:57:50.313151Z","times_seen":25,"resource_available":false,"data":null}},"time_used":2399,"timings":{"blocked":2113,"dns":0,"connect":0,"send":0,"wait":285,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.872450+0000\",\"flow_id\":1191806067340184,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49368,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli3.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2636},\"files\":[{\"filename\":\"/Skins/625087/images/footli3.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2636,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":21,\"pkts_toclient\":22,\"bytes_toserver\":2684,\"bytes_toclient\":20168,\"start\":\"2025-10-24T03:58:00.586648+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/footli1.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.388Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli1.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/footli1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":630,"timings":{"blocked":389,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"182.61.244.229","port":80,"asn":38365,"as":"Beijing Baidu Netcom Science and Technology Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.592Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"resource_available":true,"data":null}},"time_used":537,"timings":{"blocked":0,"dns":2,"connect":267,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/zxbtn.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.809Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/zxbtn.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 6189\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:45 GMT\r\nAccept-Ranges: bytes\r\nETag: \"809a1369adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache69.l2cn3022[72,71,200-0,M], cache77.l2cn3022[90,0], kunlun5.cn6425[226,226,200-0,M], kunlun1.cn6425[228,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00b17612782818208989e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":6189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 198 x 64, 8-bit/color RGBA, non-interlaced","md5":"c1ebdc0a09701af244f9a5e63a440a09","sha1":"df8a6d61c4de4811029866d8c0fbd5f64325370c","sha256":"bb8a0c10dccde739dd02a839c0c7301f537eacb2bfea8703255afe8b3bc82704","sha512":"beba2e8bca3ad3c071126324733cb2b42078b3862bfd3564142dd0660d13faac78486d282f408305dadf9a5bc2992d937277d52c0cda9f43715f9f6bc4bcc526","ssdeep":"192:CSQ7F8knFWMICIBedJWJaStRlt1MnxS1jCHDJfX76q+yHe2:dQNnFWMIC0edJWJaSTlTMnkCN76Qe2","tlshash":"3fd14b8cbe91dc80198dbf9a389ee7e2653b1fc08ed37128fcf9540b5950175d82e58a","first_seen":"2025-03-09T15:25:07.216317Z","last_seen":"2026-03-20T10:57:50.316221Z","times_seen":19,"resource_available":false,"data":null}},"time_used":2397,"timings":{"blocked":1927,"dns":0,"connect":0,"send":0,"wait":463,"receive":7,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.202441+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/zxbtn.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/zxbtn.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":35,\"bytes_toserver\":2604,\"bytes_toclient\":43532,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/banner1.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.311Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner1.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 299855\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Fri, 14 Feb 2025 03:52:18 GMT\r\nAccept-Ranges: bytes\r\nETag: \"04599d7937edb1:0\"\r\nX-Powered-By: ASP.NET-115.4.181\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache86.l2cn8000[50,49,200-0,M], cache79.l2cn8000[52,0], kunlun2.cn6425[64,64,200-0,M], kunlun10.cn6425[66,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01417612782802398400e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":41332,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"baa517bbc4f55f43d6b20333569d6788","sha1":"0b58a21960acf6c2c22e4fce220e47e06a546504","sha256":"2ef98d51232bdaf81da67a53cede5ade10a25c10f9f17d92833af7e753408fd8","sha512":"9e6b351fdbd71310740053c89fec7b93546d76061f8170c00351722ce3f1f6e5f2ac2227010866b1091a2045fa642bb51c42c355880409ce2acec59682adab29","ssdeep":"768:8LA8RnmR1xDMYtxZelxAvNBQC/x85xMVEBIrOFh+oM0pq16dh3LG6Q:8LAsnmbZMAEaD28ywo5q0hLGL","tlshash":"b603f1dd77124d139587d82e32dc9a25ea730256ae17523160c8f6ba9035c822707bfb","first_seen":"2025-10-24T03:58:52.749666Z","last_seen":"2025-10-24T03:58:52.749666Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1279,"timings":{"blocked":-1,"dns":604,"connect":237,"send":0,"wait":303,"receive":135,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49324,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.449481+0000\",\"flow_id\":451542684000448,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49324,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner1.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":2444,\"start\":\"2025-10-24T03:57:59.909504+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/mulu0.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.381Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/mulu0.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/mulu0.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1915,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":394,"timings":{"blocked":188,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T03:57:57.313Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:57 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]}],"data":{"size":39065,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (642), with LF, NEL line terminators","md5":"f42d55a4986b8efebbc7e2e2ab1d33aa","sha1":"1821355c82cf52fa847b9be9439c0b6c0aa2e960","sha256":"5d5f908b1c1c40de0538f0fe9209281272ae3869f5b59f01497d0336f0b2d370","sha512":"59af807d2be55b82c37e798a43d4cbf0801c19a22cf48abeeb74701513fde1d6abccd02a1021a489bd10c43ad3bd04879bdccc19401dc02e8fbdfdbc51ffc815","ssdeep":"768:VZzHpe85E3dvYOPzOZOlKEBp2zw85q+qDet:VZzHpe85E3dvYOPzOZOlKEBszw8Tt","tlshash":"f503e73e45f56b3a052552e1ab70672a70c186a7f887afc477ed66aadfc0fd10e03109","first_seen":"2025-10-24T03:58:52.751672Z","last_seen":"2025-10-24T03:58:52.751672Z","times_seen":1,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":164,"dns":1,"connect":163,"send":0,"wait":210,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/hot.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.879Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/hot.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/hot.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3058,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1268,"timings":{"blocked":1079,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/logo.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.307Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/logo.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 30462\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Fri, 14 Feb 2025 03:56:01 GMT\r\nAccept-Ranges: bytes\r\nETag: \"805e845c947edb1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache44.l2cn3129[21,21,200-0,M], cache24.l2cn3129[22,0], kunlun9.cn6425[33,33,200-0,M], kunlun1.cn6425[35,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00b17612782802305512e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":30462,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2025:02:14 11:55:57], baseline, precision 8, 380x70, components 3","md5":"7d841ffd8f83bd6767cee36b863edc50","sha1":"bed5530d4bfefcbfd07e16997c2f6927ff06a834","sha256":"836dfecc6d097ee93233a064cb15fb892028e49b8938e5554ad3ef8427848c07","sha512":"e9657416fe92deb5c14843db79094b1c915a52e06fa8bb1834520c1424d99b0a90bbb2c58c97551f747ac0ffc450504e3f688682ba3d3aee07ad6cd279485eb9","ssdeep":"384:3AYNg7/YZDPi0YNg7/YZNOe/TLsnHUn4pSkG4gtENzFKSXcWyWiQW005djZ:3AYyjYZDPLYyjYZfnszgtWyt0G","tlshash":"72d26c34bf22ae22fce0853843a1e7f601553e1e9be3234578dcdd1b7b22a84785e156","first_seen":"2025-10-24T03:58:52.753239Z","last_seen":"2025-10-24T03:58:52.753239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1135,"timings":{"blocked":-1,"dns":607,"connect":239,"send":0,"wait":268,"receive":21,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.415961+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/logo.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":610,\"bytes_toclient\":2443,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/4_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/4_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 9010\r\nLast-Modified: Fri, 22 Oct 2021 07:29:27 GMT\r\nConnection: keep-alive\r\nETag: \"61726857-2332\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9010,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x80, components 3","md5":"fda80dce60b7652bc25d8050e874fc5e","sha1":"af999552eb2effe20b9bb6548bd3b40bf6b82fce","sha256":"86872602a83d5e41e9bf331e3f16f87d4631bd2a5f9f141c665eb00d6c20db92","sha512":"33271a5336643c30b2f6c91f3b9e9a88c68f5820de79ce486430643f0676cf6ab3ae2733e4ef796399656ea921e00afc609fc26beef03d0e033f3b25069b3e40","ssdeep":"192:HY0nSEeZkjRaPNWM7JHKm/4aqQP3vwHYKhU:znSReValWMV9nqQPoHYt","tlshash":"09027c11d2566f0cffcee55221b64738305a86f2f4e9e818bcffe1ab846001d251572b","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.0634Z","times_seen":1359,"resource_available":false,"data":null}},"time_used":1981,"timings":{"blocked":847,"dns":1,"connect":278,"send":0,"wait":279,"receive":0,"ssl":573},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wap.qovwe.com/","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T03:57:56.963Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":181,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/footli3.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.390Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli3.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/footli3.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2636,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":815,"timings":{"blocked":605,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/logo.png","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 27927\r\nLast-Modified: Fri, 22 Oct 2021 07:29:32 GMT\r\nConnection: keep-alive\r\nETag: \"6172685c-6d17\"\r\nExpires: Sun, 23 Nov 2025 03:58:01 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 85, 8-bit/color RGBA, non-interlaced","md5":"1555066b01ba12346071989c467ccf25","sha1":"50c92c270ddc54e309f1499dde7e04fddcdee8c4","sha256":"a8102cc2e6a32d0e128a3757c711489f1d7426123617283cf8d3cb1fd838f101","sha512":"859208a96a6ea1d6030470c159a9dda03a06203d106e19bd71885909d8b329ea6bba0b9068629fbf8d5a1ef693d36239dbde79788f082177e745b9584af1f319","ssdeep":"768:OVmJDb1mQ/HASD6KkXkbJzKyV3Tp1I+JZ:fJD5r4S2KjzKylI+JZ","tlshash":"d5c2e189f1e16d8c20d1e40d5f916979b7d7e0c19554f6f2a0c8f8266e3a249ed08cd7","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.064391Z","times_seen":1726,"resource_available":false,"data":null}},"time_used":2853,"timings":{"blocked":1124,"dns":26,"connect":297,"send":0,"wait":593,"receive":2,"ssl":599},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/2.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/2.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 85884\r\nLast-Modified: Fri, 22 Oct 2021 07:29:23 GMT\r\nConnection: keep-alive\r\nETag: \"61726853-14f7c\"\r\nExpires: Sun, 23 Nov 2025 03:58:02 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85884,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3","md5":"6613a23f1fecfc5aad23df7cce06f1b0","sha1":"3a3bcb377568add492170212e90d7a1f633f5e27","sha256":"657c5a2c773ed927afc61fbce4bc522bd8190ed82cb2c15ff0e9baac320749ca","sha512":"511438a9f958104610211db26c5b44cba19e27ca89ff256f83e298aeb094118e094752fac5d3591304df00f7d9e5d205c6d6c04c3997dd8358d16b77eba1dad3","ssdeep":"1536:QEDtAN5nPlYihG1VH9qvmhrcn+mcKHvQ8vDBXj4Jka:Q0AN5PlYp1Vdy6oSmI8v1z46a","tlshash":"0f83f17bc7560be3e618077a90b7053efb564439661e1f17ad280026c8e07b9fd672a2","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-05T06:37:51.34884Z","times_seen":1340,"resource_available":false,"data":null}},"time_used":1106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":547,"receive":559,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:02.135Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 367\r\nOrigin: http://wap.qovwe.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://wap.qovwe.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nEO-LOG-UUID: 13097315391068275236\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":321,"timings":{"blocked":20,"dns":1,"connect":19,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/fonts/impact.ttf","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.393Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/fonts/impact.ttf HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":205110,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"TrueType Font data, digitally signed, 23 tables, 1st \"DSIG\", name offset 0xe0002c3","md5":"75c62aa9bbe5f5911243d63c6fc6d977","sha1":"56cbb3bd77a4708a966b0cd503915512fab19f91","sha256":"7f62e1cdac272d31bc338c6cfbd151401f3f68920fe35766c75e297a272c519f","sha512":"76aef1da2aaf4874131098adf9213e56aea94b649e40075524034b520b85631623bcdd1f013edf2e90ebc222e6db1a91a71199a9d8e053401cb301e533cf7a19","ssdeep":"3072:8d6xKqRnKELujArad58hZoGLs9b4rrywyDFaQQVtwRPhYRWZiA6popTOlV4I4oBD:cESM5Ow7Hw5YYiA6+O1FY9et","tlshash":"b2347c23e300671ec5a2637a4d74c3d9039eb96aa723c78dee4c8076d69a558ff0d50e","first_seen":"2025-03-06T17:05:29.55478Z","last_seen":"2026-02-14T23:17:49.356767Z","times_seen":21,"resource_available":false,"data":null}},"time_used":708,"timings":{"blocked":167,"dns":0,"connect":0,"send":0,"wait":211,"receive":330,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"img41.chem17.com/2/20240724/638574366113918268114_500_500_5.jpg","fqdn":"img41.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"218.11.1.241","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.890Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2/20240724/638574366113918268114_500_500_5.jpg HTTP/1.1\r\nHost: img41.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 166\r\nConnection: keep-alive\r\nLocation: https://img41.chem17.com/2/20240724/638574366113918268114_500_500_5.jpg\r\nX-CCDN-REQ-ID-46B1: 43260b3427a7336c646d45446be6eb5e\r\nvia: CHN-HEshijiazhuang-AREACUCC12-CACHE3[3]\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1886,"timings":{"blocked":1086,"dns":192,"connect":302,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/footli1.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.024Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli1.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2749\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache21.l2cn3059[177,177,200-0,M], cache49.l2cn3059[178,0], kunlun5.cn6425[198,198,200-0,M], kunlun1.cn6425[200,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00b17612782822951775e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced","md5":"bfa6cce8bd645b1ece91b138416de875","sha1":"6635e91cf84837a9b62520cb3b18b6e2b7ec701f","sha256":"b433844a4d6b59513e62ee8231d0a630bc1ace58a00e5d12b2e89a2e10904e60","sha512":"8e2274061261a2b05afb3067d9846fc5192af8a7620670fbfd0925443ad607acfef5ec6c38493dfe259395e875f92442ac23e3fab4beaeb14b15eceef2204039","ssdeep":"","tlshash":"c6516348fc9068905a5df985aafda046a6f74fc08e912859edc8cc032d605fdcdda9c7","first_seen":"2025-03-09T15:25:07.238052Z","last_seen":"2026-03-20T10:57:50.322092Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2623,"timings":{"blocked":2182,"dns":0,"connect":0,"send":0,"wait":440,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:02Z","timestamp":1761278282,"ip_dst":{"addr":"172.18.0.15","port":49296,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:02.646640+0000\",\"flow_id\":947246334468102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49296,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli1.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1460},\"files\":[{\"filename\":\"/Skins/625087/images/footli1.png\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":1460,\"tx_id\":3}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":31,\"pkts_toclient\":41,\"bytes_toserver\":3197,\"bytes_toclient\":49173,\"start\":\"2025-10-24T03:57:59.909318+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chat.chem17.com/chat/KFLeftBox/625087","fqdn":"chat.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"180.163.146.116","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /chat/KFLeftBox/625087 HTTP/1.1\r\nHost: chat.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 49\r\ndate: Fri, 24 Oct 2025 03:57:58 GMT\r\ncache-control: private\r\nx-aspnetmvc-version: 3.0\r\nx-aspnet-version: 4.0.30319\r\nset-cookie: ASP.NET_SessionId=50gttr3ehgughgis0sysky5o; path=/; HttpOnly; SameSite=Lax\nmtcached_mtsession_50gttr3ehgughgis0sysky5o=10.115.3.111:9720; domain=chat.chem17.com; path=/; HttpOnly\r\nx-powered-by: ASP.NET-4.163\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data:;\r\nvia: cache3.l2cn8123[69,69,200-0,M], cache21.l2cn8123[71,0], kunlun6.cn7174[78,77,200-0,M], kunlun3.cn7174[79,0]\r\nali-swift-global-savetime: 1761278278\r\nx-cache: MISS TCP_MISS dirn:-2:-2\r\nx-swift-savetime: Fri, 24 Oct 2025 03:57:58 GMT\r\nx-swift-cachetime: 0\r\ntiming-allow-origin: *\r\neagleid: b4a3921717612782787304961e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":49,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with CRLF line terminators","md5":"b936460ba988b30cd79d99ae93c77106","sha1":"a44405ff5b67abf66ef77714e4364e6c3f1e9940","sha256":"6cd604b71e1e21050b6a41602716b9a722e769a5d7cfb3b97152f3d73dcef5c9","sha512":"ad4731faf916fbb7118af38e25fa7e15814294950676fbd4ec41aeba5c7508ed34b7a7a4c98e1834e1096ea92e6301935699ed6df01a7416632e39063c0c9661","ssdeep":"","tlshash":"3990023209b10052711510915943e1456595959129de9915a00004a572529539a06d51","first_seen":"2023-03-07T12:42:46Z","last_seen":"2026-04-05T04:58:55.066133Z","times_seen":582,"resource_available":true,"data":null}},"time_used":1110,"timings":{"blocked":-1,"dns":118,"connect":270,"send":0,"wait":351,"receive":6,"ssl":369},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/images/kefu-tb.png","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.391Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/kefu-tb.png HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/Skins/625087/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: http://www.dlchuangrui.com/Skins/625087/images/kefu-tb.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20057,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":635,"timings":{"blocked":384,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/favicon.ico","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:03.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:03 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3066\r\nLast-Modified: Fri, 22 Oct 2021 08:11:14 GMT\r\nConnection: keep-alive\r\nETag: \"61727222-bfa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"00b726752e8713453d31b694d4f74b89","sha1":"122742a4ce71b668801ddcc8db72f07730db290c","sha256":"45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37","sha512":"75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367","ssdeep":"","tlshash":"e9515d9712b1080bc4797cb20f41bc5e95251237402dfaa57cf332d5ba80e9d629bed1","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.066966Z","times_seen":1723,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":274,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/067/ade/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:58.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 11:34:45 GMT","end":"Wed, 17 Dec 2025 11:34:44 GMT"},"fingerprint":{"sha1":"3B:EB:69:43:26:9B:29:D0:20:6D:C6:E8:E8:EC:EC:A8:49:1C:87:11","sha256":"59:54:B2:CF:7D:5E:9A:65:64:A7:4D:DC:18:B7:54:44:5A:32:E7:9B:95:F3:1C:56:3F:70:F1:FB:23:53:25:C3"}}},"request":{"raw":"GET /067/ade/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 13 Dec 2024 04:59:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"675bbf19-d26\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3366,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"fa19716607c7d8137d9cfbe623dba7cb","sha1":"e46242940c345610d692c2b1ce8fe9c1152aa46c","sha256":"cc9193fc7e8e2722b308b5de9881b0442e21363e33b296824381d574816bae16","sha512":"391ff0cdc99fdcfb81af8a0a72425b9e178309d74d5ec96642dbfc1fdd98be8529260af73ac6896dd45266adde8cfcfa96083e4c94a10ef1a3e593de0915d60b","ssdeep":"","tlshash":"4b611f54ef8d20338e133155ae6f958c24be68577d48eca7f84c64d44fa0d38852beac","first_seen":"2024-12-18T10:35:23.532443Z","last_seen":"2026-04-04T22:13:19.170087Z","times_seen":212,"resource_available":true,"data":null}},"time_used":2149,"timings":{"blocked":926,"dns":27,"connect":296,"send":0,"wait":297,"receive":0,"ssl":601},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"89tongji.com/matomo.js","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"94.156.119.89","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.863Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 67972\r\nLast-Modified: Tue, 21 Oct 2025 20:35:55 GMT\r\nConnection: keep-alive\r\nETag: \"68f7eeab-10984\"\r\nExpires: Fri, 24 Oct 2025 04:58:01 GMT\r\nPragma: public\r\nCache-Control: max-age=3600, public\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67972,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"4b32d11120a738ec529e5d64979e9d10","sha1":"deedcd7014f47a999da6c19786713cd7a236040a","sha256":"1762dd6a64fcd59421610b68625258f9224a1f278159c4d99282adb631470465","sha512":"258a126ba730a9f57d0adef037bdf90f349265128ceb8d7d9e5c7754eb14751895dffb3220bc1da307021ea8c37c45b837064c89731313acf22a3245b3812452","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmbMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fuqXYy1PGJ9d5","tlshash":"3963d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2025-09-25T22:45:46.07207Z","last_seen":"2026-04-05T06:29:55.682027Z","times_seen":13960,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":18,"dns":1,"connect":17,"send":0,"wait":17,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.227.41","port":80,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:02.305Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 368\r\nOrigin: http://wap.qovwe.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://wap.qovwe.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nEO-LOG-UUID: 4804059352160200486\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1071,"timings":{"blocked":21,"dns":1,"connect":19,"send":0,"wait":1029,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/index_cache.html","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.590Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index_cache.html HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img55.chem17.com/2/20240724/638574355824476962591_500_500_5.jpg","fqdn":"img55.chem17.com","domain":"chem17.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.chem17.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 03 Jan 2025 06:14:58 GMT","end":"Mon, 02 Feb 2026 06:14:57 GMT"},"fingerprint":{"sha1":"EA:83:C4:F6:80:68:DA:E0:B9:5F:29:5F:25:1E:D7:C5:23:96:B4:5B","sha256":"F1:AD:AB:7C:0A:BE:EB:41:29:1E:D9:E5:50:CE:33:DC:53:3A:61:0B:3E:F8:FC:76:84:BF:3A:F4:D7:15:69:1F"}}},"request":{"raw":"GET /2/20240724/638574355824476962591_500_500_5.jpg HTTP/1.1\r\nHost: img55.chem17.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":610,"timings":{"blocked":-1,"dns":1,"connect":295,"send":0,"wait":0,"receive":0,"ssl":314},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/18_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/18_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 10015\r\nLast-Modified: Thu, 30 May 2024 07:12:01 GMT\r\nConnection: keep-alive\r\nETag: \"665826c1-271f\"\r\nExpires: Sun, 23 Nov 2025 03:58:03 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 350x80, components 3","md5":"b6e75be501e59603b92b58fd264c2fae","sha1":"1d80259e55622ab3c41fdb2b9641ceecebd3847a","sha256":"edb744894c7656ccc78373adefbf54e332c32b6327a74ebcd253a7a73cb9b76a","sha512":"2d52cb6f50f77d82f19a33720aa512eb3df4aa2d1a662b436d7b5a05c2b4e9ddbab8393cc4fabbbaca24338f5a9311f55b1baeec5fc6e999bc002d8c2209ae55","ssdeep":"192:uvsTvX/inJrkPRss8KDS8vIwWjNSWmejcxlRBfnrPk:uvssrkpssHS8vZWjNCnxFzk","tlshash":"1c228c176a415f01eec95cb504f9c301b6239915fae7e87e5dc6a803b2c1cf2e8e85c1","first_seen":"2024-06-02T10:33:48Z","last_seen":"2026-04-04T22:45:47.06559Z","times_seen":1071,"resource_available":false,"data":null}},"time_used":1411,"timings":{"blocked":1113,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/js/jquery-3.6.0.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.863Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/js/jquery-3.6.0.min.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89404,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65535)","md5":"46831fe773a633cbc6b491e456a0b66b","sha1":"aa798cd2820d0a596821dd83ac8e96fe4b5792b3","sha256":"7bf3461bc9e57a4820571d7e417b644c7d30927fe07d9b6e9802fe6758feb6f7","sha512":"493d28fc7a7bf3ffe38814c89c647fc0da8b23efbd167fcba148a0b8a9f4eea2964ae0cf0e20dd8315d01037b15e3ea767b976783743d2113067e96bdbdb7f7d","ssdeep":"1536:ajExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiXYmQ1vo:aIh8GgP3hujzwbhdXXvxiDQ47GK/","tlshash":"3a9309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2025-07-14T20:47:05.285961Z","last_seen":"2026-03-28T16:48:59.25503Z","times_seen":20,"resource_available":true,"data":null}},"time_used":652,"timings":{"blocked":138,"dns":1,"connect":163,"send":0,"wait":186,"receive":164,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/footli2.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.009Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/footli2.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2021\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:37 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80e63c319adcda1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache13.l2cn1823[33,33,200-0,M], cache12.l2cn1823[35,0], kunlun5.cn6425[75,74,200-0,M], kunlun7.cn6425[75,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c01117612782821806060e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced","md5":"85216bea28db82b74127839626f76f08","sha1":"459a6c52809a0a5d3485b681f88a40501c2845da","sha256":"0ad724a8fd924a3241f8d422a72cd4c570e36124cf8357bf537bdf4d190f6c5c","sha512":"78c4673ff22d694b12a5201221cd623f087ea17b5c44ce4df74e7b140ea44ea9b02a3294a4bc220005cdd3c689754d96afc2e29fea9e314f7ab2a165a432cd23","ssdeep":"","tlshash":"6841b489e9d12c406a4dfd4a29e94283aa7f46c4d7836445bcdec48759321bbec8d4c3","first_seen":"2025-03-09T15:25:07.222524Z","last_seen":"2026-03-20T10:57:50.31123Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2389,"timings":{"blocked":2085,"dns":0,"connect":0,"send":0,"wait":303,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49362,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.642277+0000\",\"flow_id\":868811641778984,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49362,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/footli2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2021},\"files\":[{\"filename\":\"/Skins/625087/images/footli2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2021,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":26,\"bytes_toserver\":2554,\"bytes_toclient\":28226,\"start\":\"2025-10-24T03:58:00.586536+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/Skins/625087/css/style.css","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:57.858Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/css/style.css HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:57:58 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147094,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (398)","md5":"79c9af0bd009dd6b7b9de8887d958d75","sha1":"357425d2f07a5d5513a61153f3cd81428483e163","sha256":"650ced02de4214c7014e0fa774c5568256abf5f19fc208456dbef6190242b04f","sha512":"c03442f2621c7730810d0a1a78c27b7f2f1b933948650065ee56d49bec1a86a591d0419cf2e47a621a35e5c25ae38d45829a3661ef5c68a873529518a39cf8c5","ssdeep":"1536:Fb1V9lcdacp3lS7aEyk/b+Dqz0Z7cAD9+IKTFHscQe1q8DPwWLWV6ZeuZepLvZqn:r4l6","tlshash":"50e35331ef41224de13b9636bf82a7dd33298457a3810afc9e947a34d1cf1ea45f2690","first_seen":"2025-10-24T03:58:52.763844Z","last_seen":"2025-10-24T03:58:52.763844Z","times_seen":1,"resource_available":false,"data":null}},"time_used":671,"timings":{"blocked":148,"dns":1,"connect":163,"send":0,"wait":194,"receive":164,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/banner3.jpg","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.310Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/banner3.jpg HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/jpeg\r\nContent-Length: 298502\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Fri, 14 Feb 2025 03:52:21 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80863d9937edb1:0\"\r\nX-Powered-By: ASP.NET-114.4.178\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache61.l2cn3129[25,24,200-0,M], cache41.l2cn3129[26,0], kunlun8.cn6425[39,39,200-0,M], kunlun2.cn6425[40,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00c17612782802253534e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":41904,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x600, components 3","md5":"9ac17c7cc92eabbecf5dad98b0fa0d38","sha1":"bb8dc38900e39d85e4420f7e4c0ba910d920aadc","sha256":"e48ec0664e80e7d5ab2e376d45359039d7442aecc61fcbc43247cfda6cd37d54","sha512":"7c506867a816b023d28adf1a3a02ec1ce63225b1144b067f931e187dffde95616a26815de004bc958265ecfb87d1a45d3a0ee09fd840c9e7d90e930d34b4251e","ssdeep":"768:8LAau/oHpBx3j6PJw7V8F7b5Phyha/6F7O1jBegdv3CuKQLwov2uLn:8LAau/eB9KJM895Zyha/L1jBBdvvxusn","tlshash":"cf1302de2d309ec25158a13a1f37c93c166dd930c3a15d092ec4c05eb9e90bb2ba6d3e","first_seen":"2025-10-24T03:58:52.765611Z","last_seen":"2025-10-24T03:58:52.765611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1278,"timings":{"blocked":-1,"dns":604,"connect":230,"send":0,"wait":270,"receive":174,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:00Z","timestamp":1761278280,"ip_dst":{"addr":"172.18.0.15","port":49308,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:00.410252+0000\",\"flow_id\":1695034500440201,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49308,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/banner3.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":705},\"files\":[{\"filename\":\"/Skins/625087/images/banner3.jpg\",\"sid\":[],\"gaps\":false,\"state\":\"UNKNOWN\",\"stored\":false,\"size\":705,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":613,\"bytes_toclient\":3053,\"start\":\"2025-10-24T03:57:59.909449+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/ssico.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.675Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/ssico.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 2639\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:44 GMT\r\nAccept-Ranges: bytes\r\nETag: \"0469359adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.180\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache39.l2cn8047[27,26,200-0,M], cache48.l2cn8047[27,0], kunlun4.cn6425[53,53,200-0,M], kunlun4.cn6425[54,0]\r\nAli-Swift-Global-Savetime: 1761278280\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:00 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782805273783e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2639,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"8626dcfb2b93471283ef13bdc8a19754","sha1":"bc6b707d9063425166d30512d9e950e1fecc101e","sha256":"30e3bdc93522afc9b0218b46b18512b645d2698c88c69d82c1eddc9ad81545a7","sha512":"4b771b41bff8b24b78bcdf4748713495aacc38ddd6ec94d66ad9aa2f757804848dd80e3b3d5189c1ea26d536bd132c83f3c5f781072534dc31f8f6e8de4f1d93","ssdeep":"","tlshash":"cb519508fc1468504e0cfa885afda24297f70fc58e9068096ed9c8539d215fd8edd5cb","first_seen":"2025-03-09T15:25:07.21815Z","last_seen":"2026-03-20T10:57:50.306318Z","times_seen":25,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":757,"dns":0,"connect":0,"send":0,"wait":298,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:01Z","timestamp":1761278281,"ip_dst":{"addr":"172.18.0.15","port":49348,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:01.979151+0000\",\"flow_id\":101872216563992,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49348,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/ssico.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2639},\"files\":[{\"filename\":\"/Skins/625087/images/ssico.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":2639,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":11,\"pkts_toclient\":11,\"bytes_toserver\":1739,\"bytes_toclient\":7806,\"start\":\"2025-10-24T03:57:59.909592+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"wap.qovwe.com/jquery.la.min.js","fqdn":"wap.qovwe.com","domain":"qovwe.com","tld":"com"},"ip":{"addr":"104.252.3.6","port":80,"asn":18779,"as":"EGIHOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:00.611Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: wap.qovwe.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:00 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 15 May 2025 13:18:07 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6825e98f-4c5\"\r\nExpires: Fri, 24 Oct 2025 04:58:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1221,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (554)","md5":"4710027609e01772ebdc5a27700b501d","sha1":"e336f43482448ca08728fb6b548050cc72ecafc0","sha256":"60b85f59c03d4cba87acfda83573bee883cf60b55027b2070832fcfee1dbaf45","sha512":"2d3d35b429aadc03b6e67a926fc40691447b0d4ea0c63db67d0c3814c84780d60fb505cb65731ef0b04770549440f319ac2d9c434c79d4f7dc28bfac614113c5","ssdeep":"","tlshash":"5321ac5efc05e2205b512c7637bbe9aca9ae0031600adc0a59ebc4ac6c25ff94912a0d","first_seen":"2024-08-19T14:43:35.312442Z","last_seen":"2026-03-29T20:57:38.555756Z","times_seen":14,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"89tongji.com/tj.js?id=51","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"94.156.119.89","port":443,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"89tongji.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Oct 2025 08:05:06 GMT","end":"Sun, 18 Jan 2026 08:05:05 GMT"},"fingerprint":{"sha1":"1E:77:BF:04:A2:7E:6D:6C:BF:DC:62:94:BB:4E:E2:45:25:A4:E6:91","sha256":"0F:E0:92:B0:20:82:27:A0:0B:D4:ED:30:8A:B4:E5:26:FE:EF:F5:1A:6A:93:D9:2B:5E:19:AC:A0:51:28:D8:38"}}},"request":{"raw":"GET /tj.js?id=51 HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:01 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 533\r\nLast-Modified: Mon, 20 Oct 2025 10:41:42 GMT\r\nConnection: keep-alive\r\nETag: \"68f611e6-215\"\r\nExpires: Fri, 24 Oct 2025 04:58:01 GMT\r\nPragma: public\r\nCache-Control: max-age=3600, public\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":533,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (532)","md5":"2f07ff5c725cf522be1b083a9b6f5336","sha1":"b0ffdc146c81f8f338c360caf95bc9ee4576fc2c","sha256":"b9c04e61073b0a84b5a410332017bc6c50fd1a123e95fc96b51f5c15b4eca565","sha512":"0a1aace160ca503acee8c1665063f5e03bc18b6799bbd69ddf070b1c0edff1c384a98f566eceab859bc2f3db39c1530e35d6143642adaee00e50ba4b25916826","ssdeep":"","tlshash":"3df020101d9f6efc2129217b2dbccd7e33bf342ea0a1c0407e80d41565f2ac189483c8","first_seen":"2025-10-20T21:30:04.145942Z","last_seen":"2025-12-17T06:35:43.56554Z","times_seen":774,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":44,"dns":0,"connect":18,"send":0,"wait":20,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/16_1.jpg","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 17:37:28 GMT","end":"Thu, 18 Dec 2025 17:37:27 GMT"},"fingerprint":{"sha1":"49:77:AD:B5:81:DA:D5:0C:24:FA:23:20:4E:80:35:CD:A0:96:89:59","sha256":"9E:90:CA:DD:DC:87:7B:1F:4A:C6:35:F4:FB:99:B6:4D:0F:83:7F:E0:93:14:77:B4:9A:6B:AE:A0:35:0A:A3:DE"}}},"request":{"raw":"GET /images/16_1.jpg HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://test.xinxiyidiantong.com:2096/images/style1.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 4609\r\nLast-Modified: Fri, 22 Oct 2021 07:29:18 GMT\r\nConnection: keep-alive\r\nETag: \"6172684e-1201\"\r\nExpires: Sun, 23 Nov 2025 03:58:03 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4609,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 350x80, components 3","md5":"9b8a076df6df066e57531343676ea35c","sha1":"53f0c7e4a1b4630bfa87aca5436b36f2927d5211","sha256":"b381d55bfba5cf3da14ab3c4863daacfa7ac1860249f902e717b6f647b76958b","sha512":"ce2610e2925ac18b39c57c653b3b30d90000ecaf5a511159a9173eff2806823504ffd15528c11f85affd7d56d0751f9af8da393cd328ecd77a25fbcc8cff5f17","ssdeep":"96:dEaw+Bosm7CwvVJqRzr8R6i5Od6H7h+QTHu2mu+kaL4XL6HY:dEJ++sqvalS/5OdQ7h7OTu+Rm0Y","tlshash":"2c918d113bfa9493b63a7fbb77c950096698681628f9f7d02055a4fa25f47c28e040ae","first_seen":"2023-09-10T21:55:35Z","last_seen":"2026-04-04T10:06:50.572Z","times_seen":116,"resource_available":false,"data":null}},"time_used":1405,"timings":{"blocked":1126,"dns":0,"connect":0,"send":0,"wait":278,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"89tongji.com/matomo.php?action_name=3308%E7%BB%B4%E5%A4%9A%E5%88%A9%E4%BA%9A%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B%E4%B8%AD%E5%BF%83(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026idsite=1\u0026rec=1\u0026r=721193\u0026h=3\u0026m=58\u0026s=1\u0026url=http%3A%2F%2Fwap.qovwe.com%2F\u0026_id=9804efe5cb99715f\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=AC24tb\u0026pf_net=171\u0026pf_srv=210\u0026pf_tfr=2\u0026pf_dm1=1882\u0026pf_dm2=933\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"89tongji.com","domain":"89tongji.com","tld":"com"},"ip":{"addr":"94.156.119.89","port":80,"asn":211895,"as":"Serverius Holding B.V.","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:58:01.978Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /matomo.php?action_name=3308%E7%BB%B4%E5%A4%9A%E5%88%A9%E4%BA%9A%E7%BA%BF%E8%B7%AF%E6%A3%80%E6%B5%8B%E4%B8%AD%E5%BF%83(%E4%B8%AD%E5%9B%BD)%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8\u0026idsite=1\u0026rec=1\u0026r=721193\u0026h=3\u0026m=58\u0026s=1\u0026url=http%3A%2F%2Fwap.qovwe.com%2F\u0026_id=9804efe5cb99715f\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=AC24tb\u0026pf_net=171\u0026pf_srv=210\u0026pf_tfr=2\u0026pf_dm1=1882\u0026pf_dm2=933\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: 89tongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: http://wap.qovwe.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://wap.qovwe.com/\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 204 No Response\r\nServer: nginx\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nConnection: keep-alive\r\nVary: Origin\r\nAccess-Control-Allow-Origin: http://wap.qovwe.com\r\nAccess-Control-Allow-Credentials: true\r\nReferrer-Policy: origin\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Response","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.dlchuangrui.com/Skins/625087/images/arrows2.png","fqdn":"www.dlchuangrui.com","domain":"dlchuangrui.com","tld":"com"},"ip":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://wap.qovwe.com/","date":"2025-10-24T03:57:59.677Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Skins/625087/images/arrows2.png HTTP/1.1\r\nHost: www.dlchuangrui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://wap.qovwe.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: image/png\r\nContent-Length: 1362\r\nConnection: keep-alive\r\nDate: Fri, 24 Oct 2025 03:58:02 GMT\r\nLast-Modified: Tue, 23 Jul 2024 00:49:27 GMT\r\nAccept-Ranges: bytes\r\nETag: \"805472b9adcda1:0\"\r\nX-Powered-By: ASP.NET-115.4.182\r\nReferrer-Policy: unsafe-url\r\nX-Download-Options: noopen\r\nX-Frame-Options: SAMEORIGIN\r\nX-Permitted-Cross-Domain-Policies: none\r\nX-XSS-Protection: 1; mode=block\r\nVia: cache48.l2cn8000[26,25,200-0,M], cache43.l2cn8000[27,0], kunlun6.cn6425[37,36,200-0,M], kunlun4.cn6425[38,0]\r\nAli-Swift-Global-Savetime: 1761278282\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-SaveTime: Fri, 24 Oct 2025 03:58:02 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00e17612782821616760e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"ec451b748d47a1b45901f49f273710aa","sha1":"4d4354b46e0370c57488fbac3492628411cb6cb9","sha256":"b80ab4ab02d0ebc35df5557233eae0f55c565c1a516c8a9541c99ddd70ee63d7","sha512":"ea551f7fafc0b9e128cdb969746386e91c13554293d1887c7dae7cf066747dd53c67a72f4dd76720672f3e0afc777bf941d72805fcb3f3d86ae54f9383041b6b","ssdeep":"","tlshash":"f421502af9b064806798649228efe0a28b270a84c5e0e5d1fdcfd12b88714f4b4086db","first_seen":"2023-07-08T23:43:21Z","last_seen":"2026-03-22T12:26:17.043998Z","times_seen":133,"resource_available":false,"data":null}},"time_used":2667,"timings":{"blocked":2381,"dns":0,"connect":0,"send":0,"wait":285,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-24T03:58:12Z","timestamp":1761278292,"ip_dst":{"addr":"172.18.0.15","port":49380,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.101","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO Referrer-Policy set to unsafe-url","source":"{\"timestamp\":\"2025-10-24T03:58:12.584916+0000\",\"flow_id\":1828882861323214,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.101\",\"src_port\":80,\"dest_ip\":\"172.18.0.15\",\"dest_port\":49380,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2054422,\"rev\":1,\"signature\":\"ET INFO Referrer-Policy set to unsafe-url\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_07_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_07_09\"]}},\"http\":{\"hostname\":\"www.dlchuangrui.com\",\"url\":\"/Skins/625087/images/arrows2.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://wap.qovwe.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1362},\"files\":[{\"filename\":\"/Skins/625087/images/arrows2.png\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1362,\"tx_id\":2}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":25,\"pkts_toclient\":25,\"bytes_toserver\":2522,\"bytes_toclient\":26103,\"start\":\"2025-10-24T03:58:00.586702+0000\"}}"}],"analyzer":null,"urlquery":null}}]}